Common Intrusion Detection Signatures Standard

Menu Documentation About us Download Home page
The purpose of the Common Intrusion Detection Signatures Standard
(CIDSS) is to define a common data format for storing signatures from
different intrusion detection systems.

Internet-Draft describes a common data format to represent
information contained in signatures of intrusion detection systems,
and explains the rationale for using this common format. The proposed
format is a dialect of the Extensible Markup Language (XML). An XML
Document Type Definition is developed, and examples are provided.

Common Intrusion Detection Signatures Standard is intended to be a
standard format of signatures used widely in Network Intrusion
Detection Systems (NIDS). An IDS is controlled by a set of decision
rules. A decision rule of an IDS is composed of two components: a
description of specific characteristics of an intrusion attempt (a
signature) and an action that has to be carried out when the data
provided by IDS sensors matches the signature. This document focuses
on the remaining part of an IDS decision rule: the IDS signature.

Currently, every IDS uses a different format of signatures. CIDSS
defines a common format of signatures that attempts to express all
information contained in signatures of various IDS. The CIDSS
signature format is based on XML to facilitate the adaptation and
applications of the proposed standard. The CIDSS signature format is
designed to be extensible, and therefore it should be simple to
incorporate features of future and current IDS systems that have not
been taken into account in the first design.

The main goal of CIDSS is to enable administrators of IDS systems to
share, compare, evaluate and criticize signatures used to detect
intrusion events. The increasingly dynamic, global, and frequent
nature of intrusion attempts is a trend that forces administrators to
greater efforts to protect increasingly valuable information. The
possibility to disseminate knowledge and experience about IDS
systems' operation would be enhanced by the introduction of a common
signature format. Therefore the use of a common IDS signature format
should lead to a greater security of information.