Criação e Gerenciamento de Composições de IDSs
Abstract
This paper presents a new approach for building compositions of Intrusion Detection Systems (IDSs), based on the concept of services orchestration. This approach allows the creation of more cooperative, flexible and adequate IDSs to distributed systems, mainly those formed by wide-scale networks like Internet. IDSs and their components are combined using a service-oriented architecture model based on the Web Services technology. In order to provide the necessary interoperability among the elements of these composed systems, standards efforts, mainly those developed by IETF, W3C and OASIS are used. The paper introduces a services infrastructure that provides support for the creation and the management of IDS compositions.References
Alessandri, D., et al. (2001). Towards a taxonomy of intrusion detection systems and attacks. MAFTIA Deliverable D3, EU Project IST-1999-11583 Malicious-and Accidental-Fault Tolerance for Internet Applications (MAFTIA). Version 1.01.
Andrews, T., et al. (2003). Business Process Execution Language for Web Services. Version 1.1 - 5 May 2003.
Austin, D., et al. (2004). Web services choreography requirements. W3c working draft 11.
Axelsson, S. (2000). Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology, SE-412 96 Göteborg, Sweden.
Bace, R. and Mell P. (2001). Intrusion Detection Systems. NIST Special Publication on Intrusion Detection System.
Bass, T. (2004). Service-oriented horizontal fusion in distributed coordination-based systems. IEEE MILCOM 2004.
Bray, T., Paoli, J., and Sperberg-McQueen, C. M. (2004). Extensible markup language (XML) 1.0 (third edition)”. Technical report, W3C.
Brandão, J. E., Fraga, J. S. , and Mafra, P. M. (2005). Composição de IDSs Usando Web Services. Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg2005). p. 339-342.
Brandão, J. E., Fraga, J. S. , and Mafra, P. M. (2006). A New Approach for IDS Composition. In IEEE International Conference on Communications (ICC 2006), Istambul, Turquia. IEEE.
Danyliw, R., Meijer, J., and Demchenko, Y. (2006). The incident object description exchange format data model and xml implementation. Technical Report draft-inch-ietfiodef-06.txt, IETF Extended Incident Handling WG.
Debar, H., Curry, D., and Feinstein, B. (2006). The intrusion detection message exchange format. Technical Report draft-ietfidwg-idmef-xml-16, IETF.
Debar, H., Dacier, M., and Wespi, A. (2000). A revised taxonomy for intrusion detection systems. Annales des Telecommunications, 55(7–8):361–378.
Eastlake, D., Reagle, J., and Solo, D. (2002). (extensible markup language) xml-signature syntax and processing. Request for Comments 3275, Internet Engineering Task Force.
Esfandiari, B. and Tosic, V. (2005). Towards a web service composition management framework. In proceedings of IEEE International Conference on Web Services (ICWS’05), pages 419–426. IEEE.
Feinstein, B., Matthews, G., and White, J. (2002). The intrusion detection exchange protocol (idxp). Technical Report draft-ietf-idwg-beep-idxp-07, IETF.
Imamura, T., Dillaway, B., and Simon, E. (2002). Xml encryption syntax and processing, w3c recommendation. Technical report, W3C.
ITU-T (1993). ITU-T recommendation x.509.
Keeni, G., Danyliw, R., and Demchenko, Y., (2006). Requirements for the Format for Incident Information Exchange (FINE). Technical Report draft-ietf-inch-requirements-08.txt, IETF.
Leu, F.-Y., et al.. (2005). Integrating grid with intrusion detection. In AINA, pages 304–309.
McHugh, J. (2001). Intrusion and intrusion detection. Int. J. Inf. Sec., 1(1):14–35.
OASIS (2004a). UDDI version 3.0.2. OASIS UDDI Spec Technical Committee Draft.
OASIS (2004b). Web Services distributed management: Management using Web Services (muws 1.0) part 2 - Web Services distributed management: Management of Web Services (wsdm-mows) 1.0. OASIS Web Services Distributed Management (WSDM) TC.
OASIS (2004c). Web Services security: SOAP message security 1.0. [link].
OASIS (2005a) Business Process Execution Language for Web Services. Version 2.0 - Committee Draft, 01 September 2005.
OASIS (2005b). Web Services Base Notification 1.3. OASIS Web Services Notification (WSN) TC.
Park, S., Kim, K., Jang, J., and Noh B. (2003). Supporting Interoperability to Heterogeneous IDS in Secure Networking Framework. APCC Communications, 2(21-24):844 – 848.
Peltz, C. (2003). Web Services orchestration and choreography. IEEE Computer, 36(10):46–52.
Reagle, J. (2000). XML signature requirements. Request for Comments 2807, Internet Engineering Task Force.
Reagle, J. (2002). Xml encryption requirements. Note 04, W3C.
Teo, L., Zheng, Y., and Ahn, G.-J. (2003). Intrusion detection force: An infrastructure for internet-scale intrusion detection. In First IEEE International Information Assurance Workshop (IWIA 2003), pages 73–88, Germany.
Tolba, M., et al. (2005). Gida: Toward enabling grid intrusion detection systems. 5 th IEEE International Symposium on Cluster Computing and the Grid.
Vambenepe, W., et al. (2005). Dealing with scale and adaptation of global Web Services management. In proceedings of IEEE International Conference on Web Services (ICWS’05), pages 339–346. IEEE.
Vigna, G., Valeur, F., and Kemmerer, R. A. (2003). Designing and implementing a family of intrusion detection systems. In ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering, pages 88–97, New York, NY, USA. ACM Press.
W3C (2003). Soap version 1.2. W3C World Wide Web Consortium.
W3C (2004). Web Services Architecture. W3C Working Group Note 11.
W3C (2005). Web Services Description Language (WSDL) version 2.0 part 1: Core language. W3C Working Draft.
Wang, H., Huang, J. Z., Qu, Y., and Xie, J. (2004). Web Services: problems and future directions.
Web Semantics: Science, Services and Agents on the World Wide Web, 1(3):309–320.
Wood, M. and Erlinger, M. (2002). Intrusion detection message exchange requirements. Technical Report draft-ietf-idwg-requirements-10, IETF.
Yegneswaran, V., Barford, P., and Jha, S. (2004). Global intrusion detection in the domino overlay system. In NDSS, San Diego, California, USA. The Internet Society.
Andrews, T., et al. (2003). Business Process Execution Language for Web Services. Version 1.1 - 5 May 2003.
Austin, D., et al. (2004). Web services choreography requirements. W3c working draft 11.
Axelsson, S. (2000). Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology, SE-412 96 Göteborg, Sweden.
Bace, R. and Mell P. (2001). Intrusion Detection Systems. NIST Special Publication on Intrusion Detection System.
Bass, T. (2004). Service-oriented horizontal fusion in distributed coordination-based systems. IEEE MILCOM 2004.
Bray, T., Paoli, J., and Sperberg-McQueen, C. M. (2004). Extensible markup language (XML) 1.0 (third edition)”. Technical report, W3C.
Brandão, J. E., Fraga, J. S. , and Mafra, P. M. (2005). Composição de IDSs Usando Web Services. Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg2005). p. 339-342.
Brandão, J. E., Fraga, J. S. , and Mafra, P. M. (2006). A New Approach for IDS Composition. In IEEE International Conference on Communications (ICC 2006), Istambul, Turquia. IEEE.
Danyliw, R., Meijer, J., and Demchenko, Y. (2006). The incident object description exchange format data model and xml implementation. Technical Report draft-inch-ietfiodef-06.txt, IETF Extended Incident Handling WG.
Debar, H., Curry, D., and Feinstein, B. (2006). The intrusion detection message exchange format. Technical Report draft-ietfidwg-idmef-xml-16, IETF.
Debar, H., Dacier, M., and Wespi, A. (2000). A revised taxonomy for intrusion detection systems. Annales des Telecommunications, 55(7–8):361–378.
Eastlake, D., Reagle, J., and Solo, D. (2002). (extensible markup language) xml-signature syntax and processing. Request for Comments 3275, Internet Engineering Task Force.
