An Eztensible and Virtualization-Compatible IDS Management Architecture
Efficient Intrusion Detection System (IDS) management is a prominent capability for distributed IDS solutions, which makes it possible to integrate and handle different types of sensors or collect and synthesize alerts generated from multiple hosts located in a loosely coupled environment. Extensibility is the main requirement for most of IDS management systems. The concept of virtualization has been introduced into many popular IDS implementations due to the advantage on isolation and fast recovery in case of being compromised. Advanced capability for combining these newly emerged Virtual Machine (VM) based IDS approaches is another requirement for IDS management. This paper proposes an extensible IDS management architecture based on a new design of Event Gatherer component. By using the known IDS standard IDMEF and a plugin concept, the Event Gatherer ensures fiexibility and compatibility. Experiments are carried out to demonstrate the extensibility and virtualizationcompatibility of the proposed IDS management architecture.
IDS IDS Management VM virtualization IDMEF
Sebastian Roschke Feng Cheng Christoph Meinel
Hasso Plattner Institute (HPI),University of Potsdam P.O.Box 900460,14440,Potsdam,Germany
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
130-134
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)