False Positives: False positive response

Authors:
Siraj A. Shaikh;Howard Chivers;Philip Nobles;John A. Clark;Hao Chen
Affiliations:
Department of Informatics and Sensors, Cranfield University, UK;Department of Informatics and Sensors, Cranfield University, UK;Department of Informatics and Sensors, Cranfield University, UK;Department of Computer Science, University of York, UK;Department of Computer Science, University of York, UK
Venue:
Network Security
Year:
2008

Citing 6
Cited 0

Linux network administrator's guide (2nd ed.)

Linux network administrator's guide (2nd ed.)
Cisco IOS 12.0 Switching Services

Cisco IOS 12.0 Switching Services
Remote Physical Device Fingerprinting

IEEE Transactions on Dependable and Secure Computing
On Recognizing Virtual Honeypots and Countermeasures

DASC '06 Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing
A virtual honeypot framework

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Distributed Evasive Scan Techniques and Countermeasures

DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Quantified Score

Hi-index	0.00

Visualization

Abstract

In an earlier article we examined reconnaissance activity over networks and discussed some of the challenges in detecting such behaviour.^1 One approach to dealing with such activity is false positive response.^2 The purpose of false positive response is to make it difficult for an intruder to distinguish between the operational active address space and the inactive one, and between genuine and decoy hosts. Such an approach is designed to render any reconnaissance information useless and make it difficult to obtain accurate information about a potential target network.