Data unification in the field of intrusion detection systems (IDS) requires the use of a method that will allow information from a number of heterogeneous distributed sources to be logged into a single database. In this paper, we introduce SoapSy, a lightweight secure access mechanism through which information from several heterogeneous distributed sources can be logged to a single database with the use of the SOAP protocol. Additionally, we present an extensible database architecture that can be used with SoapSy for unifying data from heterogeneous distributed systems, and describe how it can evolve, based on the incorporation of additional heterogeneous sensors that log to SoapSy. 

Allen, J., A. Christie, W. Fithen, J. McHugh, J. Pickel, Ed Stoner, 2000. State of the Practice of Intrusion Detection Technologies. Pittsburgh, Carnegie Mellon Software Engineering Institute.

Almgren, M. and U. Lindqvist. 2001. Application-Integrated Data Collection for Security Monitoring. Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), University of California at Davis, CA, USA, Springer-Verlag.

Anderson, J. P. 1980. Computer Security Threat Monitoring and Surveillance, National Institute of Standards and Technology.

Anderson, R. H., R. Brackney, T. Bozek. 2000. Advanced Network Defense Research: Proceedings of a Workshop. RAND, RAND.

Arvidsson, J., A. Cormack, Y. Demchenko, J. Meijer. 2001. TERENA’s Incident Object Description and Exchange Format Requirements (RFC 3067), Network Working Group - IETF. http://www.ietf.org/rfc/rfc3067.txt/. Last Accessed: December 2003.

Baader, F. and W. Snyder. 2001. Unification Theory. Handbook of Automated Reasoning. A. Robinson and A. Voronkov, Elsevier Science. 1: 445-532.

Bass, T. 2000. Intrusion Detection Systems & Multisensor Data Fusion: Creating Cyberspace Situational Awareness. Communications of the ACM, ACM Press.

Bates, C. 2003. XML in theory and Practice. London, Wiley.

Blyth, A. 2003. “An XML-based architecture to perform data integration and data unification in vulnerability assessments.” Technical Notes in Information Security 8(4): 14-25.

Blyth, A. J., D. Cunliffe, I. Sutherland. 2003. “Analysis of XML Usage and XML Parsing, Computers and Security.” Computers and Security 22(6): 494-505.

Bourret, R. 2001. Transferring data between XML documents and relational databases. http://www.rpbourret.com/xml/DataTransfer.htm/. Last Accessed: December 2003.

Box, D., D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S. Thatte, D. Winer. 2000. Simple Object Access Protocol (SOAP) 1.1, W3C. http://www.w3.org/TR/soap/. Last Accessed: December 2002.

Bray, T., J. Paoli, C.M. Sperberg-McQueen, E. Maler, F. Yergeau. 2004. Extensible Markup Language (XML) 1.0 (Third Edition), W3C Recommendation, W3C. http://www.w3.org/TR/REC-xml/. Last Accessed: January 2004.

Corner, D. S. 2003. IDMEF – “Lingua Franca” for Security Incident Management Tutorial and Review of Standards Development, SANS Institute. http://www.sans.org/rr/whitepapers/detection/1080.php/. 2004.

Debar, H., D. Curry, B. Feinstein. 2004. The Intrusion Detection Message Exchange Format (draft-ietf-idwg-idmef-xml-12), Internet Engineering Task Force (IETF). http://www.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-12.txt/. Last Accessed: January 2004.

Debar, H. and B. Morin. 2002. Evaluation of the Diagnostic Capabilities of Commercial Intrusion Detection Systems. Proceedings of the 5th symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, Springer - Verlag.

Debar, H. and A. Wespi. 2001. Aggregation and Correlation of Intrusion Detection Alerts. Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), University of California at Davis, CA, USA, Springer-Verlag.

Demchenko, Y. 2003. Requirements for Format for INcident Report Exchange (FINE) (draft-ietf-inch-requirements-02.txt), Extended Incident Handling Working Group - Internet Engineering Task Force (IETF). http://www.ietf.org/internet-drafts/draft-ietf-inch-requirements-02.txt/. Last Accessed: May 2003.

Demchenko, Y., H. Ohno, G. M. Keeni. 2004. Requirements for Format for INcident information Exchange (FINE) <draft-ietf-inch-requirements-03.txt>, Network Working Group - Internet Engineering Task Force (IETF). http://www.cert.org/ietf/inch/docs/draft-ietf-inch-requirements-03.txt/. Last Accessed: January 2005.

Denning, D. E. (1987). An Intrusion Detection Model. IEEE Transactions on Software Engineering, IEEE Press.

Escamilla, T. (1998). Intrusion Detection - Network Security Beyond the Firewall. London, Wiley.

Feinstein, B., G. Mathews, J. White. (2002). The Intrusion Detection Exchange Protocol (IDXP) (draft-ietf-idwg-beep-idxp-07), Internet Engineering Task Force (IETF). http://www.ietf.org/internet-drafts/draft-ietf-idwg-beep-idxp-07.txt/. Last Accessed: December 2003.

Flack, C. and M. J. Atallah (2000). Better Logging through Formality. Recent Advances in Intrusion Detection: Third International Workshop, RAID 2000, Toulouse, France, October 2000. Proceedings, Toulouse, France, Springer-Verlag.

Frincke, D., D. Tobin, J. McConnell, J. Marconi, D. Polla. 1998. A Framework for Cooperative Intrusion Detection. Proceedings of the 21st NIST-NCSC National Information Systems Security Conference, Arlington, VA, www.securityfocus.com.

Fyodor, Y. (2000). SNORTNET - A distributed Intrusion Detection System. Bishkek, Kyrgyzstan, Kyrgyz Russian Slavic University. August 2003.

Harold, W. (2003). Using Extensible Markup Language-Remote Procedure Calling (XML-RPC) in Blocks Extensible Exchange Protocol (BEEP) (RFC 3529), Network Working Group - Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc3529.txt/. Last Accessed: May 2003.

Hopcroft, J. E. and J. D. Ullman (1979). Introduction to Automata Theory, Languages, and Computation, Addison-Wesley.

Rose, M. (2001). The Blocks Extensible Exchange Protocol Core (RFC 3080), Network Working Group - Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc3080.txt/. Last Accessed: November 2002.

Russell, R. and J. C. Foster (2003). Snort 2.0 Intrusion Detection, Syngress.

Scribner, K. (2000). Understanding SOAP. London, SAMS.

Seligman, L. and A. Rosenthal (2001). XML’s Impact on Databases and Data Sharing. Computer - IEEE Computer Society. 34: 59-67.

Uppuluri, P. and R. Sekar (2001). Experiences with Specification-Based Intrusion Detection. Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), University of California at Davis, CA, USA, Springer-Verlag.

Valdes, A. and K. Skinner (2001). Probabilistic Alert Correlation. Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), University of California at Davis, CA, USA, Springer - Verlag.

Verwoerd, T. and R. Hunt (2002). “Intrusion Detection Techniques and Approaches.” Computer Communications 25(15): 1356-1365.