About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
2nd International ICST Conference on Security and Privacy in Comunication Networks

Research Article

An Intellilgent Infrastructure Strategy to Improving the Performance and Detection Capability of Intrusion Detection Systems

Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1109/SECCOMW.2006.359566,
        author={Emmanuel  Hooper},
        title={An Intellilgent Infrastructure Strategy to Improving the Performance and Detection Capability of Intrusion Detection Systems},
        proceedings={2nd International ICST Conference on Security and Privacy in Comunication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2007},
        month={5},
        keywords={},
        doi={10.1109/SECCOMW.2006.359566}
    }
    
  • Emmanuel Hooper
    Year: 2007
    An Intellilgent Infrastructure Strategy to Improving the Performance and Detection Capability of Intrusion Detection Systems
    SECURECOMM
    IEEE
    DOI: 10.1109/SECCOMW.2006.359566
Emmanuel Hooper1,2,*
  • 1: Information Security Group, University of London
  • 2: Royal Holloway, Egham, Surrey, TW20 OEX, UK.
*Contact email: E.Hooper@rhul.ac.uk

Abstract

Network and host Intrusion Detection Systems (IDS) are used to identify suspicious network traffic. However, a high percentage of alerts generated by such systems are liable to be false positives. False positives create considerable administrative overheads, since these alerts typically require manual intervention from a network administrator In order to reduce the number of false positives, we propose a novel infrastructure approach involving what we call network quarantine channels. The network quarantine channels and associated techniques are used to perform further interaction with hosts that have been identified as the source of suspicious traffic. The network quarantine channels are used to provide a more accurate assessment of the potential attacks sent by suspicious hosts, before sending the final status of the alerts to the IDS monitor for the network administrator's response.

Published
2007-05-15
Publisher
IEEE
http://dx.doi.org/10.1109/SECCOMW.2006.359566
Copyright © 2006–2025 IEEE
EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL