State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Classification and detection of computer intrusions
Classification and detection of computer intrusions
Implementing a Generalized Tool for Network Monitoring
LISA '97 Proceedings of the 11th Conference on Systems Administration
Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Cooperating security managers: a peer-based intrusion detection system
IEEE Network: The Magazine of Global Internetworking
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
A logic-based model to support alert correlation in intrusion detection
Information Fusion
Content-based methodology for anomaly detection on the web
AWIC'03 Proceedings of the 1st international Atlantic web intelligence conference on Advances in web intelligence
Design and implementation of a decentralized prototype system for detecting distributed attacks
Computer Communications
| Hi-index | 0.24 |
It is important for intrusion detection systems (IDSs) to share information in order to discover attacks involving multiple sites. However, no framework exists for an IDS to request from and send to another IDS data relevant to specific events. The lack of such a framework may result in a waste of processing time, storage capacity and network bandwidth. This paper proposes a formal framework modeling requests among the cooperating IDSs. To show wide applicability, the paper explores the use of the formal approach in the Common Intrusion Detection Framework (CIDF), extending CIDF components to include a query facility.