A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis

Computer Intrusion Detection Systems (IDS) are primarily designed to protect availability, condentiality and integrity of critical information infrastructures. A Distributed IDS (DIDS) consists of several IDS over a large network(s), all of which communicate with each other, with a central server or...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Davicino, Pablo, Echaiz, Javier, Ardenghi, Jorge Raúl
Formato: Objeto de conferencia
Lenguaje:Español
Publicado: 2011
Materias:
Ciencias Informáticas
Security
distributed intrusion detection; alert correlation; alert aggregation
Información
Acceso en línea:http://sedici.unlp.edu.ar/handle/10915/18645
Aporte de:
SEDICI (UNLP) de Universidad Nacional de La Plata
id I19-R120-10915-18645
record_format dspace
institution Universidad Nacional de La Plata
institution_str I-19
repository_str R-120
collection SEDICI (UNLP)
language Español
topic Ciencias Informáticas
Security
distributed intrusion detection; alert correlation; alert aggregation
Información
spellingShingle Ciencias Informáticas
Security
distributed intrusion detection; alert correlation; alert aggregation
Información
Davicino, Pablo
Echaiz, Javier
Ardenghi, Jorge Raúl
A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis
topic_facet Ciencias Informáticas
Security
distributed intrusion detection; alert correlation; alert aggregation
Información
description Computer Intrusion Detection Systems (IDS) are primarily designed to protect availability, condentiality and integrity of critical information infrastructures. A Distributed IDS (DIDS) consists of several IDS over a large network(s), all of which communicate with each other, with a central server or with a cluster of servers that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using cooperative intelligent sensors distributed across the network(s). A significant challenge remains for IDS designers to combine data and information from numerous heterogeneous distributed agents into a coherent process which can be used to evaluate the security of the system. Multisensor data sensing, or distributed sensing, is a discipline used to combine data from multiple and diverse sensors and sources in order to make inferences about events, activities and situations. Today, common environments consists in large networks of high bandwidth. In these scenarios the amount of data produced by the sensors is extremely large so the efficient processing becomes a critical factor. In this article we propose a framework that aims to achieve the interoperability of the diverse heterogeneous agents that compose the typical infrastructure of a DIDS. Also, we address the alert aggregation and correlation problem proposing an alert processing software pipeline.
format Objeto de conferencia
Objeto de conferencia
author Davicino, Pablo
Echaiz, Javier
Ardenghi, Jorge Raúl
author_facet Davicino, Pablo
Echaiz, Javier
Ardenghi, Jorge Raúl
author_sort Davicino, Pablo
title A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis
title_short A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis
title_full A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis
title_fullStr A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis
title_full_unstemmed A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis
title_sort framework for implementing a distributed intrusion detection system (dids) with interoperabilty and information analysis
publishDate 2011
url http://sedici.unlp.edu.ar/handle/10915/18645
work_keys_str_mv AT davicinopablo aframeworkforimplementingadistributedintrusiondetectionsystemdidswithinteroperabiltyandinformationanalysis
AT echaizjavier aframeworkforimplementingadistributedintrusiondetectionsystemdidswithinteroperabiltyandinformationanalysis
AT ardenghijorgeraul aframeworkforimplementingadistributedintrusiondetectionsystemdidswithinteroperabiltyandinformationanalysis
AT davicinopablo frameworkforimplementingadistributedintrusiondetectionsystemdidswithinteroperabiltyandinformationanalysis
AT echaizjavier frameworkforimplementingadistributedintrusiondetectionsystemdidswithinteroperabiltyandinformationanalysis
AT ardenghijorgeraul frameworkforimplementingadistributedintrusiondetectionsystemdidswithinteroperabiltyandinformationanalysis
bdutipo_str Repositorios
_version_ 1764820463149645827

Ejemplares similares