Skip to main content
SpringerLink
Log in

An Infrastructure for Distributed Event Acquisition

  • Conference paper
Cyberspace Security and Defense: Research Issues

Part of the book series: NATO Science Series II: Mathematics, Physics and Chemistry ((NAII,volume 196))

Abstract

This paper describes a distributed application for acquiring events from different equipment in a lightweight fashion. The architecture of the application is fully distributed, and takes advantage of standard tools such as web servers and relational databases. Several prototypes of the application have been deployed in our corporate network to monitor multiple environments. This paper defines the architecture of the distributed application around four axes, ac cording to the interaction they have with the data repository and the outside world. It also defines the kind of information that is stored in the database according to three categories.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  • Curry, D., H. Debar, and B. Feinstein, ‘The Intrusion Detection Message Exchange Format,’ Internet Draft, work in progress, expires July 8th, 2004.

    Google Scholar 

  • Date, C., An Introduction to Database Systems, Eighth Edition. Pearson Addison Wesley, ISBN 0321197844, 2003.

    Google Scholar 

  • Debar, H. and A. Wespi, ‘Aggregation and Correlation of Intrusion-Detection Alerts,’ In: W. Lee, L. Mé, and A. Wespi (eds.): Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), Davis, CA, USA, pp. 85–103, Springer, 2001.

    Google Scholar 

  • Droms, R., ‘Dynamic Host Configuration Protocol,’ RFC 2131, 1997.

    Google Scholar 

  • Egevang, K. and P. Francis, ‘The IP Network Address Translator (NAT),’ RFC 1631, 1994.

    Google Scholar 

  • Morin, B., L. Mé, H. Debar, and M. Ducassé, ‘M2D2: A Formal Data Model for IDS Alert Correlation,’ in: Proceedings of the Fifth International Symposium on Recent Advances in Intrusion Detection (RAID), 2002.

    Google Scholar 

  • Roesch, M., ‘Snort—Lightweight Intrusion Detection for Networks,’ in: Proceedings of LISA '99, Seattle, Washington, USA, 1999.

    Google Scholar 

  • Vandorselaere, Y. and L. Oudot, ‘Intrusion Detection System-Hybrid, Distributed and Open-source,’ in: FOSDEM 2003. Bruxelles, Belgium, 2003, http://www.prelude-ids.org/

    Google Scholar 

  • Viinikka, J. and H. Debar, ‘Monitoring IDS Background Noise Using EWMA Control Charts and Alert Information,’ in: Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Springer-Verlag, 2004.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. France Télécom R&D, 42 Rue des Coutures, F-14000, Caen, France

    Hervé Debar, Benjamin Morin, Vincent Boissée & Didier Guérin

Authors
  1. Hervé Debar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benjamin Morin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vincent Boissée
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Didier Guérin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Washington, Seattle, WA, USA

    Janusz S. Kowalik

  2. Gdansk University of Technologies, Gdansk, Poland

    Janusz Gorski

  3. Institute of Computer Information Technologies, Ternopil Academy of Economy, Ternopil, Ukraine

    Anatoly Sachenko

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer

About this paper

Cite this paper

Debar, H., Morin, B., Boissée, V., Guérin, D. (2005). An Infrastructure for Distributed Event Acquisition. In: Kowalik, J.S., Gorski, J., Sachenko, A. (eds) Cyberspace Security and Defense: Research Issues. NATO Science Series II: Mathematics, Physics and Chemistry, vol 196. Springer, Dordrecht. https://doi.org/10.1007/1-4020-3381-8_20

Download citation

  • DOI: https://doi.org/10.1007/1-4020-3381-8_20

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-1-4020-3379-7

  • Online ISBN: 978-1-4020-3381-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation