Roy Pollock, Greg Matthews, Tim Buchheim, Mike Erlinger
Harvey Mudd College
Joseph Betser, Andy Walther
The Aerospace Corporation
We describe the goals of the IETF's Intrusion Detection Working Group (IDWG) and the requirements for a transport protocol to communicate among intrusion detection systems. We then describe the design and implementation of IAP, the first attempt at such a protocol. After a discussion of IAP's limitations, we discuss BEEP, a new IETF general framework for application protocols. We then describe the Intrusion Detection Exchange Protocol (IDXP), a transport protocol designed and implemented within the BEEP framework that fulfills the IDWG requirements for its transport protocol. We conclude by discussing probable future directions for this ongoing effort.
Keywords: Intrusion Detection, Intrusion Detection Exchange Protocol, Intrusion Detection Working Group (IDWG)
Read Paper (in PDF)