TU Berlin

Internet Network ArchitecturesAll Publications


zur Navigation

Es gibt keine deutsche Übersetzung dieser Webseite.

All publications

Policy-Controlled Event Management for Distributed Intrusion Detection
Zitatschlüssel KS-PEMDID-05
Autor Kreibich, Christian and Sommer, Robin
Buchtitel ICDCSW '05: Proceedings of the Fourth International Workshop on Distributed Event-Based Systems (DEBS) (ICDCSW'05)
Seiten 385–391
Jahr 2005
ISBN 0-7695-2328-5
DOI http://dx.doi.org/10.1109/ICDCSW.2005.112
Adresse Washington, DC, USA
Verlag IEEE Computer Society
Zusammenfassung A powerful strategy in intrusion detection is the separation of surveillance mechanisms from a site's policy for processing observed events. The Bro intrusion detection system has been using the notion of policy-neutral events as the basic building blocks for the formulation of a site's security policy since its conception. A recent addition to the system is the ability to exchange events with other Bro peers to allow distributed detection. In this paper we extend Bro's existing event model to fulfill the requirements of scalable policy-controlled distributed event management, including mechanisms for event publication, subscription, processing, propagation, and correlation.
Link zur Publikation Download Bibtex Eintrag



Schnellnavigation zur Seite über Nummerneingabe