S. Staniford-Chen, B. Tung, and D. Schnackenberg, \The common intrusion detection framework (CIDF)," Information Survivability Workshop, Orlando, FL, October 1998.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....Once these relationships are de ned, data described in one method may be translated to the other. While this may seem like much more e ort than simply de ning standard data formats, the end result is a very powerful data description and interaction system. As described by Staniford Chen, et al. [36], such a description language must have the following attributes: 1. Precision: Multiple readers of the same description must not draw contradictory conclusions from it. 2. Layering: Speci c concepts must be able to be described in terms of general ones. 6 3. Self De ning: It should be ....

S. Staniford-Chen, B. Tung, and D. Schnackenberg, \The common intrusion detection framework (CIDF)," Information Survivability Workshop, Orlando, FL, October 1998.

....for given cost metrics. In our research we study the principles behind these general techniques and develop new approaches according to the cost models specific to IDSs. In intrusion data representation, related work is the IETF Intrusion Detection Exchange Format project [14] and the CIDF effort [30]. 7 Conclusion In this paper, we have outlined the breadth of our research efforts to address important and challenging issues of accuracy, efficiency, and usability of real time IDSs. We have implemented feature extraction and construction algorithms for labeled audit data (i.e. when both ....

S. Staniford-Chen, B. Tung, and D. Schnackenberg. The common intrusion detection framework (cidf). In Proceedings of the Information Survivability Workshop, October 1998.

....for that. And monitoring email content is illegal at least in Finland. However if you want to monitor network trac do give a clear notice. Also talk to your lawyer before setting up any traps or monitors for anything other than intrusions. 5 Future trends There is a standard called CIDF [4][8] being developed for data exchange between the di erent ID components and some standardization for commercial interoperability solutions. Also an IETF working group called Intrusion Detection Exchange Format (idwg) is preparing a similar kind of common intrusion language speci ca10 HY TKTL 2000 ....

Staniford-Chen, S. The common intrusion detection framework (cidf). In the Information Survivability Workshop (1998). 13

....Furthermore, the modular characteristics of the architecture allow it to be easily extended, configured and modified, either by adding new components, or by replacing components when they need to be updated. For example, it should be possible to modify the system to produce messages in CIDF format [23]. The AAFID architecture faces many of the problems that have been traditionally in the realm of distributed systems research, such as scalability, performance and security. Tradeoffs between efficiency, resource consumption and security have to be made, and although we may be able to use results ....

S. Staniford-Chen et al. Common intrusion detection framework. WWW page at http://seclab.cs.ucdavis. edu/cidf/.

....1. Introduction Most current intrusion detection research focuses on detecting and recovering from intrusions on hosts or networks, rather than survivability of the applications running on them. There has recently been effort to enable intrusion detection systems (IDSs) to interoperate [23], but for the most part, current IDSs work in isolation from other IDSs, the applications that they are protecting, and the security managers whose policies they can influence. We have developed a framework, Quality Objects (QuO) for building applications that are aware of their environment and ....

....of intrusions. Let us emphasize that the idea of in1 terfacing uniformly with multiple IDSs at the application level is not to come up with a better IDS, rather to increase the coverage and security of the application. This is complementary to the Common Intrusion Detection Framework (CIDF) effort [23], which is developing a framework for IDS toIDS communication with an aim to perfect the art of intrusion detection. CIDF does not provide any support for application IDS cooperation. Integration of IDSs and other resource managers. IDSs and other managers, such as security policy managers or ....

[Article contains additional citation context not shown here]

S. Staniford-Chen, B. Tung, and D. Schnackenberg. The common intrusion detection framework. In the Information Survivability Workshop, October 1998. Position Paper.

....Furthermore, the modular characteristics of the architecture allow it to be easily extended, con gured and modi ed, either by adding new components, or by replacing components when they need to be updated. For example, it should be possible to modify the system to produce messages in CIDF format [25]. The AAFID architecture faces many of the problems that have been traditionally in the realm of distributed systems research, such as scalability, performance and security. Tradeo s between eciency, resource consumption and security have to be made, and although we may be able to use results from ....

Stuart Staniford-Chen. Common intrusion detection framework. WWW page at http://seclab.cs.ucdavis.edu/cidf/.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC