• DocumentCode
    2493877
  • Title

    Intelligent techniques for network sensor information processing in large-scale network infrastructures

  • Author

    Hooper, Emmanuel

  • Author_Institution
    Inf. Security Group, Univ. of London R. Holloway, Egham
  • fYear
    2008
  • fDate
    15-18 Dec. 2008
  • Firstpage
    593
  • Lastpage
    598
  • Abstract
    Intrusion detection systems (IDSs) and security tools are used to monitor potential attacks in network infrastructures. These tools and IDSs trigger alerts of potential attacks and violations in network security. However, most of the alerts generated by the IDS sensors are false positives. False positives are alerts triggered by suspicious but normal, benign connections. Due to the very high volumes of false positives, the task of manually analysing the alerts is extremely difficult, resulting in inefficient real-time detection and response. In this paper we present detailed explanation of a novel approach for efficient intelligent detection and response to suspect packets to benign false positives. The intelligent strategy consists of network quarantine channels (NQCs) technique with multiple zones for isolation and interaction with the source packets in real-time. The NQC consists of various subnet zones, which examine the packets by sending intelligent responses to the source host packet to obtain more information on the nature of the packet. Once the source packets intention is known, the NQC sends a feedback to the IDS to modify the alerts. We propose multiple feedback methods, including message flags, to the IDS monitor and database. The effect of these innovative approaches, using NQC and feedback mechanisms, is the enhancement of the capability of the IDS to detect threats and benign attacks. This is accomplished by applying adaptive rules to the alert filters and policies of the IDS network sensors. We describe the NQC approach with detailed description of its operation and the technique. In addition, we propose new techniques for feeding the results of the NQC to the IDS. Furthermore, we propose new methods of communication between the IDS and firewalls for sending responses to suspect packets. These approaches demonstrate the effectiveness of using the intelligent detection and response strategy for handling benign and attack packets.
  • Keywords
    authorisation; feedback; large-scale systems; feedback mechanisms; firewalls; intrusion detection systems; large-scale network infrastructures; network quarantine channels; network security; network sensor information processing; security tools; Adaptive filters; Databases; Feedback; Information processing; Information security; Intelligent networks; Intelligent sensors; Intrusion detection; Large-scale systems; Monitoring; data mining; information processing; network sensor security; sensors networks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligent Sensors, Sensor Networks and Information Processing, 2008. ISSNIP 2008. International Conference on
  • Conference_Location
    Sydney, NSW
  • Print_ISBN
    978-1-4244-3822-8
  • Electronic_ISBN
    978-1-4244-2957-8
  • Type

    conf

  • DOI
    10.1109/ISSNIP.2008.4762054
  • Filename
    4762054
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2493877