DocumentCode :
3263458
Title :
Enhancing interoperability of security operation center to heterogeneous intrusion detection systems
Author :
Lin, Abe Chin-Ching ; Wong, Hsing-Kuo ; Wu, Tzong-Chen
Author_Institution :
EDBA Program, Nat. Taiwan Univ. of Sci. & Technol., Taiwan
fYear :
2005
fDate :
11-14 Oct. 2005
Firstpage :
216
Lastpage :
221
Abstract :
This study aimed at enhancing the interoperability of a SOC (security operation center) to heterogeneous IDSes (intrusion detection systems) by designing a few EDMEF (intrusion detection message exchange format) templates. The adopted approach based on the specification of IDMEF and the need of incident detection. The resulted templates have two types that are for use of most usual alerts and aggregation of similar alerts respectively. The objectives of these templates are to simplify the usage of IDMEF and to improve the disadvantages originating from un-customized IDMEF. The results support the objectives of this study.
Keywords :
message passing; open systems; security of data; heterogeneous intrusion detection system; incident detection; interoperability; intrusion detection message exchange format; security operation center; Dictionaries; Government; Information management; Information security; Intrusion detection; Large-scale systems; Monitoring; National security; Software; XML;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security Technology, 2005. CCST '05. 39th Annual 2005 International Carnahan Conference on
Print_ISBN :
0-7803-9245-0
Type :
conf
DOI :
10.1109/CCST.2005.1594841
Filename :
1594841
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3263458
بازگشت