Intrusion Detection Systems (IDSs) aim at detecting malicious or unauthorized activities targeting a network and its resources. Usually engineered as self-contained applications, current IDSs are limited in protecting collaborative computing environments, like grids, whose security amplifies the concerns about intrusions and motivates advanced organizing paradigms and technical solutions for effective attack detection. We envision a new generation of IDSs defined by a set of services supporting security managers in improving the overall network security. Specifically, we show how to model the ID processes as a set of plans that a security manager may go through on a network of cooperative nodes interacting with one another in order to offer or to ask for services. Services correspond to specialized ID tasks and encapsulate problem solving and simulation capabilities. Complex ID activities are expressed by workflows, the focus being on flexibility, reuse and interoperability of ID services. Some implementation hints are suggested.

A Service Based Approach to a New Generation of Intrusion Detection Systems

BOSIN, ANDREA;DESSI, NICOLETTA;PES, BARBARA
2008-01-01

Abstract

Intrusion Detection Systems (IDSs) aim at detecting malicious or unauthorized activities targeting a network and its resources. Usually engineered as self-contained applications, current IDSs are limited in protecting collaborative computing environments, like grids, whose security amplifies the concerns about intrusions and motivates advanced organizing paradigms and technical solutions for effective attack detection. We envision a new generation of IDSs defined by a set of services supporting security managers in improving the overall network security. Specifically, we show how to model the ID processes as a set of plans that a security manager may go through on a network of cooperative nodes interacting with one another in order to offer or to ask for services. Services correspond to specialized ID tasks and encapsulate problem solving and simulation capabilities. Complex ID activities are expressed by workflows, the focus being on flexibility, reuse and interoperability of ID services. Some implementation hints are suggested.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11584/103612
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 2
social impact