| Automated response to intrusions has become a major issue in defending cri tical systems because the traditional network security components run short of cooperation and automation. The system is requested to have the capability to cooperatively react without human intervention. An infrastructure that supports collaboration between security components is critically needed.This paper describes an Intrusion Detection and Isolation Protocol (IDIP) infrastructure which allows easy integration of detection and response components. IDIP is an architecture supporting automated response to intrusions and is organized into two primary protocol layers: the IDIP application layer and the IDIP message layer. After depicting IDIP application layer, this paper primarily discuss a solution to IDIP message layer.In the solution to IDIP message layer, Blocks Extensible Exchange Protocol (BEEP) is used to implement the communication model of IDIP message layer. BEEP is a modular P2P protocol framework designed to simplify and improve the design of network application protocols, when exchanging data between security components, it supports mutual-authentication, integrity, and confidentiality with the help of profiles.In the solution to IDIP message layer, Intrusion Detection Message Exchange Format (IDMEF) is used to implement the message model of IDIP message layer. IDMEF defines data format for sharing information of interest to intrusion detection and response components, and to the management component which may need to interact with them. |
PDF Full Text Request