Title :
The Honeynet quarantine: reducing collateral damage caused by early intrusion response
Author :
Toedtmann, Birger ; Riebach, Stephan ; Rathgeb, Erwin P.
Author_Institution :
Inst. for Exp. Math., Duisburg Univ., Essen, Germany
Abstract :
Anomaly based intrusion detection is inherently subject to false alarms. Fast and automated intrusion response based on this type of intrusion detection can cause significant usage restrictions for falsely suspected systems. To avoid these negative effects without sacrificing detection sensitivity or increasing the risk for the production network inadequately, we propose a scheme combining anomaly-based IDS with Honeynet concepts and link layer based VLANs.
Keywords :
local area networks; security of data; virtual private networks; Honeynet quarantine; anomaly based intrusion detection; collateral damage; detection sensitivity; early intrusion response; link layer based VLAN; production network; usage restriction; Automatic control; Computer networks; Computer worms; Control systems; IP networks; Intrusion detection; Joining processes; Local area networks; Production systems; Protection;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1496003
