Hi-DRA: Intrusion Detection for Internet Security

Intrusion detection systems monitor computer networks looking for evidence of malicious actions. Networks are complex systems, and a comprehensive intrusion detection solution has to be able to manage event streams with different content,speed, level of abstraction, and accessibility. Therefore, it is necessary to distribute intrusion detection sensors across multiple protected networks, manage their configuration as the security posture of the networks changes, and process the results of their analysis so that a high-level picture of the security state of the network can be provided to the administrators. This paper presents Hi-DRA, a network surveillance, analysis, and response system for high-speed WANs. The system provides a framework for the modular development of intrusion detection sensors in heterogeneous, high-speed environments. In addition, the system provides an infrastructure that supports the dynamic configuration of the sensors and the collection and interpretation of their results. The system, as a whole,is able to provide fine-grained monitoring across WANs and, at the same time,is able to correlate the results of the analysis of the different sensors into a high-level expressive description of security violations.