A WS-Based Infrastructure for Integrating Intrusion Detection Systems in Large-Scale Environments

  • José Eduardo M. S. Brandão
  • Joni da Silva Fraga
  • Paulo Manoel Mafra
  • Rafael R. Obelheiro
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4275)


The growing need for information sharing among partnering organizations or members of virtual organizations poses a great security challenge. One of the key aspects of this challenge is deploying intrusion detection systems (IDS) that can operate in heterogeneous, large-scale environments. This is particularly difficult because the different networks involved generally use IDSs that have not been designed to work in a cooperative fashion. This paper presents a model for integrating intrusion detection systems in such environments. The main idea is to build compositions of IDSs that work as unified systems, using a service-oriented architecture (SOA) based on the Web Services technology. The necessary interoperability among the elements of the compositions is achieved through the use of standardized specifications, mainly those developed by IETF, W3C and OASIS . Dynamic compositions are supported through service orchestration. We also describe a prototype implementation of the proposed infrastructure and analyze some results obtained through experimentation with this prototype.


Intrusion Detection Intrusion Detection System Simple Object Access Protocol Service Orchestration Internet Draft 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    W3C: Web Services Architecture. W3C Working Group Note 11 (2004)Google Scholar
  2. 2.
    Peltz, C.: Web services orchestration and choreography. IEEE Computer 36(10), 46–52 (2003)CrossRefGoogle Scholar
  3. 3.
    Wang, H., Huang, J.Z., Qu, Y., Xie, J.: Web Services: problems and future directions. Web Semantics: Science, Services and Agents on the World Wide Web 1(3), 309–320 (2004)CrossRefGoogle Scholar
  4. 4.
    Esfandiari, B., Tosic, V.: Towards a Web Service composition management framework. In: Proceedings of IEEE International Conference on Web Services (ICWS 2005), pp. 419–426. IEEE, Los Alamitos (2005)Google Scholar
  5. 5.
    Austin, D., Babir, A., Peters, E., Ross-Talbot, S.: Web services choreography requirements. W3c working draft 11, W3C (2004)Google Scholar
  6. 6.
    Andrews, T., Curbera, F., Goland, Y., Klein, Y., Leymann, F., Roller, D., Weerawarana, S.: Business Process Execution Language for Web Services (2003) Version 1.1(May 5, 2003)Google Scholar
  7. 7.
    OASIS: Business Process Execution Language for Web Services (2005) Version 2.0 - Committee Draft (September 01, 2005)Google Scholar
  8. 8.
    Vambenepe, W., Thompson, C., Talwar, V., Rafaeli, S., Murray, B., Milojicic, D., Iyer, S., Farkas, K., Arlitt, M.: Dealing with scale and adaptation of global web services management. In: Proceedings of IEEE International Conference on Web Services (ICWS 2005), pp. 339–346. IEEE, Los Alamitos (2005)CrossRefGoogle Scholar
  9. 9.
    Teo, L., Zheng, Y., Ahn, G.J.: Intrusion Detection Force: An infrastructure for Internet-scale intrusion detection. In: First IEEE International Information Assurance Workshop (IWIA 2003), Germany, pp. 73–88 (2003)Google Scholar
  10. 10.
    Tolba, M., Abdel-Wahab, M., Taha, I., Al-Shishtawy, A.: GIDA: Toward Enabling Grid Intrusion Detection Systems. In: 5th IEEE International Symposium on Cluster Computing and the Grid (2005)Google Scholar
  11. 11.
    Leu, F.Y., Lin, J.C., Li, M.C., Yang, C.T., Shih, P.C.: Integrating Grid with intrusion detection. In: Proceedings of AINA 2005, pp. 304–309 (2005)Google Scholar
  12. 12.
    Bass, T.: Service-oriented horizontal fusion in distributed coordination-based systems. In: IEEE MILCOM 2004 (2004)Google Scholar
  13. 13.
    Debar, H., Curry, D., Feinstein, B.: The intrusion detection message exchange format. Internet Draft draft-ietf-idwg-idmef-xml-16, IETF (2006)Google Scholar
  14. 14.
    Feinstein, B., Matthews, G., White, J.: The Intrusion Detection Exchange Protocol (IDXP). Internet Draft draft-ietf-idwg-beep-idxp-07, IETF (2002)Google Scholar
  15. 15.
