Phil Porras, Dan Schnackenberg, Stuart Staniford-Chen, Maureen Stillman, and Felix Wu. The common intrusion detection framework architecture. Web page at http://www.gidos.org/drafts/architecture.txt, May 2001. 126  Home/Search   Document Not in Database   Summary   Related Articles   Check

....the distinction between the data collection and data analysis steps. Conceptually, this distinction is useful for analysis and for reasoning about the intrusion detection process. Its usefulness has been shown in efforts to model the intrusion detection process [7] and intrusion detection systems [111]. In practice, essentially every intrusion detection system has followed this separation by making data collection and analysis two distinct steps separated in time and often in space. However, this separation has the following shortcomings: It creates a window of time between the generation ....

Phil Porras, Dan Schnackenberg, Stuart Staniford-Chen, Maureen Stillman, and Felix Wu. The common intrusion detection framework architecture. Web page at http://www.gidos.org/drafts/architecture.txt, May 2001. 126

....of discrete components which communicate via message passing. Four kinds of components (i.e. event generators, event analyzers, event databases, and response units) are envisaged, and an architecture, a Common Intrusion Specification Language (CISL) and a layered communication model are provided [4, 7, 14, 20]. Similar to CIDF, the IETF Intrusion Detection Exchange Format working group (IDWG) is to define data formats and exchange procedures for sharing information among heterogeneous IDSs and management systems from different vendors [5] Both CIDF and IDWG are studying how to make IDSs and ....

P. Porras, D. Schnackenberg, S. Staniford-Chen, M. Stillman, and F. Wu. The common intrusion detection framework architecture. http://seclab.cs.ucdavis.edu/cidf/draft.txt, 1998.

.... intrusions or intrusions distributed across a set of hosts and network elements [2, 5, 9] Common Intrusion Detection Framework (CIDF) is the result of an on going work that aims at enabling different intrusion detection and response (IDR) components to interoperate and share information [1, 4, 5, 11, 13]. The CIDF working group was formed as a collaboration among DARPA funded IDR projects. Although CIDF provides an infrastructure and language support that allows an IDR component to understand the information that is sent by a remote IDR component, it does not contain a facility for an IDR ....

....using S patterns. Section 4 discusses some implementation issues involved in the deployment of the request facility. Section 5 concludes this paper and points out some future research directions. 2 Background CIDF is a framework that aims at interoperation and software reuse among IDR systems [1, 4, 5, 11, 13]. CIDF views IDR systems as consisting of discrete components that communicate via message passing. Four kinds of IDR components are envisaged: Event Generators (E boxes) Event Analyzers (A boxes) Event Databases (D boxes) and Response Units (R boxes) An event generator obtains events from the ....

P. Porras, D. Schnackenberg, S. StanifordChen, M. Stillman, and F. Wu. The common intrusion detection framework architecture. http://seclab.cs.ucdavis.edu/cidf/draft.txt, 1998.

....Malicious and Accidental Fault Tolerance for Internet Applications 28 1999] which clearly go beyond just detection. The notion that an IDS might include more than just detection, but also the actions triggered by detection, also appears in the Common Intrusion Detection Framework (CIDF) Porras et al.] This framework, which we will re visit later in this chapter, defines the notion of response units , that take inputs from other CIDF components to carry out some kind of action . on their behalf, including] such things as killing processes, resetting connections, altering file ....

....detection, that of gathering information about new forms of attack, for which new defences will need to be devised. 4. 2 Intrusion detection model We present a model of intrusion detection systems according to function, derived as a refinement of the Common Intrusion Detection Framework (CIDF) Porras et al.] When possible, we use the language of the CIDF although some refinement has been necessary. We additionally address issues of channels between components. The CIDF classifies components of an intrusion detection system into four different categories. We recap briefly: An e box, or event ....

[Article contains additional citation context not shown here]

P. Porras, D. Schnackenberg, S. Staniford-Chen and M. Stillman, "The Common Intrusion Detection Framework Architecture", CIDF working group, http://www.gidos.org/drafts/architecture.txt , (accessed: 5 September, 2001).

....in the attack and correlate the events in near real time. Kumar [11] lists shortcomings of intrusion detection systems. Viewed in a di erent way, the shortcomings provide a list of desirable features in an intrusion detection system. Generic Architecture. The Common Intrusion Detection Framework [18] (CIDF) speci es a generic architecture for an intrusion detection system and classi es the components of an intrusion detection system. A system of distributed mobile agents implements the intrusion detection system in a exible way compatible with the CIDF architecture. E ciency. A distributed ....

Phil Porras, Dan Schnackenberg, Stuart Staniford-Chen, Maureen Stillman, and Felix Wu. The common intrusion detection framework architecture. Online, 1999. http://www.gidos.org/drafts/ architecture.txt.

No context found.

P. Porras, D. Schnackenberg, S. Staniford-Chen, M. Stillman, and F. Wu. The common intrusion detection framework architecture. http://www.gidos.org/drafts/architecture.txt, 1998.

No context found.

P. Porras, D. Schnackenberg, S. Staniford-Chen, M. Stillman, and F. Wu. The common intrusion detection framework architecture. http://www.gidos.org/drafts/architecture.txt, 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC