A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis

Authors
Davicino, Pablo; Echaiz, Javier; Ardenghi, Jorge Raúl
Publication Year
2011
Language
Spanish
Format
conference paper
Status
Published version
Description
Computer Intrusion Detection Systems (IDS) are primarily designed to protect availability, condentiality and integrity of critical information infrastructures. A Distributed IDS (DIDS) consists of several IDS over a large network(s), all of which communicate with each other, with a central server or with a cluster of servers that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using cooperative intelligent sensors distributed across the network(s). A significant challenge remains for IDS designers to combine data and information from numerous heterogeneous distributed agents into a coherent process which can be used to evaluate the security of the system. Multisensor data sensing, or distributed sensing, is a discipline used to combine data from multiple and diverse sensors and sources in order to make inferences about events, activities and situations. Today, common environments consists in large networks of high bandwidth. In these scenarios the amount of data produced by the sensors is extremely large so the efficient processing becomes a critical factor. In this article we propose a framework that aims to achieve the interoperability of the diverse heterogeneous agents that compose the typical infrastructure of a DIDS. Also, we address the alert aggregation and correlation problem proposing an alert processing software pipeline.
Presentado en el XI Workshop Procesamiento Distribuido y Paralelo (WPDP)
Red de Universidades con Carreras en Informática (RedUNCI)
Subject
Ciencias Informáticas
Información
distributed intrusion detection; alert correlation; alert aggregation
Security
Access level
Open access
License
Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5)
Repository
SEDICI (UNLP)
Institution
Universidad Nacional de La Plata
OAI Identifier
oai:sedici.unlp.edu.ar:10915/18645