Research Article
An Intellilgent Infrastructure Strategy to Improving the Performance and Detection Capability of Intrusion Detection Systems
@INPROCEEDINGS{10.1109/SECCOMW.2006.359566, author={Emmanuel Hooper}, title={An Intellilgent Infrastructure Strategy to Improving the Performance and Detection Capability of Intrusion Detection Systems}, proceedings={2nd International ICST Conference on Security and Privacy in Comunication Networks}, publisher={IEEE}, proceedings_a={SECURECOMM}, year={2007}, month={5}, keywords={}, doi={10.1109/SECCOMW.2006.359566} }- Emmanuel Hooper
Year: 2007
An Intellilgent Infrastructure Strategy to Improving the Performance and Detection Capability of Intrusion Detection Systems
SECURECOMM
IEEE
DOI: 10.1109/SECCOMW.2006.359566
Abstract
Network and host Intrusion Detection Systems (IDS) are used to identify suspicious network traffic. However, a high percentage of alerts generated by such systems are liable to be false positives. False positives create considerable administrative overheads, since these alerts typically require manual intervention from a network administrator In order to reduce the number of false positives, we propose a novel infrastructure approach involving what we call network quarantine channels. The network quarantine channels and associated techniques are used to perform further interaction with hosts that have been identified as the source of suspicious traffic. The network quarantine channels are used to provide a more accurate assessment of the potential attacks sent by suspicious hosts, before sending the final status of the alerts to the IDS monitor for the network administrator's response.
