ACSAC 2001 (www.acsac.org): Forum - Creating and Implementing a Common Message and Protocol for Intrusion Detection Alerts

Forum - Creating and Implementing a Common Message and Protocol for Intrusion Detection Alerts

Chair:
Mike Erlinger
Harvey Mudd College
USA

Stuart Staniford
Silicon Defense
USA

Mark Wood
Internet Security Systems
USA

Ben Feinstein
Guardent
USA

Andy Walther
The Aerospace Corporation
USA

Intrusion detection is an area of increasing concern in the Internet community. In response to this, many automated intrusion detection systems (IDS) have been developed, e.g., commercial (Real Secure) and public domain (SNORT). However, there is no standardized way for IDS to communicate with each other or to a common manager. To remedy this, the Intrusion Detection Working Group (IDWG) was chartered under the auspices of the Internet Engineering Task Force.

IDWG has published its specifications for a standard alert format (IDMEF) and a standard transport protocol (IDXP).Such specifications remain an academic exercise until the community adopts them. This forum will discuss issues related to community adoption of the IDWG specifications and, in particular, issues related to their implementation and use.