An Intelligent Intrusion Detection and Response System Using Network Quarantine Channels: Adaptive Policies and Alert Filters

Author

Hooper, Emmanuel

Author_Institution

Inf. Security Group, London Univ.

fYear

2006

fDate

Dec. 2006

Firstpage

45

Lastpage

48

Abstract

Intrusion detection systems are used to identify suspicious network traffic. However, a high percentage of alerts generated by such systems are liable to be false positives. Since these alerts typically require manual intervention from a network administrator, false positives create considerable administrative overheads. In order to reduce the number of false positives, we propose a new network protection component called a network quarantine channel, which is used to perform some additional interaction with hosts that have been identified as the source of suspicious traffic. The network quarantine channel is used to provide a more accurate assessment of the threat posed by a suspicious host, before alerting the network administrator

Keywords

multi-agent systems; security of data; adaptive policies; alert filters; intelligent intrusion detection; network quarantine channels; response system; Adaptive filters; Adaptive systems; Deductive databases; Information filtering; Information filters; Intelligent agent; Intelligent networks; Intrusion detection; Pattern analysis; Telecommunication traffic; applications.; autonomous auctions and negotiation; autonomous knowledge; autonomy-oriented computing; distributed problem solving; information agents; infrastructure security; intelligent response; intrusion detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Web Intelligence and Intelligent Agent Technology Workshops, 2006. WI-IAT 2006 Workshops. 2006 IEEE/WIC/ACM International Conference on

Conference_Location

Hong Kong

Print_ISBN

0-7695-2749-3

Type

conf

DOI

10.1109/WI-IATW.2006.41

Filename

4053201