Abstract
This paper describes a distributed application for acquiring events from different equipment in a lightweight fashion. The architecture of the application is fully distributed, and takes advantage of standard tools such as web servers and relational databases. Several prototypes of the application have been deployed in our corporate network to monitor multiple environments. This paper defines the architecture of the distributed application around four axes, ac cording to the interaction they have with the data repository and the outside world. It also defines the kind of information that is stored in the database according to three categories.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Curry, D., H. Debar, and B. Feinstein, ‘The Intrusion Detection Message Exchange Format,’ Internet Draft, work in progress, expires July 8th, 2004.
Date, C., An Introduction to Database Systems, Eighth Edition. Pearson Addison Wesley, ISBN 0321197844, 2003.
Debar, H. and A. Wespi, ‘Aggregation and Correlation of Intrusion-Detection Alerts,’ In: W. Lee, L. Mé, and A. Wespi (eds.): Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), Davis, CA, USA, pp. 85–103, Springer, 2001.
Droms, R., ‘Dynamic Host Configuration Protocol,’ RFC 2131, 1997.
Egevang, K. and P. Francis, ‘The IP Network Address Translator (NAT),’ RFC 1631, 1994.
Morin, B., L. Mé, H. Debar, and M. Ducassé, ‘M2D2: A Formal Data Model for IDS Alert Correlation,’ in: Proceedings of the Fifth International Symposium on Recent Advances in Intrusion Detection (RAID), 2002.
Roesch, M., ‘Snort—Lightweight Intrusion Detection for Networks,’ in: Proceedings of LISA '99, Seattle, Washington, USA, 1999.
Vandorselaere, Y. and L. Oudot, ‘Intrusion Detection System-Hybrid, Distributed and Open-source,’ in: FOSDEM 2003. Bruxelles, Belgium, 2003, http://www.prelude-ids.org/
Viinikka, J. and H. Debar, ‘Monitoring IDS Background Noise Using EWMA Control Charts and Alert Information,’ in: Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Springer-Verlag, 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer
About this paper
Cite this paper
Debar, H., Morin, B., Boissée, V., Guérin, D. (2005). An Infrastructure for Distributed Event Acquisition. In: Kowalik, J.S., Gorski, J., Sachenko, A. (eds) Cyberspace Security and Defense: Research Issues. NATO Science Series II: Mathematics, Physics and Chemistry, vol 196. Springer, Dordrecht. https://doi.org/10.1007/1-4020-3381-8_20
Download citation
DOI: https://doi.org/10.1007/1-4020-3381-8_20
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-3379-7
Online ISBN: 978-1-4020-3381-0
eBook Packages: Computer ScienceComputer Science (R0)