|
Abstract : |
As intrusions and other attacks become more widespread and more sophisticated, it becomes beyond the scope of any one intrusion detection and response (ID&R) system to deal with them. The need thus arises for systems to cooperate with one another, to manage diverse attacks across networks and time. Heretofore, efforts toward "cooperation " have focused primarily on homogeneous components, with little if any attention toward standardization. In this paper, we discuss the efforts of the Common Intrusion Detection Framework (CIDF) working group in designing a framework in which ID&R systems may cooperate with one another. We consider the issues involved in standardizing formats, protocols, and architectures to co-manage intrusion detection and response systems, and compare the strengths and weaknesses of previous approaches. We examine various ways that these systems and their components may be connected and related. We conclude with an overview of CIDF's current approach to providing a common intrusion specification language. The work presented in this paper is currently funded by a lot of nice people. Draft submission to a nice publication 0 of 17, |
