Abstract
Next generation cyberspace intrusion detection systems will fuse data from heterogeneous distributed network sensors o create cyberspace situational awareness. This paper provides a few first steps toward developing the engineering requirements using the art and science of multisensor data fusion as the underlying model. Current generations internet-based intrusion detection systems and basic multisensor data fusion constructs are summarized. The TCP/IP model is used to develop framework sensor and database models. The SNMP ASN.1 MIB construct is recommended for the representation of context-dependent threat & vulnerabilities databases.