Title :
An intelligent detection and response strategy to false positives and network attacks
Author :
Hooper, Emmanuel
Author_Institution :
Inf. Security Group, London Univ., Surrey
Abstract :
Current intrusion detection systems (IDSs) monitor attacks in network infrastructures by triggering alerts on potential security violations. However, most of these generate very high volumes of false positives, making the task of manually analyzing these alerts extremely difficult and inefficient. In this paper, we explain in detail why false positives occur giving real examples, and propose a novel approach for their reduction through intelligent network quarantine channels (NQCs) technique. This examines the packets by sending intelligent responses to suspect hosts for further information. Subsequently, the NQC sends feedbacks to the IDS to modify the alerts and enhance its capability to detect threats and benign attacks. We propose multiple feedback methods, including messages and adaptive rules in alert filters and policies to the IDS monitor, network sensors and database. We describe in detail, a prototype implementation of the intelligent detection and response strategy to benign and attack packets
Keywords :
knowledge based systems; security of data; telecommunication security; IDS monitor; database; false positives; intelligent detection; intelligent network quarantine channels technique; intelligent response; intrusion detection systems; multiple feedback methods; network attacks; network infrastructures; network sensors; security violations; threat detection; Adaptive filters; Cryptography; Databases; Feedback; Information security; Intelligent networks; Intelligent sensors; Intrusion detection; Monitoring; Prototypes;
Conference_Titel :
Information Assurance, 2006. IWIA 2006. Fourth IEEE International Workshop on
Conference_Location :
London
Print_ISBN :
0-7695-2564-4
DOI :
10.1109/IWIA.2006.4
