A WS-Based Infrastructure for Integrating Intrusion Detection Systems in Large-Scale Environments

The growing need for information sharing among partnering organizations or members of virtual organizations poses a great security challenge One of the key aspects of this challenge is deploying intrusion detection systems (IDS) that can operate in heterogeneous, large-scale environments This is particularly difficult because the different networks involved generally use IDSs that have not been designed to work in a cooperative fashion This paper presents a model for integrating intrusion detection systems in such environments The main idea is to build compositions of IDSs that work as unified systems, using a service-oriented architecture (SOA) based on the Web Services technology The necessary interoperability among the elements of the compositions is achieved through the use of standardized specifications, mainly those developed by IETF, W3C and OASIS Dynamic compositions are supported through service orchestration We also describe a prototype implementation of the proposed infrastructure and analyze some results obtained through experimentation with this prototype.

[1]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[2]  Dominique Alessandri,et al.  Towards a Taxonomy of Intrusion Detection Systems and Attacks , 2001 .

[3]  Mike Erlinger,et al.  Intrusion Detection Message Exchange Requirements , 2007, RFC.

[4]  Yuri Demchenko,et al.  The Incident Object Description Exchange Format , 2007, RFC.

[5]  Vladimir Tosic,et al.  Towards a Web service composition management framework , 2005, IEEE International Conference on Web Services (ICWS'05).

[6]  Matthew MacDonald,et al.  Web Services Architecture , 2004 .

[7]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[8]  Yuri Demchenko Requirements for the Format for Incident Information Exchange (FINE) , 2006 .

[9]  Joni da Silva Fraga,et al.  A New Approach for IDS Composition , 2006, 2006 IEEE International Conference on Communications.

[10]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[11]  Richard A. Kemmerer Designing and implementing a family of intrusion detection systems , 2005, ASE '05.

[12]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[13]  Patricia Ingersoll,et al.  Distributed Web Content Management , 2005 .

[14]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[15]  Dejan S. Milojicic,et al.  Dealing with scale and adaptation of global Web services management , 2005, IEEE International Conference on Web Services (ICWS'05).

[16]  Jan Mendling,et al.  Business Process Execution Language for Web Services , 2006, EMISA Forum.

[17]  C. Peltz,et al.  Web Services Orchestration and Choreography , 2003, Computer.

[18]  Chris Lonvick,et al.  The BSD Syslog Protocol , 2001, RFC.

[19]  Gregory A. Matthews,et al.  The Intrusion Detection Exchange Protocol (IDXP) , 2007, RFC.

[20]  Chao-Tung Yang,et al.  Integrating grid with intrusion detection , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[21]  David M. Booth,et al.  Web Services Architecture , 2004 .

[22]  T. Bass,et al.  Service-oriented horizontal fusion in distributed coordination-based systems , 2004, IEEE MILCOM 2004. Military Communications Conference, 2004..

[23]  Donald E. Eastlake,et al.  (Extensible Markup Language) XML-Signature Syntax and Processing , 2002, RFC.

[24]  Joshua Zhexue Huang,et al.  Web services: problems and future directions , 2004, J. Web Semant..

[25]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .

[26]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[27]  Gail-Joon Ahn,et al.  Intrusion Detection Force: an infrastructure for Internet-scale intrusion detection , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[28]  M. F. Tolba,et al.  GIDA : Toward Enabling Grid Intrusion Detection Systems , 2005 .

[29]  Matjaz B. Juric,et al.  Business process execution language for web services , 2004 .

[30]  Bong-Nam Noh,et al.  Supporting interoperability to heterogeneous IDS in secure networking framework , 2003, 9th Asia-Pacific Conference on Communications (IEEE Cat. No.03EX732).

[31]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.