Abstract
Critical infrastructures include large scale environments with different platforms and / or platform generations. The maintenance interval of such large scaled, distributed systems to patch vulnerabilities increases with the amount of entities. IDS are necessary to protect the vulnerable system / entity until the patch will be applied to the distributed entity. This paper presents an approach to separate the IDS manager from the rest of an IDS by a standardized IDS parameterization independent of its scope (host based or network based IDS) and vendor. The exchange of the parameterization was integrated via communication modules in three open source IDS to demonstrate the common applicability of the format. An enhanced IDS model of the IETF will be illustrated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Symantec: Threat Report for July 04 - December 04, vol. VII (2005), http://eval.veritas.com/mktginfo/enterprise/white_papers/ent-whitepaper_symantec_internet_security_threat_report_vii.pdf (last visit May 20, 2007)
Baker, M.: Security Basics (March 09, 2006), http://impact.asu.edu/cse494sp09/SecurityBasics.ppt (last visit: March 09, 2012)
Broad, W.J., Sanger, D.E.: Iran Reports a Major Setback at a Nuclear Power Plant (February 25, 2011), http://www.nytimes.com/2011/02/26/world/middleeast/26nuke.html?_r=2 (last visit: April 21, 2012)
Sternstein, A.: Hackers manipulated railway computers, TSA memo says (January 23, 2012), http://www.nextgov.com/nextgov/ng_20120123_3491.php?oref=topstory (last visit: April 21, 2012)
Clayton, M.: Major cyber attack aimed at natural gas pipeline companies (2012), http://www.csmonitor.com/USA/2012/0505/Alert-Major-cyber-attack-aimed-at-natural-gas-pipeline-companies (last visit: May 13, 2012)
Xiaoyong, L.: An automatic scheme to construct Snort rules from honeypots data. Journal of Systems Engineering and Electronics 16(2), 466–470 (2005)
Danyliw, R., Meijer, J., Demchenko, Y.: The Intrusion Object Description and Exchange Format (IODEF), RfC 5070 (2007), http://www.ietf.org/rfc/rfc5070.txt (last visit April 29, 2012)
Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF), RfC 4765 (2007), http://www.ietf.org/rfc/rfc4765.txt (last visit September 01, 2007)
Wood, M., Erlinger, M.: Intrusion Detection Message Exchange Requirements, RfC 4766 (March 2007), http://www.ietf.org/rfc/rfc4766.txt (last visit September 01, 2007)
Feinstein, B., Matthews, G.: The Intrusion Detection Exchange Protocol (IDXP), RfC 4767 (2007), http://www.ietf.org/rfc/rfc4767.txt (last visit September 01, 2007)
M. Rose: The Blocks Extensible Exchange Protocol Core, RfC 3080 (March 2001), http://www.ietf.org/rfc/rfc3080.txt (last visit September 01, 2007)
Bösch, B.-C.: Intrusion Detection Parameterization Exchange Data Model. In: 35th Jubilee International Convention on Information and Communication Technology, Electronics and Mircoelectronics 2012 (May 2012)
Bösch, B.-C.: Standardized Parameterization of Intrusion Detection Systems. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 1–5 (May 2012)
W3C: Extensible Markup Language (XML) (2011), http://www.w3.org/XML/ (last visit: December 03, 2011)
Bösch, B.-C.: Ein einheitliches Austauschformat zum Parametrisieren verschiedener IDS. In: UpTimes of German UNIX User Group Frühjahresfachgespräche 2012, pp. 51–59 (March 2012)
Bösch, B.-C.: Intrusion Detection Parameterization Exchange Format (unpublished 2011)
SNORT, http://www.sort.org (last visit: December 03, 2011)
Samhain: http://la-samhna.de/ (last visit: December 03, 2011)
OSSec, http://www.ossec.net (last visit: December 03, 2011)
Bro, http://www.bro-ids.org (last visit: December 03, 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bösch, BC. (2013). Approach to Enhance the Efficiency of Security Operation Centers to Heterogeneous IDS Landscapes. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol 7722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41485-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-41485-5_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41484-8
Online ISBN: 978-3-642-41485-5
eBook Packages: Computer ScienceComputer Science (R0)