Modeling requests among cooperating intrusion detection systems
نویسندگان
چکیده
It is important for intrusion detection systems (IDSs) to share information in order to discover attacks involving multiple sites. However, no framework exists for an IDS to request from and send to another IDS data relevant to specific events. The lack of such a framework may result in a waste of processing time, storage capacity and network bandwidth. This paper proposes a formal framework modeling requests among the cooperating IDSs. To show wide applicability, the paper explores the use of the formal approach in the Common Intrusion Detection Framework (CIDF), extending CIDF components to include a query facility.
منابع مشابه
Anomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism
Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in ...
متن کاملA Query Facility for Common Intrusion Detection Framework
It is essential for intrusion detection systems to share information in order to discover attacks involving multiple sites. Common Intrusion Detection Framework (CIDF) is an important step towards enabling di erent intrusion detection and response (IDR) components to interoperate with each other. Although CIDF provides an infrastructure and language support that allows an IDR component to under...
متن کاملRequirements of Information Reductions for Cooperating Intrusion Detection Agents
We consider cooperating intrusion detection agents that limit the cooperation information flow with a focus on privacy and confidentiality. Generalizing our previous work on privacy respecting intrusion detection for centralized systems we propose an extended functional model for information reductions that is used for cooperation between intrusion detection agents. The reductions have the foll...
متن کاملAttack Detection using Cooperating Autonomous Detection Systems (CATS)
Today’s communication networks are threatened by an increasing number intrusion attempts, worms, and denial of service (DoS) attacks. Apart from general measures for attack prevention, the possibility to detect ongoing attacks in order to take appropriate countermeasures constitutes an important asset for network security. We present a novel approach for attack detection based on cooperating au...
متن کاملA Distributed Intrusion Detection System Using Cooperating Agents
The current intrusion detection systems have a number of problems that limit their configurability, scalability and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Computer Communications
دوره 23 شماره
صفحات -
تاریخ انتشار 2000