An Intellilgent Infrastructure Strategy to Improvilng the Performance and Detection Capability of Intrusion Detection Systems

Author

Hooper, Emmanuel

Author_Institution

Inf. Security Group, London Univ.

fYear

2006

fDate

Aug. 28 2006-Sept. 1 2006

Firstpage

1

Lastpage

15

Abstract

Network and host intrusion detection systems (IDS) are used to identify suspicious network traffic. However, a high percentage of alerts generated by such systems are liable to be false positives. False positives create considerable administrative overheads, since these alerts typically require manual intervention from a network administrator. In order to reduce the number of false positives, we propose a novel infrastructure approach involving what we call network quarantine channels. The network quarantine channels and associated techniques are used to perform further interaction with hosts that have been identified as the source of suspicious traffic. The network quarantine channels are used to provide a more accurate assessment of the potential attacks sent by suspicious hosts, before sending the final status of the alerts to the IDS monitor for the network administrator´s response

Keywords

computer networks; security of data; telecommunication channels; telecommunication traffic; administrative overheads; detection capability; false positives; intelligent infrastructure strategy; intrusion detection systems; network quarantine channels; suspicious network traffic; Data analysis; Databases; Frequency; Information security; Intrusion detection; Protocols; Prototypes; Remote monitoring; Statistics; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Securecomm and Workshops, 2006

Conference_Location

Baltimore, MD

Print_ISBN

1-4244-0423-1

Electronic_ISBN

1-4244-0423-1

Type

conf

DOI

10.1109/SECCOMW.2006.359547

Filename

4198807