Network intrusion detection system based on SOA (NIDS-SOA): Enhancing interoperability between IDS

Abstract

Anti-virus and firewall protection systems are designed to prevent the execution of evil deeds in the network, thus constituting a barrier to invaders (e.g. viruses, worms and hackers). However, there is no guarantee to full protection of the computer network, because invasions may occur. In this case, Intrusion Detection System (IDS) provides intrusion detection and subsequent notification to the network administrator, or in conjunction with the firewall it blocks the port used in the invasion or the IP address of the attacker. An important factor for intrusion detection is the quality of database signatures. However, IDS systems are isolated; they do not share the signatures, and do not cooperate and the database signatures are not easily reused. Generally, they communicate using different protocols and are designed with different programming paradigms. In this paper, we present Network Intrusion Detection System based on SOA (NIDS-SOA) in order to allow interoperability between two or more IDSs for exchanging subscription information and notifications of occurrences of invasions and provide support for isolation of an invasion. © 2013 Springer Science+Business Media.