مرکز منطقه ای اطلاع رساني علوم و فناوري - The Honeynet Quarantine: Reducing Collateral Damage Caused by Early Intrusion Response

DocumentCode :

2549168

Title :

The Honeynet Quarantine: Reducing Collateral Damage Caused by Early Intrusion Response

Author :

Tödtmann, Birger ; Riebach, Stephan ; Rathgeb, Erwin P.

Author_Institution :

Univ. of Duisburg-Essen, Essen

fYear :

2007

fDate :

22-28 April 2007

Firstpage :

Lastpage :

Abstract :

Anomaly based intrusion detection is inherently subject to false alarms. Fast and automated intrusion response based on this type of intrusion detection will cause significant usage restrictions for falsely suspected systems. To avoid these negative effects without sacrificing detection sensitivity or increasing the risk for the production network inadequately, we propose a scheme combining anomaly-based IDS with Honeynet concepts and link layer based VLANs. In addition to introducing the concept, we will describe a proof-of-concept implementation and report results from some lab tests confirming the benefits of this approach.

Keywords :

local area networks; security of data; telecommunication security; Honeynet quarantine; anomaly based intrusion detection; collateral damage; early intrusion response; link layer based VLAN; Computer networks; Computer worms; Control systems; IP networks; Intrusion detection; Joining processes; Local area networks; Production systems; Protection; Testing;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Networking, 2007. ICN '07. Sixth International Conference on

Conference_Location :

Martinique

Print_ISBN :

0-7695-2805-8

Electronic_ISBN :

0-7695-2805-8

Type :

conf

DOI :

10.1109/ICN.2007.92

Filename :

4196289

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2549168