IT Security Advisor - Expert at Croatian Government's CERT, part of the Information Systems Security Bureau (ZSIS). Born in 1982, writing and breaking computer code for as long as he can remember. A PhD candidate with Master's Degree in Computer Science at Faculty of Electrical Engineering and Computing (FER), University of Zagreb, Croatia. Also, open source contributor (sqlmap, Maltrail, tsusen, ipsum, etc.) and Croatian Chapter Lead for The Honeynet Project. Online systems are constantly exposed to a substantial amount of network traffic "noise". In network intrusion detection, any kind of network traffic that can be ignored altogether, while otherwise causing false-positive (or irrelevant) events, can be considered as noise. Most common noise generators are mass (research) scanners, UDP amplification probes, open proxy scanners, service attackers, unroutable packets, etc. If we could somehow reduce the traffic noise (denoise), network intrusion detection would immediately become more effective and front-end report panels would suddenly become more comprehensible. Basic idea is the collaborative collection of data at dispersed unused nodes (i.e. sensors) where any kind of incoming traffic can be considered as noise. Final result should be a list of IP addresses that are known sources of (Internet) noise and which could either be ignored at intrusion detection systems or whose incoming traffic could be dropped altogether. To make the data more relevant, only sources found by at least two (or more) nodes should be taken into the consideration, as there is no source that should by any mean contact more than one dispersed inactive node on the Internet. Also, this would prevent the potential false-positives that could be generated by noise (e.g. caused by hardware bit-level “glitches”) inside the collected noise. As part of the presentation, there will be an introduction into the used experimental methodology and online collected data, along with quick analysis of gathered noise. Also, there will be a comparison of a real world intrusion detection system report with and without the noise, so the audience could get the feeling of a practical usability of suggested method.