Experimental Validation and Analysis of an Intelligent Detection and Response Strategy to False Positives and Network Attacks.

Intrusion Detection Systems (IDSs) and security tools are used to monitor potential attacks in network infrastructures. The IDSs and tools trigger alerts of potential attacks in networks. However, most of these alerts are false positives. The high volumes of false positives makes manually analysis of alerts difficult and inefficient. In this paper we present a novel approach for efficient intelligent detection and response to suspect packets and benign false positives. The intelligent strategy consists of Network Quarantine Channels (NQCs) with multiple zones for isolation and interaction with the suspect packets in real-time. We propose multiple feedback methods to enhance the capability of the IDS to detect threats and benign attacks. We describe new techniques for feeding the results of the NQC to the IDS. These approaches are effective in responding to benign and attack packets. [ABSTRACT FROM AUTHOR]