International Journal of Scientific & Technology Research

Home About Us Scope Editorial Board Blog/Latest News Contact Us
10th percentile
Powered by  Scopus
Scopus coverage:
Nov 2018 to May 2020


IJSTR >> Volume 1 - Issue 10, November 2012 Edition

International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616

Economical Benefits of Standardized Intrusion Detection Parametrization

[Full Text]



Bjorn-C. Bosch



Index Terms- IDPEF, IDXP, Intrusion Detection, Network Management, Standardization, System Management.



Abstract- Intrusion Detection Systems (IDS) are very important to protect important services against malicious actions. Detailed knowledge of information processing and protocols are necessary to protect the services and systems sufficient against attacks. IDS are currently independent and coexisting solutions. Each single IDS requires its individual administration access, administration handling and management infrastructure. Possible savings of a standardized parameterization infrastructure over all IDS will be analyzed. In every part of the solution life cycle process, design, infrastructure and additional expenses were analyzed. Based on the Return-on-Security-Investments model the benefit of a standardized parameterization was pointed out.



[1] CERT / CC: CERT/CC Statistics 1988-2006, 2007, available online at http://www.cert.org/stats/ (last visit: 2007-06-13).

[2] J. Havrilla: Attack Sophistication vs. Intruder Technical Knowledge in Vulnerability Discovery: Bridging the Gap Between Analysis and Engineering, 2006, available online at http://www.pghrims.org/resources/policyholder/cert-2003-04-22-pghrisk.pdf (last visit: 2011 11 26).

[3] CERT/CC: Overview Incident and Vulnerability Trends, 27.11.2003, available online at http://www.pghrims.org/resources/policyholder/cert-2003-04-22-pghrisk.pdf (last visit: 2011 11 26).

[4] Bruce Schneier: Secrets & Lies, 2000

[5] A. Mizza: Return on Information Security Investment - Are you spending enough? Are you spending too much?, Jan 2005

[6] W. Sonnenreich, J. Albanese, B. Stout: Return On Security Investment (ROSI): A Practical Quantitative Model, available online at http://www.infosecwriters.com/text resources/pdf/ROSI-Practical Model.pdf, last visit 30.08.2012

[7] M. Boyle et al: Human Performance in Cybersecurity: A research Agenda, Proceeding of the Human Factors and Ergonomics Society Annual Meeting 2011, pp. 1115 - 1119, 2011

[8] ISO: Ergonomie der Mensch-System-Interaktion - Teil 110: Grundsätze der Dialoggestaltung (ISO 9241-110:2006); Deutsche Fassung EN ISO 9241-110:2006, Sept 2008
[9] H. Debar, D. Curry and B. Feinstein: The Intrusion Detection Message Exchange Format (IDMEF), 2007, RfC 4765, available online at http://www.ietf.org/rfc/rfc4765.txt, last visit 01. September 2007.

[10] B. Feinstein and G. Matthews: The Intrusion Detection Exchange Protocol (IDXP), 2007, RfC 4767, available online at http://www.ietf.org/rfc/rfc4767.txt, last visit 01. September 2007.

[11] M. Rose: The Blocks Extensible Exchange Protocol Core, Mar 2001, RfC 3080, available online at http://www.ietf.org/rfc/rfc3080.txt, last visit 01. September 2007.
[12] M. Wood, M. Erlinger: Intrusion Detection Message Exchange Requirements, March 2007, RfC 4766, available online at http://www.ietf.org/rfc/rfc4766.txt, last visit 01. September 2007.

[13] B.-C. Bösch: Ein einheitliches Austauschformat zum Parametrisieren verschiedener IDS, in UpTimes of German UNIX User Group Frühjahresfachgespräche 2012, pages 51 - 59, March 2012.

[14] B.-C. Bösch: Intrusion Detection Parameterization Exchange Data Model, 35th Jubilee International Convention on Information and Communication Technology, Electronics and Mircoelectronics 2012, May 2012.

[15] B.-C. Bösch: Intrusion Detection Parameterization Exchange Format, RfC-draft, 2012, work in progress.

[16] B.-C. Bösch: Standardized Parameterization of Intrusion Detection Systems, International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), pp. 1 - 5, May 2012.

[17] B.-C. Bösch: Independent and Comprehensive Intrusion Detection Management, International Journal of Computer Science and Telecommunications (IJCST), pp. 1 - 6, Volume 3, Issue 7, July 2012.

[18] B.-C. Bösch: An Approach for Independent Intrusion Detection Management Systems, 7th Future Security Bonn, Sept. 2012

[19] B.-C. Bösch: Approach to Enhance the Effciency of Security Operation Centers to Heterogeneous IDS Landscapes, 7th International Workshop on Critical Information Infrastructures Security (CRITIS 2012) Lillehammer, Sept. 2012

[20] B.-C. Bösch: The Intrusion Detection Parameterization Exchange Format, unpublished

[21] German Federal Office for Information Security: BSI-Leitfaden zur Einführung von Intrusion-Detection-Systemen, Oct 2002, available online at https://www.bsi.bund.de/ContentBSI/Publikationen/Studien/ids02/index htm.html, last visit 26.08.2012

[22] SNORT: http://www.sort.org (last visit: 2011-12-03)

[23] Samhain: http://www.la-samhna.de/ (last visit: 2011-12-03)

[24] OSSec: http://www.ossec.net (last visit: 2011-12-03)

[25] Bro: http://www.bro-ids.org (last visit: 2011-12-03).