17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana


Implementing the Intrusion Detection Exchange Protocol

Roy Pollock, Greg Matthews, Tim Buchheim, Mike Erlinger
Harvey Mudd College
USA

Ben Feinstein
Guardent
USA

Joseph Betser, Andy Walther
The Aerospace Corporation
USA

We describe the goals of the IETF's Intrusion Detection Working Group (IDWG) and the requirements for a transport protocol to communicate among intrusion detection systems. We then describe the design and implementation of IAP, the first attempt at such a protocol. After a discussion of IAP's limitations, we discuss BEEP, a new IETF general framework for application protocols. We then describe the Intrusion Detection Exchange Protocol (IDXP), a transport protocol designed and implemented within the BEEP framework that fulfills the IDWG requirements for its transport protocol. We conclude by discussing probable future directions for this ongoing effort.

Keywords: Intrusion Detection, Intrusion Detection Exchange Protocol, Intrusion Detection Working Group (IDWG)

Read Paper Read Paper (in PDF)