Supporting Interoperability to Multi Intrusion Detection System in Secure Networking Framework

摘要

As intrusion and attacks which using the internet become more and more widespread and sophisticated. IDS usually detect intrusions, but these IDS on single host can detect simple attacks using audit trail. With the expansion using of Internet, IDS Developers have been focused on distributed intrusions (attacks) in Large Scale Network Environments. But, it is not easy to detect various types of intrusions, since early developed IDSs analyze audit trails generated by host operating systems, and monitoring just a single host. Therefore, we have made an effort to design and implement IDS which can detect more complex attacks as well as support integrated management through cooperating each other. In the View of Alert Processing we converted raw alert data to Ladon-alert data to support interoperability. We Use IDMEF-compatible Alert Datat Structure. We have worked on developing an integrated IDS on gateway, and Security Control Server on Higher-level class. Then this framework offer cooperative Intrusion Detection, Policy based controlling.