DocumentCode :
3296703
Title :
Policy-controlled event management for distributed intrusion detection
Author :
Kreibich, Christian ; Sommer, Robin
Author_Institution :
Comput. Lab., Cambridge Univ., UK
fYear :
2005
fDate :
6-10 June 2005
Firstpage :
385
Lastpage :
391
Abstract :
A powerful strategy in intrusion detection is the separation of surveillance mechanisms from a site´s policy for processing observed events. The Bro intrusion detection system has been using the notion of policy-neutral events as the basic building blocks for the formulation of a site´s security policy since its conception. A recent addition to the system is the ability to exchange events with other Bro peers to allow distributed detection. In this paper we extend Bro´s existing event model to fulfill the requirements of scalable policy-controlled distributed event management, including mechanisms for event publication, subscription, processing, propagation, and correlation.
Keywords :
distributed processing; security of data; surveillance; Bro intrusion detection system; correlation; distributed intrusion detection; event publication; policy-controlled event management; policy-neutral event; processing; propagation; subscription; surveillance mechanism; Communication system security; Computer science; Event detection; Intrusion detection; Laboratories; Peer to peer computing; Power system management; Power system security; Probes; Surveillance;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Distributed Computing Systems Workshops, 2005. 25th IEEE International Conference on
Print_ISBN :
0-7695-2328-5
Type :
conf
DOI :
10.1109/ICDCSW.2005.112
Filename :
1437201
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3296703
بازگشت