A pump for rapid, reliable, secure communication
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
TRINETR: An Intrusion Detection Alert Management System
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Detecting Malicious JavaScript Code in Mozilla
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Unsupervised anomaly detection in network intrusion detection using clusters
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Hi-index | 0.00 |
Intrusion Detection System (IDS) management is an important component for most distributed IDS solutions. One of the main requirements is extensibility, which enables the integration of different types of IDS sensors as well as the deployment in different kinds of environments. Lock-Keeper is a simple implementation of the high level security idea, "Physical Separation". It works as a sluice to exchange data between two networks without having to establish a direct and physical connection. To enhance the security of the Lock-Keeper system itself, it is necessary to deploy IDS sensors on Lock-Keeper components. This paper proposes an extensible IDS management architecture, which can be easily integrated on the special hardware platform of Lock-Keeper. Unified interface and communication between different integrated IDS sensors are designed using the known IDS standard, IDMEF, and realized as several kinds of plugins, such as handlers, receivers, and senders. A prototype of implementation is presented and some practical experiments are carried out to show the extensibility and applicability of the proposed architecture.