By Topic

An intelligent detection and response strategy to false positives and network attacks: operation of network quarantine channels and feedback methods to IDS

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Hooper, E. ; Inf. Security Group, London Univ., Surrey

Network-based intrusion detection systems (IDSs) are designed to monitor potential attacks in network infrastructures. IDSs trigger alerts of potential attacks in network security. These alerts are examined by security analysts to see if they are benign or attacks. However these alerts consist of high volumes of false positives, which are triggered by suspicious but normal, benign connections. These high volumes of false positives make manual analysis of the alerts difficult and inefficient in real-time detection and response. In this paper, we discuss briefly the significance of false positives and their impact on intrusion detection and response. Then we propose a novel approach for an efficient intelligent detection and response through the reduction of false positives. The intelligent strategy consists of technique with multiple zones for isolation and interaction with the hosts from which the packets were sent in real-time. We propose multiple feedback methods to the IDS monitor and database to indicate the status of the alerts. These innovative approaches, using NQC and feedback mechanisms enhance the capability of the IDS to detect threats and benign attacks. This is accomplished by applying adaptive rules to the alert filters and policies of the IDS network sensors

Published in:

Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. SecPerU 2006. Second International Workshop on

Date of Conference:

29-29 June 2006