Approach to Enhance the Efficiency of Security Operation Centers to Heterogeneous IDS Landscapes

  • Björn-C. Bösch
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7722)


Critical infrastructures include large scale environments with different platforms and / or platform generations. The maintenance interval of such large scaled, distributed systems to patch vulnerabilities increases with the amount of entities. IDS are necessary to protect the vulnerable system / entity until the patch will be applied to the distributed entity. This paper presents an approach to separate the IDS manager from the rest of an IDS by a standardized IDS parameterization independent of its scope (host based or network based IDS) and vendor. The exchange of the parameterization was integrated via communication modules in three open source IDS to demonstrate the common applicability of the format. An enhanced IDS model of the IETF will be illustrated.


IDXP Intrusion Detection Standardization Parameterization IDS Management 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Symantec: Threat Report for July 04 - December 04, vol. VII (2005), (last visit May 20, 2007)
  2. 2.
    Baker, M.: Security Basics (March 09, 2006), (last visit: March 09, 2012)
  3. 3.
    Broad, W.J., Sanger, D.E.: Iran Reports a Major Setback at a Nuclear Power Plant (February 25, 2011), (last visit: April 21, 2012)
  4. 4.
    Sternstein, A.: Hackers manipulated railway computers, TSA memo says (January 23, 2012), (last visit: April 21, 2012)
  5. 5.
    Clayton, M.: Major cyber attack aimed at natural gas pipeline companies (2012), (last visit: May 13, 2012)
  6. 6.
    Xiaoyong, L.: An automatic scheme to construct Snort rules from honeypots data. Journal of Systems Engineering and Electronics 16(2), 466–470 (2005)Google Scholar
  7. 7.
    Danyliw, R., Meijer, J., Demchenko, Y.: The Intrusion Object Description and Exchange Format (IODEF), RfC 5070 (2007), (last visit April 29, 2012)
  8. 8.
    Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF), RfC 4765 (2007), (last visit September 01, 2007)
  9. 9.
    Wood, M., Erlinger, M.: Intrusion Detection Message Exchange Requirements, RfC 4766 (March 2007), (last visit September 01, 2007)
  10. 10.
    Feinstein, B., Matthews, G.: The Intrusion Detection Exchange Protocol (IDXP), RfC 4767 (2007), (last visit September 01, 2007)
  11. 11.
    M. Rose: The Blocks Extensible Exchange Protocol Core, RfC 3080 (March 2001), (last visit September 01, 2007)
  12. 12.
    Bösch, B.-C.: Intrusion Detection Parameterization Exchange Data Model. In: 35th Jubilee International Convention on Information and Communication Technology, Electronics and Mircoelectronics 2012 (May 2012)Google Scholar
  13. 13.
    Bösch, B.-C.: Standardized Parameterization of Intrusion Detection Systems. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 1–5 (May 2012)Google Scholar
  14. 14.
    W3C: Extensible Markup Language (XML) (2011), (last visit: December 03, 2011)
  15. 15.
    Bösch, B.-C.: Ein einheitliches Austauschformat zum Parametrisieren verschiedener IDS. In: UpTimes of German UNIX User Group Frühjahresfachgespräche 2012, pp. 51–59 (March 2012)Google Scholar
  16. 16.
    Bösch, B.-C.: Intrusion Detection Parameterization Exchange Format (unpublished 2011)Google Scholar
  17. 17.
    SNORT, (last visit: December 03, 2011)
  18. 18.
    Samhain: (last visit: December 03, 2011)
  19. 19.
    OSSec, (last visit: December 03, 2011)
  20. 20.
    Bro, (last visit: December 03, 2011)

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Björn-C. Bösch
    • 1
  1. 1.Faculty II - Department of Computing Science, System Software and Distributed Systems GroupCarl-von-Ossietzky-University OldenburgOldenburgGermany

Personalised recommendations