Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A data mining analysis of RTID alarms
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Journal of Computer Security
An Intelligent Detection and Response Strategy to False Positives and Network Attacks
IWIA '06 Proceedings of the Fourth IEEE International Workshop on Information Assurance
Hi-index | 0.00 |
Intrusion detection systems are used to identify suspicious network traffic. However, a high percentage of alerts generated by such systems are liable to be false positives. Since these alerts typically require manual intervention from a network administrator, false positives create considerable administrative overheads. In order to reduce the number of false positives, we propose a new network protection component called a network quarantine channel, which is used to perform some additional interaction with hosts that have been identified as the source of suspicious traffic. The network quarantine channel is used to provide a more accurate assessment of the threat posed by a suspicious host, before alerting the network administrator.