Integrating intrusion detection and network management

Author

Qin, Xinzhou ; Lee, Wenke ; Lewis, Lundy ; Cabrera, Jocão B D

Author_Institution

Coll. of Comput., Georgia Inst. of Technol., Atlanta, GA, USA

fYear

2002

fDate

2002

Firstpage

329

Lastpage

344

Abstract

The problems of detecting and resolving performance in distributed systems have become increasingly important and challenging due to the tremendous growth in network-based services. There is a need for a predictive and proactive approach so that appropriate and timely actions can be taken before service disruptions escalate and become widespread. A network management system (NMS) is responsible for monitoring the performance of a network. An intrusion detection system (IDS) is responsible for detecting and responding to intrusions. The current practice is that NMS and IDS are independent to each other in a network. There is little integration and information sharing between the two. We outline an approach to integrate NMS and IDS so that the security capabilities of network management can be enhanced and the performance of IDS can be improved.

Keywords

Internet; security of data; software agents; telecommunication network management; telecommunication security; ID agents; Internet; NMS-IDS integration; distributed denial of service attacks; distributed systems; hierarchical system; intrusion detection system; knowledge base; network management system; network performance monitoring; network security; network-based services; security network management; service disruptions; Computer crime; Computer hacking; Computer network management; Computer networks; Educational institutions; Information security; Intrusion detection; Monitoring; Protection; Technology management;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Operations and Management Symposium, 2002. NOMS 2002. 2002 IEEE/IFIP

Print_ISBN

0-7803-7382-0

Type

conf

DOI

10.1109/NOMS.2002.1015591

Filename

1015591