Abstract
ACARM-ng is an extensible, plug-in-based alert correlation framework. It introduces abstractions over correlation, reporting, reaction, gathering data from multiple sources and data storage. ACARM-ng supports real-time reporting, meaning that alerts can be reported while still being correlated. For an administrator, a Web User Interface is provided, to present gathered and correlated data in a consistent way. The system makes use of multi-core architectures and is written in C++.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
ACARM home page (first version) (2009), http://www.acarm.wcss.wroc.pl
ACARM-ng home page (2010), http://www.acarm.wcss.wroc.pl
Adams, J., William J.: Lynn meets with NATO leaders for Cybersecurity Discussions (2010)
AMD Opteron 12-core CPU (2011), http://www.amd.com/us/products/pricing/Pages/server-opteron.aspx
Cuppens, F., Miège, A.: Alert correlation in a cooperative intrusion detection framework. In: IEEE Symposium on Security and Privacy, pp. 202–215 (2002)
Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing 1 (2004)
Gadu-Gadu instant messaging protocol, http://www.gadu-gadu.pl
Debar, H., Curry, D., Feinstein, B.: RFC 4765: The intrusion detection message exchange format (IDMEF) (2007)
Helman, P., Liepins, G., Richards, W.: Foundations of intrusion detection. In: The IEEE Computer Security Foundations Workshop V (1992)
Jabber XMMP-based communicator, http://www.jabber.org
Jones, A.K., Sielken, R.S.: Computer system intrusion detection: A survey. Tech. rep., University of Virginia, Charlottesville, VA (1999)
Ning, P., Cui, Y., Reeves, D.S.: Analyzing Intensive Intrusion Alerts via Correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 74–94. Springer, Heidelberg (2002)
Nova – computing cluster at WCSS, http://www.kdm.wcss.wroc.pl/wiki/Nova
OSSEC – host-based intrusion detection system, http://www.ossec.net
OSSIM – open source security information management, http://www.ossim.net
Postgresql open source database, http://www.postgresql.org
Prelude intrusion detection system, http://www.prelude-technologies.com
Rootkit Hunter project, http://rkhunter.sourceforge.net
Rose, M.: RFC 3080: BEEP – The Blocks Extensible Exchange Protocol (2011)
Snort intrusion detection system, http://www.snort.org
SQLite – server-less, transactional database, http://www.sqlite.org
Sutter, H.: The free lunch is over: a fundamental turn toward concurrency in software (2009)
Wrocław Centre for Networking and Supercomputing, http://www.wcss.wroc.pl
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Balcerek, B., Szurgot, B., Uchroński, M., Waga, W. (2012). ACARM-ng: Next Generation Correlation Framework. In: Bubak, M., Szepieniec, T., Wiatr, K. (eds) Building a National Distributed e-Infrastructure–PL-Grid. Lecture Notes in Computer Science, vol 7136. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28267-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-28267-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28266-9
Online ISBN: 978-3-642-28267-6
eBook Packages: Computer ScienceComputer Science (R0)