SHOMAR: An Open Architecture for Distributed Intrusion Detection Services
Loading...
Files
Permanent Link
Author/Creator
Author/Creator ORCID
Date
2002-09-12
Type of Work
Department
Program
Citation of Original Publication
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Abstract
Distributed Intrusion Detection Systems (DIDS) offer an alternative to centralized intrusion detection.
Current research indicates that a distributed intrusion detection paradigm may afford
greater coverage, consequently providing an increase in security. In some cases, DIDS offer an
alternative to centralized analysis, consequently improving scalabity. SHOMAR, the distributed
architecture presented in this paper, provides an open framework that enables secure access to
heterogeneous software and hardware components of a distributed intrusion detection system.
SHOMAR is built upon a simplified Public Key Infrastructure that provides for authentication,
non-repudiation, anti-playback, and access control. This framework supports a broad spectrum of
approaches, ranging from hierarchical to peer-to-peer. The system topology and rules governing
access to intrusion detection services is based solely upon policy, which is enforced through the
use of a capability manager. The protoype system uses Java. The Extensible Markup Language is
the sole medium for data exchange between intrusion detection components. SHOMAR provides a
distributed service infrastructure independent of the underlying communications network.