The honeynet quarantine: reducing collateral damage caused by early intrusion response

16 August 2005

conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

p. 464-465
https://doi.org/10.1109/iaw.2005.1496003

Abstract

Anomaly based intrusion detection is inherently subject to false alarms. Fast and automated intrusion response based on this type of intrusion detection can cause significant usage restrictions for falsely suspected systems. To avoid these negative effects without sacrificing detection sensitivity or increasing the risk for the production network inadequately, we propose a scheme combining anomaly-based IDS with Honeynet concepts and link layer based VLANs. Author(s) Toedtmann, B. Inst. for Exp. Math., Duisburg Univ., Essen, Germany Riebach, S. ; Rathgeb, E.P.

Keywords

INTRUSION DETECTION
HONEYNET
INTRUSION RESPONSE
ANOMALY BASED
FALSE
NETWORK INADEQUATELY

This publication has 1 reference indexed in Scilit:

A taxonomy of computer worms
Published by Association for Computing Machinery (ACM) ,2003