Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICDCSW
2005
IEEE
2005
IEEE
Policy-Controlled Event Management for Distributed Intrusion Detection
A powerful strategy in intrusion detection is the separation of surveillance mechanisms from a site’s policy for processing observed events. The Bro intrusion detection system has been using the notion of policy-neutral events as the basic building blocks for the formulation of a site’s security policy since its conception. A recent addition to the system is the ability to exchange events with other Bro peers to allow distributed detection. In this paper we extend Bro’s existing event model to fulfill the requirements of scalable policy-controlled distributed event management, including mechanisms for event publication, subscription, processing, propagation, and correlation.
Real-time TrafficBro Intrusion Detection | Bro Peers | Bro’s Existing Event | Distributed And Parallel Computing | ICDCSW 2005 |
| Added | 24 Jun 2010 |
| Updated | 24 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | ICDCSW |
| Authors | Christian Kreibich, Robin Sommer |
Comments (0)
Researcher Info
|
