Hess, AndreasJung, M.Schäfer, GünterKnop, Jan VonHaverkamp, WilhelmJessen, Eike2019-10-162019-10-1620033-88579-373-3https://dl.gi.de/handle/20.500.12116/29317With the ever growing number of hosts connected to the Internet, representing potential sources of malicious attacks, and increasing sophistication of attacking techniques and automated attacking tools, network intrusion detection and response has evolved into a very active field of research in recent years and a wide variety of approaches has been developed [LFG+00, NN01]. However, isolated operation of specific intrusion detection and defense technologies generally exhibits only the specific strengths and drawbacks of one particular approach. In order to allow for a co-ordinated combination of existing and emerging security technologies (e.g. signature based detection, anomaly detection, DDoS response mechanisms, honeypots, etc.) we propose a flexible intrusion detection and response framework called FIDRAN [HJS03] that is based on active networking technology. Principal findings so far are that active networking proves to be a well suited technology for intrusion detection and response, that the load of intrusion detection can be distributed among multiple systems with this approach, and that the overhead stays in acceptable ranges.enText/Conference Paper1617-5468