Jang Jeong Sug , Jeon Yong Hui , Jang Jong Su , Son Seung Won

The KIPS Transactions:PartC, Vol. 10, No. 6, pp. 727-738, Oct. 2003
10.3745/KIPSTC.2003.10.6.727,   PDF Download:

Abstract

Much research efforts are being exerted for the study of intrusion detection system(IDS). However little work has been done for the communication models and performance evaluation of the IDS. Here we present a communication framework for doing hybrid intrusion detection in which agents are used for local intrusion detections with a centralized data analysis components for a global intrusion detection at multiple domains environment. We also assume the combination of host-based and network-based intrusion detection systems in the overall framework. From the local domain, a set of information such as alert, and/or log data are reported to the upper level. At the root of the hierarchy, there is a global manager where data coalescing is performed. The global manager delivers a security policy to its lower levels as the result of aggregation and correlation of intrusion detection alerts. In this paper, we model the communication mechanisms for the hybrid IDS and develop a simulator using OPNET modeller for the performance evaluation of transmission capabilities for the delivery of data and policy. We present and compare simulation results based on several scenarios focusing on communication delay.

Statistics
Cite this article