Intelligent Communication Systems and Network Protocols in Infrastructures

There major challenges for current intrusion detection systems (IDS) which attempt to identify suspicious network traffic including virtual private networks (VPNs). Due to the high percentage of alerts generated by such systems, the level of false positives is among the significant problems. We present intelligent strategies for reduction of false positives and infrastructure protection using a novel approach using adaptive responses from firewall packet filters in what we call, network quarantine channels (NQC). The originality in this paper is the effective design of intelligent network infrastructure communication systems, involving integration of NQCs, virtual private networks (VPNs) and multiple protocols in various subnetworks for traffic segmentation, access controls and packet filters, for efficient responses to suspicious traffic and network attacks. These strategies provide intelligent communication systems and network protocols, intelligent communications, intelligent response systems for security signal processing

[1]  Emmanuel Hooper,et al.  An intelligent detection and response strategy to false positives and network attacks: operation of network quarantine channels and feedback methods to IDS , 2006, Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU'06).

[2]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[3]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[4]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[5]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[6]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[7]  Richard Lippmann,et al.  The Effect of Identifying Vulnerabilities and Patching Software on the Utility of Network Intrusion Detection , 2002, RAID.

[8]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[9]  Prem Uppuluri,et al.  Building survivable systems: an integrated approach based on intrusion detection and damage containment , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[10]  Hervé Debar,et al.  M2D2: A Formal Data Model for IDS Alert Correlation , 2002, RAID.

[11]  Henry L. Owen,et al.  The use of Honeynets to detect exploited systems across large enterprise networks , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[12]  Cynthia E. Irvine,et al.  Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor , 2000, USENIX Security Symposium.

[13]  J.B. Grizzard,et al.  An investigation of a compromised host on a honeynet being used to increase the security of a large enterprise network , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[14]  T. Holz,et al.  Detecting honeypots and other suspicious environments , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[15]  Wei Wang,et al.  Building evidence graphs for network forensics analysis , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).