By Topic

Experimental Validation of An Intelligent Detection and Response Strategy for Complex Infrastructure Attacks and False Positives Using Firewalls

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Emmanuel Hooper ; Information Security Group, University of London, Royal Holloway, Egham, Surrey, TW20 OEX, UK. E.Hooper@rhul.ac.uk, ehooper@aya.yale.edu

The current intrusion detection systems (IDS) which attempt to identify suspicious network traffic have major limitations. The high percentage of alerts generated by such systems, the level of false positives is one of the major problems. We present intelligent strategies for reduction of false positives and infrastructure protection using a novel approach using adaptive responses from multiple firewalls and VPNs (virtual private networks) rule sets in a novel "network quarantine channels" (NQC), using firewall architectures. The focus of this paper is on firewall rule sets which operate within the NQC to respond to suspicious hosts and then deny access to critical segments of the network infrastructure. The firewall rule sets provide effective intelligent responses by granting access to the normal packets and denying malicious traffic access to the network, after the identity of the connections are verified through the statistical analysis in the NQC. These effective strategies reduce false positives and increases detection capability of the IDS

Published in:

Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology

Date of Conference:

Oct. 2006