Implementing IDS management on lock-keeper

Abstract

Intrusion Detection System (IDS) management is an important component for most distributed IDS solutions. One of the main requirements is extensibility, which enables the integration of different types of IDS sensors as well as the deployment in different kinds of environments. Lock-Keeper is a simple implementation of the high level security idea, "Physical Separation". It works as a sluice to exchange data between two networks without having to establish a direct and physical connection. To enhance the security of the Lock-Keeper system itself, it is necessary to deploy IDS sensors on Lock-Keeper components. This paper proposes an extensible IDS management architecture, which can be easily integrated on the special hardware platform of Lock-Keeper. Unified interface and communication between different integrated IDS sensors are designed using the known IDS standard, IDMEF, and realized as several kinds of plugins, such as handlers, receivers, and senders. A prototype of implementation is presented and some practical experiments are carried out to show the extensibility and applicability of the proposed architecture. © 2009 Springer Berlin Heidelberg.