An Extensible and Virtualization-Compatible IDS Management Architecture

Efficient Intrusion Detection System (IDS) management is a prominent capability for distributed IDS solutions, which makes it possible to integrate and handle different types of sensors or collect and synthesize alerts generated from multiple hosts located in a loosely coupled environment. Extensibility is the main requirement for most of IDS management systems. The concept of virtualization has been introduced into many popular IDS implementations due to the advantage on isolation and fast recovery in case of being compromised. Advanced capability for combining these newly emerged Virtual Machine (VM) based IDS approaches is another requirement for IDS management. This paper proposes an extensible IDS management architecture based on a new design of Event Gatherer component. By using the known IDS standard IDMEF and a plug-in concept, the Event Gatherer ensures flexibility and compatibility.Experiments are carried out to demonstrate the extensibility and virtualization-compatibility of the proposed IDS management architecture.

[1]  Christoph Meinel,et al.  Implementing IDS Management on Lock-Keeper , 2009, ISPEC.

[2]  Larry Lee Reynolds,et al.  Investigating new approaches to data collection, management and analysis for network intrusion detection , 2007, ACM-SE 45.

[3]  Carlos Maziero,et al.  Protecting host-based intrusion detectors through virtual machines , 2007, Comput. Networks.

[4]  Carlos Maziero,et al.  Intrusion detection in virtual machine environments , 2004, Proceedings. 30th Euromicro Conference, 2004..

[5]  Y. V. Ramana Reddy,et al.  TRINETR: an intrusion detection alert management systems , 2004, 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[6]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[7]  Zair Abdelouahab,et al.  Management and Integration of Information in Intrusion Detection System: Data Integration System for IDS Based Multi-Agent Systems , 2006, 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology Workshops.

[8]  Christopher Leckie,et al.  Evaluation of a Decentralized Architecture for Large Scale Collaborative Intrusion Detection , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.