Skip to main content
SpringerLink
Log in

Designing a Web of Highly-Configurable Intrusion Detection Sensors

  • Conference paper
  • First Online:
Book cover Recent Advances in Intrusion Detection (RAID 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2212))

Included in the following conference series:

Abstract

Intrusion detection relies on the information provided by a number of sensors deployed throughout the monitored network infrastructure. Sensors provide information at different abstraction levels and with different semantics. In addition, sensors range from lightweight probes and simple log parsers to complex software artifacts that perform sophisticated analysis. Managing a configuration of heterogeneous sensors can be a very time-consuming task. Management tasks include planning, deployment, initial configuration, and run-time modifications. This paper describes a new approach that leverages off the STAT model to support a highly configurable sensing infrastructure. The approach relies on a common sensor model, an explicit representation of sensor component characteristics and dependencies, and a shared communication and control infrastructure. The model allows an Intrusion Detection Administrator to express high-level configuration requirements that are mapped automatically to a detailed deployment and/or reconfiguration plan. This approach supports automation of the administrator tasks and better assurance of the effectiveness and consistency of the deployed sensing infrastructure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Roesch, M.: Snort-Lightweight Intrusion Detection for Networks. In: Proceedings of the USENIX LISA’ 99 Conference. (1999)

    Google Scholar 

  2. Neumann, P., Porras, P.: Experience with EMERALD to Date. In: First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California (1999) 73–80

    Google Scholar 

  3. NFR Security: Overview of NFR Network Intrusion Detection System. (2001)

    Google Scholar 

  4. Internet Security Systems: Introduction to RealSecure Version 3.0. (1999)

    Google Scholar 

  5. Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. Master’s thesis, Computer Science Department, University of California, Santa Barbara (1992)

    Google Scholar 

  6. Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. In: Proceedings of the IEEE Symposium on Research on Security and Privacy, Oakland, CA (1993)

    Google Scholar 

  7. Porras, P.: STAT-A State Transition Analysis Tool for Intrusion Detection. Master’s thesis, Computer Science Department, University of California, Santa Barbara (1992)

    Google Scholar 

  8. Vigna, G., Eckmann, S., Kemmerer, R.: The STAT Tool Suite. In: Proceedings of DISCEX 2000, Hilton Head, South Carolina, IEEE Computer Society Press (2000)

    Google Scholar 

  9. Ilgun, K., Kemmerer, R., Porras, P.: State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Transactions on Software Engineering 21 (1995)

    Google Scholar 

  10. Eckmann, S., Vigna, G., Kemmerer, R.: STATL: An Attack Language for Statebased Intrusion Detection. In: Proceedings of the ACM Workshop on Intrusion Detection Systems, Athens, Greece (2000)

    Google Scholar 

  11. Apache 2.0 Documentation. (2001) http://www.apache.org/.

  12. Sun Microsystems, Inc.: Installing, Administering, and Using the Basic Security Module, 2550 Garcia Ave., Mountain View, CA 94043. (1991)

    Google Scholar 

  13. Curry, D., Debar, H.: Intrusion Detection Message Exchange Format: Extensible Markup Language (XML) Document Type Definition. draft-ietf-idwg-idmef-xml-03.txt (2001)

    Google Scholar 

  14. Vigna, G., Kemmerer, R.: NetSTAT: A Network-based Intrusion Detection Approach. In: Proceedings of the 14th Annual Computer Security Application Conference, Scottsdale, Arizona (1998)

    Google Scholar 

  15. Vigna, G., Kemmerer, R.: NetSTAT: A Network-based Intrusion Detection System. Journal of Computer Security 7 (1999) 37–71

    Google Scholar 

  16. Kemmerer, R.: NSTAT: A Model-based Real-time Network Intrusion Detection System. Technical Report TRCS-97-18, Department of Computer Science, UC Santa Barbara (1997)

    Google Scholar 

  17. Durst, R., Champion, T., Witten, B., Miller, E., Spagnuolo, L.: Addendum to “Testing and Evaluating Computer Intrusion Detection Systems”. CACM 42 (1999) 15

    Google Scholar 

  18. Durst, R., Champion, T., Witten, B., Miller, E., Spagnuolo, L.: Testing and Evaluating Computer Intrusion Detection Systems. CACM 42 (1999) 53–61

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Reliable Software Group Department of Computer Science, University of California Santa Barbara, Santa Barbara

    Giovanni Vigna, Richard A. Kemmerer & Per Blix

Authors
  1. Giovanni Vigna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Richard A. Kemmerer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Per Blix
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Georgia Institute of Technology, College of Computing, 801 Atlantic Drive, Atlanta, Georgia, 30332-0280, USA

    Wenke Lee

  2. SUPELEC, BP 28, 35511, Cesson Sevigne Cedex, France

    Ludovic Mé

  3. IBM Research, Zurich Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Andreas Wespi

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Vigna, G., Kemmerer, R.A., Blix, P. (2001). Designing a Web of Highly-Configurable Intrusion Detection Sensors. In: Lee, W., Mé, L., Wespi, A. (eds) Recent Advances in Intrusion Detection. RAID 2001. Lecture Notes in Computer Science, vol 2212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45474-8_5

Download citation

  • DOI: https://doi.org/10.1007/3-540-45474-8_5

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42702-5

  • Online ISBN: 978-3-540-45474-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation