Intelligent Infrastructure Security Architecture, Response and Management System using Firewalls and Adaptive Policies

E. Hooper (UK)

Keywords

security, infrastructures, firewall, architecture, intrusion de tection

Abstract

Intrusion Detection Systems (IDS) have major limitations in their analysis of network and application traffic. The high percentage of alerts generated by such systems and the level of false positives among the major problems. We present intelligent strategies for reduction of false positives and infrastructure protection involving a novel approach us ing adaptive responses from firewall rulesets in a novel “net work quarantine channels” (NQC), using firewall architec tures. The focus of this paper is the combination of fire wall architecture and rules to respond to suspicious hosts and Denial of access to critical segments of the network in frastructure. The firewall policies and rules provide effec tive intelligent responses by granting access to the normal packets and denying malicious traffic access to the network. This is performed after the identity of the connections are verified through the statistical analysis in the NQC. We dis cuss experiments performed on reducing the false positives of intrusion detection by IDSs. The main contribution of this paper is the design of intelligent strategies to reduce false positives and provide infrastructure protection using adaptive responses from firewall rulesets.

Important Links:



Go Back


IASTED
Rotating Call For Paper Image