Intrusion Detection Inter-component Adaptive Negotiation

Abstract The intrusion detection inter-component adaptive negotiation (IDIAN) project has developed a negotiation protocol to allow a distributed collection of heterogeneous intrusion detection (ID) components to inter-operate and reach agreement on each other's ID information processing capabilities and needs. The negotiation, moreover, is dynamic, so the information generated and processed can evolve as the intrusion detection system (IDS) evolves and as the environment changes. This paper describes IDIAN extensions to the common intrusion specification language (viz., GIDO filters), the negotiation protocol itself, a load model used to measure computing load on a system due to the use of ID services, and a demonstration of the protocol.

[1]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[2]  Joachim Thees Protocol Implementation with Estelle from Prototypes to Efficient Implementations 1 , 1998 .

[3]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[4]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  Charles E. Kahn,et al.  A common intrusion detection framework , 2000 .

[6]  B. Tung The Common Intrusion Specification Language: a retrospective , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.