Esfandiari, B. and Tosic, V. (2005). Towards a web service composition management framework. In proceedings of IEEE International Conference on Web Services (ICWS’05), pages 419–426. IEEE.
Feinstein, B., Matthews, G., and White, J. (2002). The intrusion detection exchange protocol (idxp). Technical Report draft-ietf-idwg-beep-idxp-07, IETF.
Imamura, T., Dillaway, B., and Simon, E. (2002). Xml encryption syntax and processing, w3c recommendation. Technical report, W3C.
ITU-T (1993). ITU-T recommendation x.509.
Keeni, G., Danyliw, R., and Demchenko, Y., (2006). Requirements for the Format for Incident Information Exchange (FINE). Technical Report draft-ietf-inch-requirements-08.txt, IETF.
Leu, F.-Y., et al.. (2005). Integrating grid with intrusion detection. In AINA, pages 304–309.
McHugh, J. (2001). Intrusion and intrusion detection. Int. J. Inf. Sec., 1(1):14–35.
OASIS (2004a). UDDI version 3.0.2. OASIS UDDI Spec Technical Committee Draft.
OASIS (2004b). Web Services distributed management: Management using Web Services (muws 1.0) part 2 - Web Services distributed management: Management of Web Services (wsdm-mows) 1.0. OASIS Web Services Distributed Management (WSDM) TC.
OASIS (2004c). Web Services security: SOAP message security 1.0. [link].
OASIS (2005a) Business Process Execution Language for Web Services. Version 2.0 - Committee Draft, 01 September 2005.
OASIS (2005b). Web Services Base Notification 1.3. OASIS Web Services Notification (WSN) TC.
Park, S., Kim, K., Jang, J., and Noh B. (2003). Supporting Interoperability to Heterogeneous IDS in Secure Networking Framework. APCC Communications, 2(21-24):844 – 848.
Peltz, C. (2003). Web Services orchestration and choreography. IEEE Computer, 36(10):46–52.
Reagle, J. (2000). XML signature requirements. Request for Comments 2807, Internet Engineering Task Force.
Reagle, J. (2002). Xml encryption requirements. Note 04, W3C.
Teo, L., Zheng, Y., and Ahn, G.-J. (2003). Intrusion detection force: An infrastructure for internet-scale intrusion detection. In First IEEE International Information Assurance Workshop (IWIA 2003), pages 73–88, Germany.
Tolba, M., et al. (2005). Gida: Toward enabling grid intrusion detection systems. 5 th IEEE International Symposium on Cluster Computing and the Grid.
Vambenepe, W., et al. (2005). Dealing with scale and adaptation of global Web Services management. In proceedings of IEEE International Conference on Web Services (ICWS’05), pages 339–346. IEEE.
Vigna, G., Valeur, F., and Kemmerer, R. A. (2003). Designing and implementing a family of intrusion detection systems. In ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering, pages 88–97, New York, NY, USA. ACM Press.
W3C (2003). Soap version 1.2. W3C World Wide Web Consortium.
W3C (2004). Web Services Architecture. W3C Working Group Note 11.
W3C (2005). Web Services Description Language (WSDL) version 2.0 part 1: Core language. W3C Working Draft.
Wang, H., Huang, J. Z., Qu, Y., and Xie, J. (2004). Web Services: problems and future directions.
Web Semantics: Science, Services and Agents on the World Wide Web, 1(3):309–320.
Wood, M. and Erlinger, M. (2002). Intrusion detection message exchange requirements. Technical Report draft-ietf-idwg-requirements-10, IETF.
Yegneswaran, V., Barford, P., and Jha, S. (2004). Global intrusion detection in the domino overlay system. In NDSS, San Diego, California, USA. The Internet Society.
Published
2006-08-28
How to Cite
BRANDÃO, José Eduardo M. S.; FRAGA, Joni da Silva; MAFRA, Paulo Manoel.
Criação e Gerenciamento de Composições de IDSs. In: BRAZILIAN SYMPOSIUM ON INFORMATION AND COMPUTATIONAL SYSTEMS SECURITY (SBSEG), 6. , 2006, Santos.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2006
.
p. 152-165.
DOI: https://doi.org/10.5753/sbseg.2006.20946.
