Title :
Environmental awareness intrusion detection and prevention system toward reducing false positives and false negatives
Author :
Sourour, Meharouech ; Adel, Bouhoula ; Tarek, Abbes
Author_Institution :
Dept. of Comput. Sci. & Networks, Digital Security Lab., Higher Sch. of Telecommun. (SupCom)
fDate :
March 30 2009-April 2 2009
Abstract :
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are now considered a mainstream security technology. IDS and IPS are designed to identify security breaches. However, one of the most important problems with current IDS and IPS is the lack of the ldquoenvironmental awarenessrdquo (i.e. security policy, network topology and software). This ignorance triggers many false positives (false alerts) and false negatives (undetected attacks). In this paper, we propose a novel intrusion detection and prevention architecture where we integrate the characteristics and the properties of the protected system in the traffic analysis process. The experimental evaluation shows the effectiveness of our solution. In fact, we measure a reduction of 89.59% of false positives and 79.18% of false negatives.
Keywords :
computer networks; security of data; telecommunication security; telecommunication traffic; environmental aware network intrusion detection; mainstream security technology; network cartography; network intrusion prevention system; network security breach identification; network traffic analysis process; Computer architecture; Computer science; Computer security; Information security; Intrusion detection; Monitoring; Network topology; Protection; Sensor systems; Telecommunication traffic; IDS; IPS; Network cartography; Network security; Security Policy;
Conference_Titel :
Computational Intelligence in Cyber Security, 2009. CICS '09. IEEE Symposium on
Conference_Location :
Nashville, TN
Print_ISBN :
978-1-4244-2769-7
DOI :
10.1109/CICYBS.2009.4925097
