SISTEMA DE DETECÇÃO DE INTRUSÃO EM REDES BASEADO EM SOA (NIDS-SOA) PARA SUPORTAR A INTEROPERABILIDADE ENTRE IDS S: APLICAÇÃO AO NIDIA

Abstract

The antivirus system and firewall are protection systems designed to prevent malicious work in the network, thus constituting a barrier to invaders (e.g. vírus, worms e hackers). However, there is no guarantee a full protection to network and computers, invasions can occur by exploiting vulnerabilities, known, and allow running programs remotely, changing privileges within the system and the dissemination of important information. In this case, Intrusion Detection System IDS (Intrusion Detection System) allows the detection of intrusions and subsequent notification to the network administrator or, in conjunction with the firewall blocks the port used in the invasion or the IP address of the attacker. An important factor for the intrusion detection is the quality of subscriber base. However IDS systems are isolated systems and the interoperability among different vendors IDS is complex and difficult to implement. Existing IDS systems in the literature, including the IDS NIDIA (Instrusion-Detection System Network Intrusion Detection System based on Intelligent Agents) are isolated systems, are not easily reused. Generally, they communicate using different protocols and are designed with different programming paradigms. In this work it is proposed an architecture based on the philosophy SOA (Service Oriented Architecture) to support interoperability between IDS systems. The IDS-NIDIA will be adapted and extended according to the SOA philosophy, containing layers of web services in order to provide a static service composition between the layers of the application and reuse of information with other IDS s.