UMBC ebiquity

SHOMAR: An Open Architecture for Distributed Intrusion Detection Services

Authors: J. Undercofer, Filip Perich, and Charles Nicholas

Date: September 12, 2002

Abstract: Distributed Intrusion Detection Systems (DIDS) offer an alternative to centralized intrusion detection. Current research indicates that a distributed intrusion detection paradigm may afford greater coverage, consequently providing an increase in security. In some cases, DIDS offer an alternative to centralized analysis, consequently improving scalabity. SHOMAR, the distributed architecture presented in this paper, provides an open framework that enables secure access to heterogeneous software and hardware components of a distributed intrusion detection system. SHOMAR is built upon a simplified Public Key Infrastructure that provides for authentication, non-repudiation, anti-playback, and access control. This framework supports a broad spectrum of approaches, ranging from hierarchical to peer-to-peer. The system topology and rules governing access to intrusion detection services is based solely upon policy, which is enforced through the use of a capability manager. The protoype system uses Java. The Extensible Markup Language is the sole medium for data exchange between intrusion detection components. SHOMAR provides a distributed service infrastructure independent of the underlying communications network.

Type: TechReport

Institution: University of Maryland, Baltimore County

Tags: security, intrusion detection, semantic web

Google Scholar: search

Number of downloads: 4767

 

Available for download as


size: 167780 bytes
 

Related Projects:

Past Project

 Intrusion Detection.