Journal of Advanced Research in Networking and Communication Engineering

In the present scenario, there are various kinds of intrusion alerts which are stored using different styles and presentation having dissimilar interpretation. These alerts can be converted to single format using various protocols such as SNMP trap, syslog protocol, IDMEF, IDXP etc. The presence of different formats makes it difficult to use that together. We need the normalization process to unify alerts from a variety of security-related equipment. This article describes how to normalize alerts from several IDS and security-related equipment.

Betser J, Walther A, Erlinger M et al.

GlobalGuard:-Creating the IETF-IDWG Intrusion Alert Protocol (IAP). DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings, 2001.

Buchheim T, Erlinger M, Feinstein B et al. Implementing the Intrusion Detection Exchange Protocol. Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual, Dec 2001.

Wood M, Erlinger M. Intrusion Detection. Message Exchange Requirements. Oct, 2002. draft-ietf-idwg-requirements- 10. Available from: https://tools.ietf.org/html/rfc4766.

Debar H, Curry D, Feinitein B. The Intrusion Detection Message Exchange Format. July, 2004. dmft-ietf-idwg-idmef-xml-12. Available from: https://www.ietf.org/rfc/rfc4765.txt.

Feinstein B, Marthews G, White J. The Intrusion Detecting Exchange Protocol (IDXP). Oct, 2002. draft-ietf-idwg-beep-idxp-07. Available from: https://www.ietf.org/rfc/rfc4767.txt.

CVE. Widespread Use of CVE. Available from: http://www.cve.mitre.org/.

SECEF. IDMEF. Available from: http://www.secef.net/index.php/uk/idmef/79-idmef/79-idmef-intro.