Intelligent Network Infrastructure Systems Architecture and Integration, Risk Management and Validation

There are major challenges for effective strategies for intelligent systems architecture and integration, risk management and validation in engineering and network systems. This includes the challenges in designing intelligent engineering systems to reduce false positives and increases detection capability of intrusion detection systems (IDSs). The high percentage of alerts and false positives generated by IDSs are among the significant problems. We present intelligent systems architecture and integration, including risk management and validation for reduction of false positives and infrastructure protection using a novel approach using adaptive responses from firewall packet filters in what we call, network quarantine channels (NQC). This includes risk assessments and design of integrated virtual private networks (VPNs) and strategic controls via packet filters, which collaborate with the NQC to reply to suspicious hosts, and them deny access to sensitive data servers in the infrastructure. The firewall packet filters provide effective intelligent responses by to granting access to the normal packets and denying malicious traffic access to the network, after the identity of the connections are verified through the statistical analysis in the NQC. These effective strategies reduce false positives and increases detection capability of the IDS. The intelligent systems at the system-of-systems level include systems modeling and simulation, systems engineering education, training, quality management for intrusion detection, computer security and disaster response. The validation includes statistical analysis and modeling of systems integration for handling large-scale and complex systems in emerging commercial networks. This includes large-scale systems integration various applications for technology transfer between academia and industry, and applicable to communications systems, medical systems, management and sustainability. The paper examines issues in robust design, factors, safety, security and usability, and transitions from design to production, deployment and use, quality control and system management and management interactions, risk management and systems architecture.

[1]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[2]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[3]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[4]  Richard Lippmann,et al.  The Effect of Identifying Vulnerabilities and Patching Software on the Utility of Network Intrusion Detection , 2002, RAID.

[5]  T. Holz,et al.  Detecting honeypots and other suspicious environments , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[6]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[7]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[8]  Wei Wang,et al.  Building evidence graphs for network forensics analysis , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[9]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[10]  Hervé Debar,et al.  M2D2: A Formal Data Model for IDS Alert Correlation , 2002, RAID.

[11]  Michael S. Greenberg,et al.  Network Forensics Analysis , 2002, IEEE Internet Comput..