Implementing an Intrusion Detection Message Exchange Library for Realtime Interaction between SDMS-RTIR and Heterogeneous Systems


The KIPS Transactions:PartC, Vol. 10, No. 5, pp. 565-574, Oct. 2003
10.3745/KIPSTC.2003.10.5.565,   PDF Download:

Abstract

This paper implements an intrusion detection message exchange protocol library (IDMEPL) for SDMS-RTIR, which Korea Information Security Agency (KISA) has developed to hierarchically detect and respond to network vulnerability scan attacks. The IDMEPL, based on the IDMEF and the IAP of the IDWG, enables SDMS-RTIR to interact with other intrusion detection systems (IDS) in realtime, and supports the TLS protocol to prevent security threats in exchanging messages between its server and its agents. Especially, with the protocol selection stage, the IDMEPL can support various protocols such as the IDXP besides the IAP. Furthermore, it can allow for agents to choose an appropriate security protocol for their own network, achieving security stronger than mutual authentication. With the IDMEPL, SDMS-RTIR can receive massive intrusion detection messages from heterogeneous IDSes in large-scale networks and analyze them.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
Y. I. Seon, L. D. Lyeon, O. E. Sug, "Implementing an Intrusion Detection Message Exchange Library for Realtime Interaction between SDMS-RTIR and Heterogeneous Systems," The KIPS Transactions:PartC, vol. 10, no. 5, pp. 565-574, 2003. DOI: 10.3745/KIPSTC.2003.10.5.565.

[ACM Style]
Yu Il Seon, Lee Dong Lyeon, and O Eun Sug. 2003. Implementing an Intrusion Detection Message Exchange Library for Realtime Interaction between SDMS-RTIR and Heterogeneous Systems. The KIPS Transactions:PartC, 10, 5, (2003), 565-574. DOI: 10.3745/KIPSTC.2003.10.5.565.