The Common Intrusion Detection Framework Project

Previous page
Table of content
Next page

The Common Intrusion Detection Framework (CIDF) project, sponsored by DARPA, was launched in January of 1997. Within the framework of this project, the developers aim to produce a universal protocol intended for information exchange between intrusion detection systems from different manufacturers. Note that CIDF (http://www.gidos.org/) is a research project that is not intended for the commercial market. It is used mainly by manufacturers of intrusion detection systems intended for use by governmental organizations (mainly in the USA). This project also integrates a special attack description language—Common Intrusion Specification Language (CISL) [Proctor1-01]. An example illustrating rules written using the CISL language is presented in Listing 13.1.

Listing 13.1. An Example Illustrating the Use of CISL for Describing Rules for Deleting the/etc/passwd File

start example 
   (Delete    (When        (Time '12:24 15 Mar 1999 UTC')   )   (Initiator        (UserName 'joe')        (UserID 1234)        (HostName 'bank.ru')   )   (FileSource       (FullPathName '/etc/passwd')       (HostName 'bank. ru')    )   )
end example


Previous page
Table of content
Next page
Protect Your Information with Intrusion Detection
Protect Your Information with Intrusion Detection (Power)
ISBN: 1931769117
EAN: 2147483647
Year: 2001
Pages: 152
Authors: A. Lukatsky, Alex Lukatsky
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Certified Ethical Hacker Exam Prep
Snort Cookbook
Network Security Architectures
InDesign Type: Professional Typography with Adobe InDesign CS2
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy