• DocumentCode
    3296703
  • Title

    Policy-controlled event management for distributed intrusion detection

  • Author

    Kreibich, Christian ; Sommer, Robin

  • Author_Institution
    Comput. Lab., Cambridge Univ., UK
  • fYear
    2005
  • fDate
    6-10 June 2005
  • Firstpage
    385
  • Lastpage
    391
  • Abstract
    A powerful strategy in intrusion detection is the separation of surveillance mechanisms from a site´s policy for processing observed events. The Bro intrusion detection system has been using the notion of policy-neutral events as the basic building blocks for the formulation of a site´s security policy since its conception. A recent addition to the system is the ability to exchange events with other Bro peers to allow distributed detection. In this paper we extend Bro´s existing event model to fulfill the requirements of scalable policy-controlled distributed event management, including mechanisms for event publication, subscription, processing, propagation, and correlation.
  • Keywords
    distributed processing; security of data; surveillance; Bro intrusion detection system; correlation; distributed intrusion detection; event publication; policy-controlled event management; policy-neutral event; processing; propagation; subscription; surveillance mechanism; Communication system security; Computer science; Event detection; Intrusion detection; Laboratories; Peer to peer computing; Power system management; Power system security; Probes; Surveillance;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Distributed Computing Systems Workshops, 2005. 25th IEEE International Conference on
  • Print_ISBN
    0-7695-2328-5
  • Type

    conf

  • DOI
    10.1109/ICDCSW.2005.112
  • Filename
    1437201
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3296703