Skip to main content
SpringerLink
Log in

Approach to Enhance the Efficiency of Security Operation Centers to Heterogeneous IDS Landscapes

  • Conference paper
Book cover Critical Information Infrastructures Security

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7722))

Abstract

Critical infrastructures include large scale environments with different platforms and / or platform generations. The maintenance interval of such large scaled, distributed systems to patch vulnerabilities increases with the amount of entities. IDS are necessary to protect the vulnerable system / entity until the patch will be applied to the distributed entity. This paper presents an approach to separate the IDS manager from the rest of an IDS by a standardized IDS parameterization independent of its scope (host based or network based IDS) and vendor. The exchange of the parameterization was integrated via communication modules in three open source IDS to demonstrate the common applicability of the format. An enhanced IDS model of the IETF will be illustrated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Symantec: Threat Report for July 04 - December 04, vol. VII (2005), http://eval.veritas.com/mktginfo/enterprise/white_papers/ent-whitepaper_symantec_internet_security_threat_report_vii.pdf (last visit May 20, 2007)

  2. Baker, M.: Security Basics (March 09, 2006), http://impact.asu.edu/cse494sp09/SecurityBasics.ppt (last visit: March 09, 2012)

  3. Broad, W.J., Sanger, D.E.: Iran Reports a Major Setback at a Nuclear Power Plant (February 25, 2011), http://www.nytimes.com/2011/02/26/world/middleeast/26nuke.html?_r=2 (last visit: April 21, 2012)

  4. Sternstein, A.: Hackers manipulated railway computers, TSA memo says (January 23, 2012), http://www.nextgov.com/nextgov/ng_20120123_3491.php?oref=topstory (last visit: April 21, 2012)

  5. Clayton, M.: Major cyber attack aimed at natural gas pipeline companies (2012), http://www.csmonitor.com/USA/2012/0505/Alert-Major-cyber-attack-aimed-at-natural-gas-pipeline-companies (last visit: May 13, 2012)

  6. Xiaoyong, L.: An automatic scheme to construct Snort rules from honeypots data. Journal of Systems Engineering and Electronics 16(2), 466–470 (2005)

    Google Scholar 

  7. Danyliw, R., Meijer, J., Demchenko, Y.: The Intrusion Object Description and Exchange Format (IODEF), RfC 5070 (2007), http://www.ietf.org/rfc/rfc5070.txt (last visit April 29, 2012)

  8. Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF), RfC 4765 (2007), http://www.ietf.org/rfc/rfc4765.txt (last visit September 01, 2007)

  9. Wood, M., Erlinger, M.: Intrusion Detection Message Exchange Requirements, RfC 4766 (March 2007), http://www.ietf.org/rfc/rfc4766.txt (last visit September 01, 2007)

  10. Feinstein, B., Matthews, G.: The Intrusion Detection Exchange Protocol (IDXP), RfC 4767 (2007), http://www.ietf.org/rfc/rfc4767.txt (last visit September 01, 2007)

  11. M. Rose: The Blocks Extensible Exchange Protocol Core, RfC 3080 (March 2001), http://www.ietf.org/rfc/rfc3080.txt (last visit September 01, 2007)

  12. Bösch, B.-C.: Intrusion Detection Parameterization Exchange Data Model. In: 35th Jubilee International Convention on Information and Communication Technology, Electronics and Mircoelectronics 2012 (May 2012)

    Google Scholar 

  13. Bösch, B.-C.: Standardized Parameterization of Intrusion Detection Systems. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 1–5 (May 2012)

    Google Scholar 

  14. W3C: Extensible Markup Language (XML) (2011), http://www.w3.org/XML/ (last visit: December 03, 2011)

  15. Bösch, B.-C.: Ein einheitliches Austauschformat zum Parametrisieren verschiedener IDS. In: UpTimes of German UNIX User Group Frühjahresfachgespräche 2012, pp. 51–59 (March 2012)

    Google Scholar 

  16. Bösch, B.-C.: Intrusion Detection Parameterization Exchange Format (unpublished 2011)

    Google Scholar 

  17. SNORT, http://www.sort.org (last visit: December 03, 2011)

  18. Samhain: http://la-samhna.de/ (last visit: December 03, 2011)

  19. OSSec, http://www.ossec.net (last visit: December 03, 2011)

  20. Bro, http://www.bro-ids.org (last visit: December 03, 2011)

Download references

Author information

Authors and Affiliations

  1. Faculty II - Department of Computing Science, System Software and Distributed Systems Group, Carl-von-Ossietzky-University Oldenburg, Uhlhornsweg, Building A4, 26111, Oldenburg, Germany

    Björn-C. Bösch

Authors
  1. Björn-C. Bösch
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hochschule Luzern - Technik und Architektur, CEO Acris GmbH, Bodenhofstrasse 29, 6005 Luzern, Switzerland and Gjøvik University College, Teknologivegen 22, 2815, Gjøvik, Norway

    Bernhard M. Hämmerli

  2. Faculty of Computer Science and Media Technology, Gjøvik University College, Teknologivegen 22, 2815, Gjøvik, Norway

    Nils Kalstad Svendsen

  3. Department of Computer Science, E.T.S. Ingenieria Informatica, University of Malaga, Campus de Teatinos s/n, 29071, Malaga, Spain

    Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bösch, BC. (2013). Approach to Enhance the Efficiency of Security Operation Centers to Heterogeneous IDS Landscapes. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol 7722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41485-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41485-5_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41484-8

  • Online ISBN: 978-3-642-41485-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation