Architecture

• Distributed
  • military-style command and control hierarchy with the end-goal of multi-sensor data fusion [Bass99]

• Example systems
  • SRI EMERALD, U. Idaho Hummer, just about every commercial IDS is distributed E-boxes and a central {A,D,R}-box

• Problems
  • right now, nobody does intelligent data reduction or event correlation - too many false positives
  • inter-IDS messaging standards [CIDF98] [IDEF99] have been slow to develop, hampered by the lack of a standard vulnerability/exploit taxonomy