Infrastructure and Communications Architecture


The rapid pace of technological change makes it likely that any static IDS (Intrusion Detection System) will rapidly become obsolete. As vulnerabilities are exploited and then patched, and as fundamentally new systems replace some (but not all) older "legacy systems", new holes and attack scenarios will undoubtedly emerge.

In this context, Intrusion Detection is best viewed not as a static set of tools and techniques, but rather as a dynamic, evolving, emergent process . Moreover, any successful IDS that is widely deployed will, itself, drive the evolution of more sophisticated attacks.

Thus, to have any reasonable longevity, an IDS must be based on an architecture that is extremely open and readily adaptable not only to new attack modes, but also to new tools and components for defense and detection.

Architectural Design Considerations

Inter-Operability of Data Source & Analysis Components

SCL = Simple Communications Layer