Abstract
Intrusion detection relies on the information provided by a number of sensors deployed throughout the monitored network infrastructure. Sensors provide information at different abstraction levels and with different semantics. In addition, sensors range from lightweight probes and simple log parsers to complex software artifacts that perform sophisticated analysis. Managing a configuration of heterogeneous sensors can be a very time-consuming task. Management tasks include planning, deployment, initial configuration, and run-time modifications. This paper describes a new approach that leverages off the STAT model to support a highly configurable sensing infrastructure. The approach relies on a common sensor model, an explicit representation of sensor component characteristics and dependencies, and a shared communication and control infrastructure. The model allows an Intrusion Detection Administrator to express high-level configuration requirements that are mapped automatically to a detailed deployment and/or reconfiguration plan. This approach supports automation of the administrator tasks and better assurance of the effectiveness and consistency of the deployed sensing infrastructure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Roesch, M.: Snort-Lightweight Intrusion Detection for Networks. In: Proceedings of the USENIX LISA’ 99 Conference. (1999)
Neumann, P., Porras, P.: Experience with EMERALD to Date. In: First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California (1999) 73–80
NFR Security: Overview of NFR Network Intrusion Detection System. (2001)
Internet Security Systems: Introduction to RealSecure Version 3.0. (1999)
Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. Master’s thesis, Computer Science Department, University of California, Santa Barbara (1992)
Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. In: Proceedings of the IEEE Symposium on Research on Security and Privacy, Oakland, CA (1993)
Porras, P.: STAT-A State Transition Analysis Tool for Intrusion Detection. Master’s thesis, Computer Science Department, University of California, Santa Barbara (1992)
Vigna, G., Eckmann, S., Kemmerer, R.: The STAT Tool Suite. In: Proceedings of DISCEX 2000, Hilton Head, South Carolina, IEEE Computer Society Press (2000)
Ilgun, K., Kemmerer, R., Porras, P.: State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Transactions on Software Engineering 21 (1995)
Eckmann, S., Vigna, G., Kemmerer, R.: STATL: An Attack Language for Statebased Intrusion Detection. In: Proceedings of the ACM Workshop on Intrusion Detection Systems, Athens, Greece (2000)
Apache 2.0 Documentation. (2001) http://www.apache.org/.
Sun Microsystems, Inc.: Installing, Administering, and Using the Basic Security Module, 2550 Garcia Ave., Mountain View, CA 94043. (1991)
Curry, D., Debar, H.: Intrusion Detection Message Exchange Format: Extensible Markup Language (XML) Document Type Definition. draft-ietf-idwg-idmef-xml-03.txt (2001)
Vigna, G., Kemmerer, R.: NetSTAT: A Network-based Intrusion Detection Approach. In: Proceedings of the 14th Annual Computer Security Application Conference, Scottsdale, Arizona (1998)
Vigna, G., Kemmerer, R.: NetSTAT: A Network-based Intrusion Detection System. Journal of Computer Security 7 (1999) 37–71
Kemmerer, R.: NSTAT: A Model-based Real-time Network Intrusion Detection System. Technical Report TRCS-97-18, Department of Computer Science, UC Santa Barbara (1997)
Durst, R., Champion, T., Witten, B., Miller, E., Spagnuolo, L.: Addendum to “Testing and Evaluating Computer Intrusion Detection Systems”. CACM 42 (1999) 15
Durst, R., Champion, T., Witten, B., Miller, E., Spagnuolo, L.: Testing and Evaluating Computer Intrusion Detection Systems. CACM 42 (1999) 53–61
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vigna, G., Kemmerer, R.A., Blix, P. (2001). Designing a Web of Highly-Configurable Intrusion Detection Sensors. In: Lee, W., Mé, L., Wespi, A. (eds) Recent Advances in Intrusion Detection. RAID 2001. Lecture Notes in Computer Science, vol 2212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45474-8_5
Download citation
DOI: https://doi.org/10.1007/3-540-45474-8_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42702-5
Online ISBN: 978-3-540-45474-8
eBook Packages: Springer Book Archive