Inter‐organisational intrusion detection using knowledge grid technology

Abstract

PurposeThis paper introduces a solution for employing intrusion detection technology across organisational boundaries by using knowledge grid technology.Design/methodology/approachEmployment of intrusion detection technology is currently limited to inside organisation deployments. By setting up communities, which maintain trust relationships between network nodes anywhere in the internet, security event data, structured into a common XML‐based format, can be exchanged in a secure and reliable manner.FindingsA modular architecture has been developed which provides functionality to integrate different audit data generating applications and share knowledge about incidents, vulnerabilities and countermeasures from all over the internet. A security policy, based on the Chinese Wall Security Policy, ensures the protection of information inserted into the network.Research limitations/implicationsThe solution is currently in a preliminary stage, providing the description of the design only. Implementation as well as evaluation is under development.Practical implicationsTrusting communities everywhere in the internet will be brought into being so that people may establish trust relationships between each other. Participants may decide themselves whom they trust as a source for security‐related information rather than depending on centralised approaches.Originality/valueNo approach is known combining the two technologies – intrusion detection and grid – as described in this paper. The decentralised, peer‐to‐peer based grid approach together with the introduction of trust relationships and communities results in a new way of thinking about distributing security audit data.