{"title":"Experimental Validation of An Intelligent Detection and Response Strategy for Complex Infrastructure Attacks and False Positives Using Firewalls","authors":"E. Hooper","doi":"10.1109/CCST.2006.313458","DOIUrl":null,"url":null,"abstract":"The current intrusion detection systems (IDS) which attempt to identify suspicious network traffic have major limitations. The high percentage of alerts generated by such systems, the level of false positives is one of the major problems. We present intelligent strategies for reduction of false positives and infrastructure protection using a novel approach using adaptive responses from multiple firewalls and VPNs (virtual private networks) rule sets in a novel \"network quarantine channels\" (NQC), using firewall architectures. The focus of this paper is on firewall rule sets which operate within the NQC to respond to suspicious hosts and then deny access to critical segments of the network infrastructure. The firewall rule sets provide effective intelligent responses by granting access to the normal packets and denying malicious traffic access to the network, after the identity of the connections are verified through the statistical analysis in the NQC. These effective strategies reduce false positives and increases detection capability of the IDS","PeriodicalId":169978,"journal":{"name":"Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology","volume":"2023 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2006.313458","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The current intrusion detection systems (IDS) which attempt to identify suspicious network traffic have major limitations. The high percentage of alerts generated by such systems, the level of false positives is one of the major problems. We present intelligent strategies for reduction of false positives and infrastructure protection using a novel approach using adaptive responses from multiple firewalls and VPNs (virtual private networks) rule sets in a novel "network quarantine channels" (NQC), using firewall architectures. The focus of this paper is on firewall rule sets which operate within the NQC to respond to suspicious hosts and then deny access to critical segments of the network infrastructure. The firewall rule sets provide effective intelligent responses by granting access to the normal packets and denying malicious traffic access to the network, after the identity of the connections are verified through the statistical analysis in the NQC. These effective strategies reduce false positives and increases detection capability of the IDS