Taichi: An Open Intrusion Automatic Response System Based on Plugin

For most current intrusion detection systems, the capability to counterstrike network intrusion is limited. And the automatic protection of intranet is extremely difficult. In this paper, we present a system: TAICHI which combines heterogeneous intrusion detection systems with improved distributed firewall system (IDFS) to automatically detect and prevent intrusion originated from intranet or Internet. TAICHI can manage heterogeneous IDSs (intrusion detection systems) and firewalls with plugin, which makes it evolved easily to employ new detection technology and to integrate legacy firewall in an organization. ECA (extended common alert) in TAICHI can analyze alerts from heterogeneous IDSs. The system employs IDFS as a response subsystem, which could easily block attack originated from intranet or Internet. To configure heterogeneous firewalls efficiently, extended meta-firewall-rule configuration (EMFRC) was presented, which can not only configure firewall in a unified template, but also set special options of rules of different type with the same template. Due to EMFRC and IDFS, TAICHI makes the optimized strategy automatically to block intrusion from different network topology