A New Approach for IDS Composition

This paper presents a new approach for dynamic composition of Intrusion Detection Systems (IDSs). In this approach, the dynamic composition is used for building more flexible and adequate IDSs to open distributed systems. Intrusion detection systems are built on components or monolithic systems for creating more complex and cooperative intrusion detection systems that work as unified structures. Our approach can be applied in medium and large sized systems, for either closed or open networks. In order to provide the necessary scalability and flexibility, this approach is based on a service-oriented architecture (SOA). The IDSs are composed by using services founded on the XML language and Web Services technology. These technologies are being used with their security extensions on the data communications and the security events notifications. This paper presents the basic framework features, emphasizing the components search, selection, composition and communication.

[1]  John McHugh,et al.  Defending Yourself: The Role of Intrusion Detection Systems , 2000, IEEE Software.

[2]  M. F. Tolba,et al.  GIDA : Toward Enabling Grid Intrusion Detection Systems , 2005 .

[3]  Chris Lonvick,et al.  The BSD Syslog Protocol , 2001, RFC.

[4]  Gregory A. Matthews,et al.  The Intrusion Detection Exchange Protocol (IDXP) , 2007, RFC.

[5]  Gail-Joon Ahn,et al.  Intrusion Detection Force: an infrastructure for Internet-scale intrusion detection , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[6]  David M. Booth,et al.  Web Services Architecture , 2004 .

[7]  Fred L. Kitchens,et al.  Web Services Architecture for M-Learning. , 2004 .

[8]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[9]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[10]  Chao-Tung Yang,et al.  Integrating grid with intrusion detection , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[11]  Yuri Demchenko,et al.  The Incident Object Description Exchange Format , 2007, RFC.

[12]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[13]  Dominique Alessandri,et al.  Towards a Taxonomy of Intrusion Detection Systems and Attacks , 2001 .

[14]  Joseph M. Reagle XML Signature Requirements , 2000, RFC.

[15]  Mike Erlinger,et al.  Intrusion Detection Message Exchange Requirements , 2007, RFC.

[16]  Roberto Chinnici,et al.  Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language , 2007 .

[17]  Giovanni Vigna,et al.  Designing and implementing a family of intrusion detection systems , 2003, ESEC/FSE-11.

[18]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[19]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .

[20]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[21]  Yuri Demchenko Requirements for the Format for Incident Information Exchange (FINE) , 2006 .

[22]  T. Bass,et al.  Service-oriented horizontal fusion in distributed coordination-based systems , 2004, IEEE MILCOM 2004. Military Communications Conference, 2004..

[23]  Donald E. Eastlake,et al.  (Extensible Markup Language) XML-Signature Syntax and Processing , 2002, RFC.