Abstract
Intrusion Detection System (IDS) management is an important component for most distributed IDS solutions. One of the main requirements is extensibility, which enables the integration of different types of IDS sensors as well as the deployment in different kinds of environments. Lock-Keeper is a simple implementation of the high level security idea, “Physical Separation”. It works as a sluice to exchange data between two networks without having to establish a direct and physical connection. To enhance the security of the Lock-Keeper system itself, it is necessary to deploy IDS sensors on Lock-Keeper components. This paper proposes an extensible IDS management architecture, which can be easily integrated on the special hardware platform of Lock-Keeper. Unified interface and communication between different integrated IDS sensors are designed using the known IDS standard, IDMEF, and realized as several kinds of plugins, such as handlers, receivers, and senders. A prototype of implementation is presented and some practical experiments are carried out to show the extensibility and applicability of the proposed architecture.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.