TAICHI: AN OPEN INTRUSION AUTOMATIC RESPONSE SYSTEM BASED ON PLUGIN
For most current intrusion detection systems, the capability to counterstrike network intrusion is limited. And the automatic protection of intranet is extremely difficult. In this paper, we present a system: TAICHI which combines heterogeneous intrusion detection systems with improved distributed firewall system (IDFS) to automatically detect and prevent intrusion originated from intranet or internet. TAICHI can manage heterogeneous IDSs (intrusion detection systems) and firewalls with plugin, which makes it evolved easily to employ new detection technology and to integrate legacy firewall in an organization. ECA (extended common alert) in TAICHI can analyze alerts from heterogeneous IDSs. The system employs IDFS as a response subsystem, which could easily block attack originated from intranet or internet. To configure heterogeneous firewalls efficiently, extended meta-firewall-rule con-figuration (EMFRC) was presented, which can not only con-figure firewall in a unified template, but also set special options of rules of different type with the same template. Due to EMFRC and IDFS, TAICHI makes the optimized strategy automatically to block intrusion from different network topology.
Automatic intrusion response Heterogeneous Improved Distributed Firewall extended meta-firewall-rule configuration
HONG HAN XIAN-LIANG LU LI-YONG REN BO CHEN
College of Computer Science and Engineering, University of Electronic Science and Technology of China,Chengdu, 610054
国际会议
2006 International Conference on Machine Learning and Cybernetics(IEEE第五届机器学习与控制论坛)
大连
英文
66-77
2006-08-13(万方平台首次上网日期,不代表论文的发表时间)