Implementing an IDMEF Message Management Tool

The Aerospace Corporation Computer Science, 2001-02

Liaison(s): Joseph Betser Ph.D., Andrew Walther ’00
Advisor(s): Michael Erlinger
Students(s): Eric Heitzman (TL), Richard McKnight, Eider Moore, Rayford Sims (CMC)

The Aerospace Corporation has sponsored a series of projects focusing on issues in intrusion detection in computer networks. The Intrusion Detection Working Group of the Internet Engineering Task Force (a standards body) is developing a common XML message format for communicating intrusion detection events, called the Intrusion Detection Message Exchange Format (IDMEF). We have designed and implemented a web-accessible database-driven application to display, manage, and facilitate the manual correlation of IDMEF messages.