A Study on Information Exchange and Cooperation in Distributed Intrusion Detection Systems

Information exchange and cooperation between components acts as the k ey problem of distributed intrusion detection system. According to DIDS based on Hierarchical Cooperation Model (HCM), we analyze the requirements of informatio n exchange between detection components in this model. We present the Extended I ntrusion Detection Message Exchange Format (EIDMEF) to provide a standard descri pt ion format which contributes to efficient information exchange and cooperation, such as reporting intrusion incidents, collecting audit data, performing coopera tive detection and activating distributed responses to intrusive behaviors. Work flows of information exchange and processing procedure in this model when confro nted with different kinds of intrusions are also depicted in detail.