Abstract
The growing need for information sharing among partnering organizations or members of virtual organizations poses a great security challenge. One of the key aspects of this challenge is deploying intrusion detection systems (IDS) that can operate in heterogeneous, large-scale environments. This is particularly difficult because the different networks involved generally use IDSs that have not been designed to work in a cooperative fashion. This paper presents a model for integrating intrusion detection systems in such environments. The main idea is to build compositions of IDSs that work as unified systems, using a service-oriented architecture (SOA) based on the Web Services technology. The necessary interoperability among the elements of the compositions is achieved through the use of standardized specifications, mainly those developed by IETF, W3C and OASIS . Dynamic compositions are supported through service orchestration. We also describe a prototype implementation of the proposed infrastructure and analyze some results obtained through experimentation with this prototype.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11914853_71.
Chapter PDF
Similar content being viewed by others
Keywords
- Intrusion Detection
- Intrusion Detection System
- Simple Object Access Protocol
- Service Orchestration
- Internet Draft
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
W3C: Web Services Architecture. W3C Working Group Note 11 (2004)
Peltz, C.: Web services orchestration and choreography. IEEE Computer 36(10), 46–52 (2003)
Wang, H., Huang, J.Z., Qu, Y., Xie, J.: Web Services: problems and future directions. Web Semantics: Science, Services and Agents on the World Wide Web 1(3), 309–320 (2004)
Esfandiari, B., Tosic, V.: Towards a Web Service composition management framework. In: Proceedings of IEEE International Conference on Web Services (ICWS 2005), pp. 419–426. IEEE, Los Alamitos (2005)
Austin, D., Babir, A., Peters, E., Ross-Talbot, S.: Web services choreography requirements. W3c working draft 11, W3C (2004)
Andrews, T., Curbera, F., Goland, Y., Klein, Y., Leymann, F., Roller, D., Weerawarana, S.: Business Process Execution Language for Web Services (2003) Version 1.1(May 5, 2003)
OASIS: Business Process Execution Language for Web Services (2005) Version 2.0 - Committee Draft (September 01, 2005)
Vambenepe, W., Thompson, C., Talwar, V., Rafaeli, S., Murray, B., Milojicic, D., Iyer, S., Farkas, K., Arlitt, M.: Dealing with scale and adaptation of global web services management. In: Proceedings of IEEE International Conference on Web Services (ICWS 2005), pp. 339–346. IEEE, Los Alamitos (2005)
Teo, L., Zheng, Y., Ahn, G.J.: Intrusion Detection Force: An infrastructure for Internet-scale intrusion detection. In: First IEEE International Information Assurance Workshop (IWIA 2003), Germany, pp. 73–88 (2003)
Tolba, M., Abdel-Wahab, M., Taha, I., Al-Shishtawy, A.: GIDA: Toward Enabling Grid Intrusion Detection Systems. In: 5th IEEE International Symposium on Cluster Computing and the Grid (2005)
Leu, F.Y., Lin, J.C., Li, M.C., Yang, C.T., Shih, P.C.: Integrating Grid with intrusion detection. In: Proceedings of AINA 2005, pp. 304–309 (2005)
Bass, T.: Service-oriented horizontal fusion in distributed coordination-based systems. In: IEEE MILCOM 2004 (2004)
Debar, H., Curry, D., Feinstein, B.: The intrusion detection message exchange format. Internet Draft draft-ietf-idwg-idmef-xml-16, IETF (2006)
Feinstein, B., Matthews, G., White, J.: The Intrusion Detection Exchange Protocol (IDXP). Internet Draft draft-ietf-idwg-beep-idxp-07, IETF (2002)
Keeni, G., Danyliw, R., Demchenko, Y.: Requirements for the format for incident information exchange (FINE). Internet Draft draft-ietf-inch-requirements-08.txt, IETF (2006)
