FIDRAN: a flexible intrusion detection and response framework for active networks

Securing communication networks can no longer be ensured by singular and isolated security technologies like Internet firewalls or intrusion detection systems but rather calls for a combination of existing and emerging detection and response mechanisms, e.g. DDoS response mechanisms, anomaly detection, honey pots, etc. Today, most current systems prove to be too static to provide an adequate platform for a constructive teamwork of different security technologies. Therefore, we developed the FIDRAN framework for flexible intrusion detection and response that is based on an underlying active networking environment and that allows to dynamically combining existing and emerging security technologies. FIDRAN follows a highly modular approach that allows to extend the functionality of the framework by the integration of new security modules which are implemented as active networking services, making use of next generation networks capabilities like dynamic distribution and deployment of services on active network nodes. A further advantage of the realization of FIDRAN on top of an active networking environment is the simplification and automation of maintenance work and configuration tasks.