It is essential for intrusion detection systems to share information in order to discover attacks involving multiple sites Common Intrusion Detection Framework CIDF is an important step towards enabling di erent intrusion detection and response IDR components to interoperate with each other Although CIDF provides an infrastructure and language support that allows an IDR component to understand the information sent by another component it does not contain a facility for a component to request speci c information from other components The lack of such a facility may result in a waste of processing time storage capacity and network bandwidth This paper proposes an extension to the Common Intrusion Speci cation Language CISL the language adopted by CIDF to model requests among CIDF components The extension is simple and consistent with the original CISL Each request for information is described as a pattern for relevant information and an optional format speci cation for the responding message The use of pattern in modeling requests not only provides a way to represent queries but also leads to a potential reuse of signature based intrusion detection software
[1]
Sushil Jajodia,et al.
Modeling requests among cooperating intrusion detection systems
,
2000,
Comput. Commun..
[2]
Charles E. Kahn,et al.
A common intrusion detection framework
,
2000
.
[3]
Richard A. Kemmerer,et al.
State Transition Analysis: A Rule-Based Intrusion Detection Approach
,
1995,
IEEE Trans. Software Eng..
[4]
Sandeep Kumar,et al.
Classification and detection of computer intrusions
,
1996
.
[5]
Stuart Staniford-Chen,et al.
Holding intruders accountable on the Internet
,
1995,
Proceedings 1995 IEEE Symposium on Security and Privacy.
[6]
Eugene H. Spafford,et al.
A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION
,
1994
.
[7]
Sushil Jajodia,et al.
CARDS: A Distributed System for Detecting Coordinated Attacks
,
2000,
SEC.
[8]
Sushil Jajodia,et al.
Abstraction-based misuse detection: high-level specifications and adaptable strategies
,
1998,
Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).