An experience improving intrusion detection systems false alarm ratio by using honeypot

Babak Khosravifar, Jamal Bentahar

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

21 Scopus citations

Abstract

When traditional firewall and intrusion detection systems (IDS) are used to detect possible attacks from the network, they often make wrong decisions and block the legitimate connections. In this paper we propose a new architecture which is composed of distributed agents and honeypot. The main focus of our approach lies in reducing the false alarm rate of the attack detection. Using the honeypot scheme, this system is able to avoid many wrong decisions made by IDS. In this system alarming adversaries, initially detected by the IDS, will be rerouted to a honeypot network for a more close investigation. If as a result of this investigation, it is found that the alarm decision made by the IDS of the agent is wrong, the connection will be guided to the original destination in order to continue the previous interaction. This action is hidden to the user. Such a scheme significantly decreases the alarm rate and provides a higher performance of IDS. In this paper the architecture of the proposed system is described, a theoretical analysis of its behavior is given and its possible extension and implementation are explained.

Original languageBritish English
Title of host publicationProceedings - 22nd International Conference on Advanced Information Networking and Applications, AINA 2008
Pages997-1004
Number of pages8
DOIs
StatePublished - 2008
Event22nd International Conference on Advanced Information Networking and Applications, AINA 2008 - Gino-wan, Okinawa, Japan
Duration: 25 Mar 200828 Mar 2008

Publication series

NameProceedings - International Conference on Advanced Information Networking and Applications, AINA
ISSN (Print)1550-445X

Conference

Conference22nd International Conference on Advanced Information Networking and Applications, AINA 2008
Country/TerritoryJapan
CityGino-wan, Okinawa
Period25/03/0828/03/08

Fingerprint

Dive into the research topics of 'An experience improving intrusion detection systems false alarm ratio by using honeypot'. Together they form a unique fingerprint.

Cite this