Browse > Article

An Integrated Intrusion Detection System for a Large-scale Network Environment  

안정모 (경희대학교 컴퓨터공학과)
조진성 (경희대학교 컴퓨터공학)
정병수 (경희대학교 컴퓨터공학과)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.29, no.7C, 2004 , pp. 985-996 More about this Journal
Abstract
In order to solve the increasing security problems, IDSs(Intrusion Detection System) have appeared. However, local IDSs have a limit to detect various intrusions in a large-scale network environment. So there are a lot of researches in progress which organize the elements of IDS in a distributed or hierarchical manner. In this paper, we design a integrated IDS which exchanges messages between them through the standardized message format (IDMEF) and communication protocol (IDXP). We also propose a policy profile for an effective control of IDSs, and employ the PKI mechanism for mutual authentication. We implement a prototype system for the proposed IDSs communicating with Snort and analyze its performance.
Keywords
IDS; IDXP; IDMEF; Policy Profile;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A Framework for Distributed Intrusion Detection using Interest Driven Cooperating Agents /
[ Rajeev Gopalakrishna;Eugene H. Spafford ] / RAID 2001
2 DIDS (Distributed Intrusion Detection System) - motivation, architecture, and an early prototype /
[ S. Snapp;J. Brentano;G. Dias(et al.) ] / Proceedings of the 14th National Computer Security Conference
3 /
[] / beepcore.org
4 /
[] / RoadRunner
5 /
[] / Libidxp - An IDXP / BEEP Protocol Implementation
6 /
[] / Libidmef
7 /
[] / Snort.org
8 Communication in the Common Intrusion Detection Framework v0.7 /
[ Clifford kahn;Don Bolinger;Dan Schnackenberg ] / CIDF Working Group Draft Specification
9 침입탐지 경보 메시지 상호 연관성 분석에 대한 연구 /
[ 이은영;이상훈;김도환;박응기 ] / 2003년도 추계학술발표회
10 침입 경보 연관성 분석을 통한 효율적인 관제 에이전트의 설계 /
[ 김도환;이상훈;이은영;박응기 ] / 2003년도 추계학술발표회
11 NetSTAT : A Network-based Intrusion Detection System /
[ Giovanni Vigna;Richard A. Kemmerer ] / Journal of Computer Security
12 /
[ Dorothy E. Denning ] / An Intrusion Detection Model
13 EMERALD : Event Monitoring Enabling Responses to Anomalous Live Disturbances /
[ Phillip A. Porras;Peter G. Neumann ] / Proc. 20th NIST-NCSC National Information Systems Security Conference
14 /
[ IETF;IDWG ] / The Intrusion Detection Exchange Protocol (IDXP)
15 New Directions for the AAFID architecture /
[ Eugene Spafford;Diego Zamboni ] / RAID 1998
16 GrIDS-a graph based intrusion detection system for large networks /
[ S. Staniford-Chen;S. Cheung;R. Crawford;M. Dilger;J. Frank;J. Hoagland;K. Levitt;C. Wee;R. Yip;D. Zerkle ] / Proceedings of the 19th National Information Systems Security Conference
17 The Common Intrusion Detection Framework (CIDF) /
[ Staniford-Chen, S.;Tung, B.;Schnackenberg, D. ] / Information Survivability Workshop
18 /
[ IETF;IDWG ] / Intrusion Detection Message Exchange Requirements
19 /
[ IETF;IDWG ] / Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition
20 /
[ IETF;RFC 3080 ] / The Blocks Extensible Exchange Protocol Core