INTELLIGENT INFRASTRUCTURE SECURITY ARCHITECTURE, RESPONSE AND MANAGEMENT SYSTEM USING FIREWALLS AND ADAPTIVE POLICIES

摘要

Intrusion Detection Systems (IDS) have major limitations in their analysis of network and application traffic. The high percentage of alerts generated by such systems and the level of false positives among the major problems. We present intelligent strategies for reduction of false positives and infrastructure protection involving a novel approach using adaptive responses from firewall rulesets in a novel "network quarantine channels" (NQC), using firewall architectures. The focus of this paper is the combination of firewall architecture and rules to respond to suspicious hosts and Denial of access to critical segments of the network infrastructure. The firewall policies and rules provide effective intelligent responses by granting access to the normal packets and denying malicious traffic access to the network. This is performed after the identity of the connections are verified through the statistical analysis in the NQC. We discuss experiments performed on reducing the false positives of intrusion detection by IDSs. The main contribution of this paper is the design of intelligent strategies to reduce false positives and provide infrastructure protection using adaptive responses from firewall rulesets.