Title :
An Extensible and Virtualization-Compatible IDS Management Architecture
Author :
Roschke, Sebastian ; Cheng, Feng ; Meinel, Christoph
Author_Institution :
Hasso Plattner Inst. (HPI), Univ. of Potsdam, Potsdam, Germany
Abstract :
Efficient intrusion detection system (IDS) management is a prominent capability for distributed IDS solutions, which makes it possible to integrate and handle different types of sensors or collect and synthesize alerts generated from multiple hosts located in a loosely coupled environment. Extensibility is the main requirement for most of IDS management systems. The concept of virtualization has been introduced into many popular IDS implementations due to the advantage on isolation and fast recovery in case of being compromised. Advanced capability for combining these newly emerged virtual machine (VM) based IDS approaches is another requirement for IDS management. This paper proposes an extensible IDS management architecture based on a new design of event gatherer component. By using the known IDS standard IDMEF and a plug-in concept, the Event gatherer ensures flexibility and compatibility.Experiments are carried out to demonstrate the extensibility and virtualization-compatibility of the proposed IDS management architecture.
Keywords :
security of data; software architecture; virtual machines; event gatherer component design; intrusion detection system management architecture; virtual machine; Conference management; Environmental management; Information security; Intrusion detection; Linux; Protection; Robustness; Sensor systems; Virtual machining; Virtual manufacturing; IDMEF; IDS; IDS Management; VM; Virtualization;
Conference_Titel :
Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-0-7695-3744-3
DOI :
10.1109/IAS.2009.151
