GlobalGuard: creating the IETF-IDWG Intrusion Alert Protocol (IAP)

Author

Betser, J. ; Walther, A. ; Erlinger, M. ; Buchheim, T. ; Feinstein, B. ; Matthews, G. ; Pollock, R. ; Levitt, K.

Author_Institution

Aerosp. Corp., USA

Volume

1

fYear

2001

fDate

2001

Firstpage

22

Abstract

This paper describes the design, specification, and implementation of the Internet Engineering Task Force (IETF) Intrusion Detection Working Group (IDWG) Intrusion Alert Protocol (IAP). IAP seeks to facilitate the ubiquitous interoperability of intrusion detection components across Internet enterprises. This capability is critical for intrusion detection for large networks. The IETF IDWG was inspired by the DARPA CIDF activity. The IETF engineering process is described in the context of GlobalGuard IAP. The IETF requirements of IAP are described, followed by the detailed operation of IAP in the context of a specific implementation that was developed and demonstrated at the December 2000 IETF meeting. Current and future challenges facing the IETF IDWG IAP are described. Some proposed directions for this activity are presented, such as the possible incorporation of the BEEP protocol in the future

Keywords

Internet; computer network management; open systems; security of data; supervisory programs; BEEP protocol; GlobalGuard; IETF-IDWG intrusion alert protocol; Internet Engineering Task Force; Internet enterprises; Intrusion Detection Working Group; interoperability; intrusion detection components; Aerospace engineering; Contracts; Discussion forums; Educational institutions; Internet; Intrusion detection; Protocols; Research initiatives; Standardization; Subcontracting;

fLanguage

English

Publisher

ieee

Conference_Titel

DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings

Conference_Location

Anaheim, CA

Print_ISBN

0-7695-1212-7

Type

conf

DOI

10.1109/DISCEX.2001.932189

Filename

932189