An alert transmission apparatus for a policy-based intrusion detection and
response has a central policy server (CPS) and an intrusion detection and
response system (IDRS). In the CPS, a policy management tool generates
security policy information and then stores the generated security policy
information in a policy repository. A COPS-IDR server sends the
information to the IDRS and an IDMEF-XML-type alert transmission message
to a high-level module. An IDMEF-XML message parsing and translation
module stores a parsed and translated IDMEF-XML-type alert transmission
message in an alert DB or provides the message to an alert viewer. In the
IDRS, a COPS-IDR client generates the IDMEF-XML-type alert transmission
message and provides the message to the CPS. An intrusion detection
module detects an intrusion. An intrusion response module responds to the
intrusion. An IDMEF-XML message building module generates an IDMEF-XML
alert message and provides the message to the COPS-IDR client.