An Extensible and Virtualization-Compatible IDS Management Architecture

Efficient intrusion detection system (IDS) management is a prominent capability for distributed IDS solutions, which makes it possible to integrate and handle different types of sensors or collect and synthesize alerts generated from multiple hosts located in a loosely coupled environment. Extensibility is the main requirement for most of IDS management systems. The concept of virtualization has been introduced into many popular IDS implementations due to the advantage on isolation and fast recovery in case of being compromised. Advanced capability for combining these newly emerged virtual machine (VM) based IDS approaches is another requirement for IDS management. This paper proposes an extensible IDS management architecture based on a new design of event gatherer component. By using the known IDS standard IDMEF and a plug-in concept, the Event gatherer ensures flexibility and compatibility.Experiments are carried out to demonstrate the extensibility and virtualization-compatibility of the proposed IDS management architecture.