17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana

Forum - Creating and Implementing a Common Message and Protocol for Intrusion Detection Alerts

Mike Erlinger
Harvey Mudd College

Stuart Staniford
Silicon Defense

Mark Wood
Internet Security Systems

Ben Feinstein

Andy Walther
The Aerospace Corporation

Intrusion detection is an area of increasing concern in the Internet community. In response to this, many automated intrusion detection systems (IDS) have been developed, e.g., commercial (Real Secure) and public domain (SNORT). However, there is no standardized way for IDS to communicate with each other or to a common manager. To remedy this, the Intrusion Detection Working Group (IDWG) was chartered under the auspices of the Internet Engineering Task Force.

IDWG has published its specifications for a standard alert format (IDMEF) and a standard transport protocol (IDXP).Such specifications remain an academic exercise until the community adopts them. This forum will discuss issues related to community adoption of the IDWG specifications and, in particular, issues related to their implementation and use.