The Intrusion Detection Working Group

The Intrusion Detection Working Group (IDWG) was established by IETF. The goals of this group include the creation of unified data formats and standard procedures for exchanging information between intrusion detection systems and their components, including intrusion detection systems from different manufacturers. In contrast to the CIDF project, the standards developed by IDWG (http://www.ietf.org/html.charters/idwg-charter.HTML and http://www.semper.org/idwg-public) are oriented towards the commercial market. As of now, IDWG has released 6 documents, covering various aspects of IDS operation—starting with requirements to the IDS architecture, and ending with protocol specifications. The greatest interest has been aroused by the Intrusion Detection Message Exchange Format (IDMEF) and the Intrusion Detection Exchange Protocol (IDXP), which describe the mechanism and procedures of message exchange in intrusion detection systems. IDMEF messages are XML documents describing the attack, which are transmitted to the management console using the IDXP protocol (based on the BEEP protocol (Blocks Extensible Exchange Protocol)). Earlier, IDXP was known as IAP (Intrusion Alert Protocol), and was based on HTTP. The advantages of BEEP include the simplicity of developing custom communication protocols and support for confidentiality and authentication mechanisms using Transport Layer Security (TLS).