Brooery: a graphical environment for analysis of security-relevant network activity
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
CANVuS: context-aware network vulnerability scanning
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Inter-domain stealthy port scan detection through complex event processing
EWDC '11 Proceedings of the 13th European Workshop on Dependable Computing
Enhancing the accuracy of network-based intrusion detection with host-based context
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Local system security via SSHD instrumentation
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
An event-based platform for collaborative threats detection and monitoring
Information Systems
| Hi-index | 0.00 |
A powerful strategy in intrusion detection is the separation of surveillance mechanisms from a siteýs policy for processing observed events. The Bro intrusion detection system has been using the notion of policy-neutral events as the basic building blocks for the formulation of a siteýs security policy since its conception. A recent addition to the system is the ability to exchange events with other Bro peers to allow distributed detection. In this paper we extend Broýs existing event model to fulfill the requirements of scalable policy-controlled distributed event management, including mechanisms for event publication, subscription, processing, propagation, and correlation.