The Honeynet quarantine: reducing collateral damage caused by early intrusion response

Anomaly based intrusion detection is inherently subject to false alarms. Fast and automated intrusion response based on this type of intrusion detection can cause significant usage restrictions for falsely suspected systems. To avoid these negative effects without sacrificing detection sensitivity o...

Full description

Saved in:
Bibliographic Details
Published in2005 IEEE Workshop on Information Assurance and Security pp. 464 - 465
Main Authors Toedtmann, B., Riebach, S., Rathgeb, E.P.
Format Conference Proceeding
LanguageEnglish
Published IEEE 2005
Subjects
Automatic control
Computer networks
Computer worms
Control systems
Intrusion detection
IP networks
Joining processes
Local area networks
Production systems
Protection
Online AccessGet full text
ISBN9780780392908
0780392906
DOI10.1109/IAW.2005.1496003

Cover

More Information
Summary:Anomaly based intrusion detection is inherently subject to false alarms. Fast and automated intrusion response based on this type of intrusion detection can cause significant usage restrictions for falsely suspected systems. To avoid these negative effects without sacrificing detection sensitivity or increasing the risk for the production network inadequately, we propose a scheme combining anomaly-based IDS with Honeynet concepts and link layer based VLANs.
ISBN:9780780392908
0780392906
DOI:10.1109/IAW.2005.1496003