• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.7C
• /
• pp.985-996
• /
• 2004

In order to solve the increasing security problems, IDSs(Intrusion Detection System) have appeared. However, local IDSs have a limit to detect various intrusions in a large-scale network environment. So there are a lot of researches in progress which organize the elements of IDS in a distributed or hierarchical manner. In this paper, we design a integrated IDS which exchanges messages between them through the standardized message format (IDMEF) and communication protocol (IDXP). We also propose a policy profile for an effective control of IDSs, and employ the PKI mechanism for mutual authentication. We implement a prototype system for the proposed IDSs communicating with Snort and analyze its performance.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.565-574
• /
• 2003

This paper implements an intrusion detection message exchange protocol library (IDMEPL) for SDMS-RTIR, which Korea Information Security Agency (KISA) has developed to hierarchically detect and respond to network vulnerability scan attacks. The IDMEPL, based on the IDMEF and the IAP of the IDWG, enables SDMS-RTIR to interact with other intrusion detection systems (IDS) in realtime, and supports the TLS protocol to prevent security threats in exchanging messages between its server and its agents. Especially, with the protocol selection stage, the IDMEPL can support various protocols such as the IDXP besides the IAP. Furthermore, it can allow for agents to choose an appropriate security protocol for their own network, achieving security stronger than mutual authentication. With the IDMEPL, SDMS-RTIR can receive massive intrusion detection messages from heterogeneous IDSes in large-scale networks and analyze them.