TY - JOUR
T1 - Inter-organisational intrusion detection using knowledge grid technology
AU - Pilgermann, Michael
AU - Blyth, Andrew
AU - Vidalis, Stilianos
PY - 2006
Y1 - 2006
N2 - Purpose - This paper introduces a solution for employing intrusion detection technology across organisational boundaries by using knowledge grid technology. Design/methodology/approach - Employment of intrusion detection technology is currently limited to inside organisation deployments. By setting up communities, which maintain trust relationships between network nodes anywhere in the internet, security event data, structured into a common XML-based format, can be exchanged in a secure and reliable manner. Findings - A modular architecture has been developed which provides functionality to integrate different audit data generating applications and share knowledge about incidents, vulnerabilities and countermeasures from all over the internet. A security policy, based on the Chinese Wall Security Policy, ensures the protection of information inserted into the network. Research limitations/implications - The solution is currently in a preliminary stage, providing the description of the design only. Implementation as well as evaluation is under development. Practical im plications - Trusting communities everywhere in the internet will be brought into being so that people may establish trust relationships between each other. Participants may decide themselves whom they trust as a source for security-related information rather than depending on centralised approaches. Originality/value - No approach is known combining the two technologies - intrusion detection and grid - as described in this paper. The decentralised, peer-to-peer based grid approach together with the introduction of trust relationships and communities results in a new way of thinking about distributing security audit data.
AB - Purpose - This paper introduces a solution for employing intrusion detection technology across organisational boundaries by using knowledge grid technology. Design/methodology/approach - Employment of intrusion detection technology is currently limited to inside organisation deployments. By setting up communities, which maintain trust relationships between network nodes anywhere in the internet, security event data, structured into a common XML-based format, can be exchanged in a secure and reliable manner. Findings - A modular architecture has been developed which provides functionality to integrate different audit data generating applications and share knowledge about incidents, vulnerabilities and countermeasures from all over the internet. A security policy, based on the Chinese Wall Security Policy, ensures the protection of information inserted into the network. Research limitations/implications - The solution is currently in a preliminary stage, providing the description of the design only. Implementation as well as evaluation is under development. Practical im plications - Trusting communities everywhere in the internet will be brought into being so that people may establish trust relationships between each other. Participants may decide themselves whom they trust as a source for security-related information rather than depending on centralised approaches. Originality/value - No approach is known combining the two technologies - intrusion detection and grid - as described in this paper. The decentralised, peer-to-peer based grid approach together with the introduction of trust relationships and communities results in a new way of thinking about distributing security audit data.
KW - Computer crime
KW - Data security
KW - Supply chain management
UR - http://www.scopus.com/inward/record.url?scp=33746615687&partnerID=8YFLogxK
UR - http://www.emeraldinsight.com/doi/full/10.1108/09685220610690808
U2 - 10.1108/09685220610690808
DO - 10.1108/09685220610690808
M3 - Article
AN - SCOPUS:33746615687
SN - 0968-5227
VL - 14
SP - 327
EP - 342
JO - Information Management & Computer Security
JF - Information Management & Computer Security
IS - 4
ER -