Sciweavers

ICDCSW
2005
IEEE

Policy-Controlled Event Management for Distributed Intrusion Detection

14 years 3 months ago
Policy-Controlled Event Management for Distributed Intrusion Detection
A powerful strategy in intrusion detection is the separation of surveillance mechanisms from a site’s policy for processing observed events. The Bro intrusion detection system has been using the notion of policy-neutral events as the basic building blocks for the formulation of a site’s security policy since its conception. A recent addition to the system is the ability to exchange events with other Bro peers to allow distributed detection. In this paper we extend Bro’s existing event model to fulfill the requirements of scalable policy-controlled distributed event management, including mechanisms for event publication, subscription, processing, propagation, and correlation.
Christian Kreibich, Robin Sommer
Added 24 Jun 2010
Updated 24 Jun 2010
Type Conference
Year 2005
Where ICDCSW
Authors Christian Kreibich, Robin Sommer
Comments (0)