The Honeynet Quarantine: Reducing Collateral Damage Caused by Early Intrusion Response

Anomaly based intrusion detection is inherently subject to false alarms. Fast and automated intrusion response based on this type of intrusion detection will cause significant usage restrictions for falsely suspected systems. To avoid these negative effects without sacrificing detection sensitivity...

Full description

Saved in:
Bibliographic Details
Published in2007 IEEE 6th International Conference on Networking p. 96
Main Authors Todtmann, B., Riebach, S., Rathgeb, E.P.
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.04.2007
Subjects
Computer networks
Computer worms
Control systems
Intrusion detection
IP networks
Joining processes
Local area networks
Production systems
Protection
Testing
Online AccessGet full text
DOI10.1109/ICN.2007.92

Cover

More Information
Summary:Anomaly based intrusion detection is inherently subject to false alarms. Fast and automated intrusion response based on this type of intrusion detection will cause significant usage restrictions for falsely suspected systems. To avoid these negative effects without sacrificing detection sensitivity or increasing the risk for the production network inadequately, we propose a scheme combining anomaly-based IDS with Honeynet concepts and link layer based VLANs. In addition to introducing the concept, we will describe a proof-of-concept implementation and report results from some lab tests confirming the benefits of this approach.
DOI:10.1109/ICN.2007.92