Welcome to Journal of University of Chinese Academy of Sciences,Today is

›› 2005, Vol. 22 ›› Issue (2): 202-209.DOI: 10.7523/j.issn.2095-6134.2005.2.013

Previous Articles     Next Articles

A Study on Information Exchange and Cooperation in Distributed Intrusion Detection Systems

LIAN Yi-Feng   

  1. State Key Laboratory of Information Security(Graduate School of the Chinese Ac ademy of Sciences), Beijing 100049, China
  • Received:2004-05-11 Online:2005-03-15

Abstract:

Information exchange and cooperation between components acts as the key problem of distributed intrusion detection system.According to DIDS based on Hierarchical Cooperation Model (HCM), we analyze the requirements of information exchange between detection components in this model.We present the Extended Intrusion Detection Message Exchange Format (EIDMEF)to provide a standard description format which contributes to efficient information exchange and cooperation, such as reporting intrusion incidents, collecting audit data,performing cooperative detection and activating distributed responses to intrusive behaviors.Workflows of information exchange and processing procedure in this model when confronted with different kinds of intrusions are also depicted in detail.

Key words: Distributed Intrusion Detection, Extended Intrusion DetectionMessage Exchange Format , Hierarchical Cooperation Model

CLC Number: