Intelligent Autonomic Strategy to Attacks in Network Infrastructure Protection: Feedback Methods to IDS, Using Policies, Alert Filters and Firewall Packet Filters for Multiple Protocols

Author

Hooper, Emmanuel

Author_Institution

Inf. Security Group, London Univ., Egham

fYear

2006

fDate

Sept. 29 2006-Oct. 1 2006

Firstpage

235

Lastpage

244

Abstract

The intrusion detection systems (IDSs) currently in use are designed to monitor potential attacks in networks by triggering alerts. However these alerts consist of high volumes of false positives, triggered by suspicious but normal, benign connections. In this paper we discuss false positives and their impact on intrusion detection and response. Then we propose a novel approach for an efficient intelligent detection and response using "network quarantine channels" (NQCs). The NQC is defined as subnet zones that respond to packets as they are diverted to its hosts for analysis before being permitted into the internal network. The innovative approach includes feedback mechanisms involving adaptive rules, alert filters and policies of the IDS network sensors for various protocols. The effect is the enhancement of the capability of the IDS to detect threats and benign attacks

Keywords

knowledge based systems; protocols; security of data; telecommunication security; alert filters; feedback methods; firewall packet filters; intelligent autonomic strategy; intrusion detection systems; multiple protocols; network infrastructure protection; network quarantine channels; Data security; Feedback; Information filtering; Information filters; Information security; Intelligent networks; Intrusion detection; Protection; Protocols; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable, Autonomic and Secure Computing, 2nd IEEE International Symposium on

Conference_Location

Indianapolis, IN

Print_ISBN

0-7695-2539-3

Type

conf

DOI

10.1109/DASC.2006.32

Filename

4030888