Implementing IDS Management on Lock-Keeper

Authors:
Feng Cheng;Sebastian Roschke;Christoph Meinel
Affiliations:
Hasso Plattner Institute (HPI), University of Potsdam, Potsdam, Germany 14440;Hasso Plattner Institute (HPI), University of Potsdam, Potsdam, Germany 14440;Hasso Plattner Institute (HPI), University of Potsdam, Potsdam, Germany 14440
Venue:
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Year:
2009

Citing 9
Cited 0

A pump for rapid, reliable, secure communication

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Network Intrusion Detection: An Analyst's Handbook

Network Intrusion Detection: An Analyst's Handbook
TRINETR: An Intrusion Detection Alert Management System

WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Detecting Malicious JavaScript Code in Mozilla

ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Unsupervised anomaly detection in network intrusion detection using clusters

ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Towards Automatic Generation of Vulnerability-Based Signatures

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Inferring Internet denial-of-service activity

ACM Transactions on Computer Systems (TOCS)
Management and Integration of Information in Intrusion Detection System: Data Integration System for IDS Based Multi-Agent Systems

WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
Investigating new approaches to data collection, management and analysis for network intrusion detection

ACM-SE 45 Proceedings of the 45th annual southeast regional conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion Detection System (IDS) management is an important component for most distributed IDS solutions. One of the main requirements is extensibility, which enables the integration of different types of IDS sensors as well as the deployment in different kinds of environments. Lock-Keeper is a simple implementation of the high level security idea, "Physical Separation". It works as a sluice to exchange data between two networks without having to establish a direct and physical connection. To enhance the security of the Lock-Keeper system itself, it is necessary to deploy IDS sensors on Lock-Keeper components. This paper proposes an extensible IDS management architecture, which can be easily integrated on the special hardware platform of Lock-Keeper. Unified interface and communication between different integrated IDS sensors are designed using the known IDS standard, IDMEF, and realized as several kinds of plugins, such as handlers, receivers, and senders. A prototype of implementation is presented and some practical experiments are carried out to show the extensibility and applicability of the proposed architecture.