GlobalGuard: creating the IETF-IDWG Intrusion Alert Protocol (IAP)

This paper describes the design, specification, and implementation of the Internet Engineering Task Force (IETF) Intrusion Detection Working Group (IDWG) Intrusion Alert Protocol (IAP). IAP seeks to facilitate the ubiquitous interoperability of intrusion detection components across Internet enterprises. This capability is critical for intrusion detection for large networks. The IETF IDWG was inspired by the DARPA CIDF activity. The IETF engineering process is described in the context of GlobalGuard IAP. The IETF requirements of IAP are described, followed by the detailed operation of IAP in the context of a specific implementation that was developed and demonstrated at the December 2000 IETF meeting. Current and future challenges facing the IETF IDWG IAP are described. Some proposed directions for this activity are presented, such as the possible incorporation of the BEEP protocol in the future.