Research on sharing of intrusion detection information

The strategy of information sharing of CIDF is a general method of data sharing, which neither describes in detail what information need to be shared nor presents how to use the shared information, and therefore causes the inefficient information communication among ID components. This work presents a new mechanism aimed at solving the problem of intrusion detection information, which uses a pattern with transformation rules describing request for information. Patterns describe the events that the requesting ID components are interested in and transformation rules describe the requested information from events. This mechanism not only improves the efficiency of information communication, but also saves network bandwidth and processing time.