Danyliw, R., Meijer, J., Demchenko, Y.: The Incident Object Description Exchange Format data model and XML implementation. Internet Draft draft-inch-ietf-iodef-08.txt, IETF (2006)
Bray, T., Paoli, J., Sperberg-McQueen, C.M.: Extensible Markup Language (XML) 1.0. W3C Recommendation, 3rd edn. (2004)
Wood, M., Erlinger, M.: Intrusion Detection Message Exchange Requirements. Internet Draft draft-ietf-idwg-requirements-10, IETF (2002)
Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the DOMINO overlay system. In: NDSS, San Diego, California, USA, The Internet Society (2004)
Vigna, G., Valeur, F., Kemmerer, R.A.: Designing and implementing a family of intrusion detection systems. In: Proceedings of the 9th European Software Engineering Conference, Helsinki, Finland, pp. 88–97 (2003)
Park, S., Kim, K., Jang, J., Noh, B.: Supporting interoperability to heterogeneous IDS in secure networking framework. In: The 9th Asia-Pacific Conference on Communications (APCC 2003), vol. 2(21-24), pp. 844–848 (2003)
Brand’́ao, J.E., Mafra, P.M., Fraga, J.S.: A new approach for IDS composition. In: Proceedings of the IEEE International Conference on Communications (ICC 2006). IEEE Computer Society Press, Los Alamitos (2006)
W3C: Soap version 1.2. W3C World Wide Web Consortium (2003)
OASIS: UDDI Version 3.0.2. OASIS UDDI Spec Technical Committee Draft (2004)
W3C: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language. W3C Working Draft (2005)
Lonvick, C.: The BSD Syslog protocol. Request for Comments 3164, Internet Engineering Task Force (2001)
OASIS: Web services security: SOAP message security 1.0 (2004), http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
Imamura, T., Dillaway, B., Simon, E.: XML Encryption syntax and processing. W3c recommendation, W3C (2002)
Eastlake, D., Reagle, J., Solo, D.: (Extensible Markup Language) XML-Signature syntax and processing. Request for Comments 3275, Internet Engineering Task Force (2002)
Alessandri, D., Cachin, C., Dacier, M., Deak, O., Julisch, K., Randell, B., Riordan, J., Tscharner, A., Wespi, A., Wüest, C.: Towards a taxonomy of intrusion detection systems and attacks. MAFTIA Deliverable D3, EU Project IST-1999-11583 Malicious- and Accidental-Fault Tolerance for Internet Applications (MAFTIA) Version 1.01 (2001)
Axelsson, S.: Intrusion Detection Systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology, SE-412 96 Göteborg, Sweden (2000)
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion detection systems. Computer Networks (Amsterdam, Netherlands: 1999) 31(8), 805–822 (1999)
Debar, H., Dacier, M., Wespi, A.: A revised taxonomy for intrusion detection systems. Annales des Telecommunications 55(7–8), 361–378 (2000)
McHugh, J.: Intrusion and intrusion detection. International Journal of Information Security 1(1), 14–35 (2001)
ITU-T: ITU-T recommendation X.509 (1993)
OASIS: Web Services Distributed Management: Management Using Web Services (MUWS 1.0) Part 2 - Web Services Distributed Management: Management of Web Services (WSDM-MOWS) 1.0. OASIS Web Services Distributed Management (WSDM) TC (2004)
OASIS: Web services base notification 1.3. OASIS Web Services Notification (WSN) TC (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brandão, J.E.M.S., da Silva Fraga, J., Mafra, P.M., Obelheiro, R.R. (2006). A WS-Based Infrastructure for Integrating Intrusion Detection Systems in Large-Scale Environments. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2006: CoopIS, DOA, GADA, and ODBASE. OTM 2006. Lecture Notes in Computer Science, vol 4275. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11914853_28
Download citation
DOI: https://doi.org/10.1007/11914853_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48287-1
Online ISBN: 978-3-540-48289-5
eBook Packages: Computer ScienceComputer Science (R0)