    Keeni, G., Danyliw, R., Demchenko, Y.: Requirements for the format for incident information exchange (FINE). Internet Draft draft-ietf-inch-requirements-08.txt, IETF (2006)Google Scholar
  16. 16.
    Danyliw, R., Meijer, J., Demchenko, Y.: The Incident Object Description Exchange Format data model and XML implementation. Internet Draft draft-inch-ietf-iodef-08.txt, IETF (2006)Google Scholar
  17. 17.
    Bray, T., Paoli, J., Sperberg-McQueen, C.M.: Extensible Markup Language (XML) 1.0. W3C Recommendation, 3rd edn. (2004)Google Scholar
  18. 18.
    Wood, M., Erlinger, M.: Intrusion Detection Message Exchange Requirements. Internet Draft draft-ietf-idwg-requirements-10, IETF (2002)Google Scholar
  19. 19.
    Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the DOMINO overlay system. In: NDSS, San Diego, California, USA, The Internet Society (2004)Google Scholar
  20. 20.
    Vigna, G., Valeur, F., Kemmerer, R.A.: Designing and implementing a family of intrusion detection systems. In: Proceedings of the 9th European Software Engineering Conference, Helsinki, Finland, pp. 88–97 (2003)Google Scholar
  21. 21.
    Park, S., Kim, K., Jang, J., Noh, B.: Supporting interoperability to heterogeneous IDS in secure networking framework. In: The 9th Asia-Pacific Conference on Communications (APCC 2003), vol. 2(21-24), pp. 844–848 (2003)Google Scholar
  22. 22.
    Brand’́ao, J.E., Mafra, P.M., Fraga, J.S.: A new approach for IDS composition. In: Proceedings of the IEEE International Conference on Communications (ICC 2006). IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  23. 23.
    W3C: Soap version 1.2. W3C World Wide Web Consortium (2003)Google Scholar
  24. 24.
    OASIS: UDDI Version 3.0.2. OASIS UDDI Spec Technical Committee Draft (2004)Google Scholar
  25. 25.
    W3C: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language. W3C Working Draft (2005)Google Scholar
  26. 26.
    Lonvick, C.: The BSD Syslog protocol. Request for Comments 3164, Internet Engineering Task Force (2001)Google Scholar
  27. 27.
    OASIS: Web services security: SOAP message security 1.0 (2004),
  28. 28.
    Imamura, T., Dillaway, B., Simon, E.: XML Encryption syntax and processing. W3c recommendation, W3C (2002)Google Scholar
  29. 29.
    Eastlake, D., Reagle, J., Solo, D.: (Extensible Markup Language) XML-Signature syntax and processing. Request for Comments 3275, Internet Engineering Task Force (2002)Google Scholar
  30. 30.
    Alessandri, D., Cachin, C., Dacier, M., Deak, O., Julisch, K., Randell, B., Riordan, J., Tscharner, A., Wespi, A., Wüest, C.: Towards a taxonomy of intrusion detection systems and attacks. MAFTIA Deliverable D3, EU Project IST-1999-11583 Malicious- and Accidental-Fault Tolerance for Internet Applications (MAFTIA) Version 1.01 (2001)Google Scholar
  31. 31.
    Axelsson, S.: Intrusion Detection Systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology, SE-412 96 Göteborg, Sweden (2000)Google Scholar
  32. 32.
    Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion detection systems. Computer Networks (Amsterdam, Netherlands: 1999) 31(8), 805–822 (1999)Google Scholar
  33. 33.
    Debar, H., Dacier, M., Wespi, A.: A revised taxonomy for intrusion detection systems. Annales des Telecommunications 55(7–8), 361–378 (2000)Google Scholar
  34. 34.
    McHugh, J.: Intrusion and intrusion detection. International Journal of Information Security 1(1), 14–35 (2001)MATHGoogle Scholar
  35. 35.
    ITU-T: ITU-T recommendation X.509 (1993)Google Scholar
  36. 36.
    OASIS: Web Services Distributed Management: Management Using Web Services (MUWS 1.0) Part 2 - Web Services Distributed Management: Management of Web Services (WSDM-MOWS) 1.0. OASIS Web Services Distributed Management (WSDM) TC (2004)Google Scholar
  37. 37.
    OASIS: Web services base notification 1.3. OASIS Web Services Notification (WSN) TC (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • José Eduardo M. S. Brandão
    • 1
    • 2
  • Joni da Silva Fraga
    • 1
  • Paulo Manoel Mafra
    • 1
  • Rafael R. Obelheiro
    • 1
  1. 1.Universidade Federal de Santa Catarina (UFSC)FlorianópolisBrasil
  2. 2.Instituto de Pesquisa Econômica Aplicada (IPEA), SBS Q.1BrasíliaBrasil

Personalised recommendations