Inter‐organisational intrusion detection using knowledge grid technology

This paper introduces a solution for employing intrusion detection technology across organisational boundaries by using knowledge grid technology.

Employment of intrusion detection technology is currently limited to inside organisation deployments. By setting up communities, which maintain trust relationships between network nodes anywhere in the internet, security event data, structured into a common XML‐based format, can be exchanged in a secure and reliable manner.

A modular architecture has been developed which provides functionality to integrate different audit data generating applications and share knowledge about incidents, vulnerabilities and countermeasures from all over the internet. A security policy, based on the Chinese Wall Security Policy, ensures the protection of information inserted into the network.

The solution is currently in a preliminary stage, providing the description of the design only. Implementation as well as evaluation is under development.

Trusting communities everywhere in the internet will be brought into being so that people may establish trust relationships between each other. Participants may decide themselves whom they trust as a source for security‐related information rather than depending on centralised approaches.

No approach is known combining the two technologies – intrusion detection and grid – as described in this paper. The decentralised, peer‐to‐peer based grid approach together with the introduction of trust relationships and communities results in a new way of thinking about distributing security audit data.