정보보호학회논문지 (Journal of the Korea Institute of Information Security & Cryptology)

  • 제14권4호
  • /
  • Pages.111-121
  • /
  • 2004
  • /
  • 1598-3986(pISSN)
  • /
  • 2288-2715(eISSN)
한국정보보호학회 (Korea Institute of Information Security and Cryptology)
권호 표지
DOI QR코드

DOI QR Code

트래픽 분석에 의한 광대역 네트워크 조기 경보 기법

Fast Detection Scheme for Broadband Network Using Traffic Analysis

  • 발행 : 2004.08.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

인터넷의 급속한 발달과 더불어 네트워크 환경에서의 침입은 빠르게 증가하고 있으며, 그 피해 또한 급격히 증가하고 있다. 최근의 인터넷 공격은 특정 호스트나 네트워크에 대한 피해를 초래할 뿐만 아니라, 네트워크 전반의 성능저하를 유발한다. 기존의 침입 탐지 시스템은 각 지역망 및 특정한 대상 시스템을 보호하기 위한 솔루션들로, 기간망 수준의 실시간 공격 탐지에 적용하기 힘든 문제점을 가지고 있다. 본 논문에서는 네트워크 수준의 실시간 공격탐지를 위하여 각 포트별 트래픽을 대상으로 지수평활법을 적용하는 광대역 네트워크 침입 탐지 기법 제안하였다. 8일간의 기간망의 트래픽 데이터를 대상으로 한 실험에서, 제안한 기법은 공격으로 추정되는 급격한 트래픽의 증가를 적절히 탐지함을 보여주었다.

With rapid growth of the Internet, network intrusions have greatly increased and damage of attacks has become more serious. Recently some kinds of Internet attacks cause significant damage to overall network performance. Current Intrusion Detection Systems are not capable of performing the real-time detection on the backbone network In this paper, we propose the broadband network intrusion detection system using the exponential smoothing method. We made an experiment with real backbone traffic data for 8 days. The results show that our proposed system detects big jumps of traffic volume well.

키워드

참고문헌

  1. Dorothy E. Denning, 'An intrusion detection model', IEEE Transactions on Software Engineering, v.13 n.2, pp. 222-232, Feb. 1987 https://doi.org/10.1109/TSE.1987.232894
  2. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, 'The Spread of the Sapphire/Slammer Worm', http://www.caida.org/outreach/ papers/2003/sapphire/sapphire. html
  3. D. Moore, V. Paxson, S. Savage, C. Shannon. S. Staniford, N. Weaver 'Inside the Slammer worm', IEEE Security & Privacy Magazine. v.1 . i.4, pp. 33-39, July-Aug. 2003 https://doi.org/10.1109/MSECP.2003.1219056
  4. J. L. Hellerstein, F. Zhang, P. Shahabuddin. 'A statistical approach to predictive detection', Computer Networks, vol 35, pp.77-95. 2001 https://doi.org/10.1016/S1389-1286(00)00151-1
  5. F. Zhang. J. L. Hellerstein. 'An Approach to On-line Predictive Detection', In Proceedings of 8th International Symposium on Modeling. Analysis and Simulation of Computer and Telecommunication Systems, Aug. 29-Sep. 2000
  6. N. K. Groschwitz and G. C. Polyzos, 'A Time Series Model of Long-Term NSFNET Backbone Traffic', In Proceedings of IEEE International Conference on Communications, May 1994
  7. Y. Shu, M. Yu, J. Liu: Yang and O.W.W, 'Wireless traffic modeling and prediction using seasonal ARIMA models', In Proceedings of IEEE International Conference on Communications, v.3, May 11-15, 2003
  8. P. Barford, J. Kline, D. Plonka and A.Ron, 'A Signal Analysis of Network Traffic Anomalies', IMW'02, Nov.6-8, 2000
  9. B. Chen, S. Peng and K. Wang, 'Traffic Modeling, Prediction, and Congestion Control for High-Speed Networks : A Fuzzy AR Approach', IEEE Transactions on Fuzzy Systems, v.8, n.5, Oct. 2000
  10. N. Ye, S. Vilbert and Q. Chen, 'Computer Intrusion Detection Through EWMA for Autocorrelated and Uncorrelated Data', IEEE Transactions on Reliability, v.52, n.l. March 2003
  11. X. Gang, Z, Hui, 'Advanced methods for detecting unusual behaviors onnetworks in real-time', In Proceedings of International Conference on Communication Technology Proceedings, v.l. pp.291-295, Aug. 2000
  12. G. Box , G. Jenkins, and G. Reinsel, Time Series Analysis, 3rd ed.. Prentice Hall, 1994
  13. 한국정보보호진흥원, 2003년 7월 해킹바이러스 통계 및 분석 월보, 2003년 7월
  14. C. Zou, L. Gao, W. Gong, D. Towsley, 'Monitoring and Early Warning for Internet Worms', In Proceedings of the 10th ACM Conference on Computer and Communication Security, October 2003
  15. J.B.D.Cabrera, L. Lewis. X. Qin, C. Gutierrez,W. Lee, R.K. Mehra, 'Proactive intrusion detection and SNMPbased security management : new experiments and validation', In Proceedings of FIP/IEEE Eighth International Symposium on Integrated Network Management, 24-28 March 2003
  16. J.B.D.Cabrera, L. Lewis, X. Qin, C. Gutierrez,W. Lee, R.K. Mehra, 'Proactive Intrusion Detection and Distributed Denial of Service Attacks-A Case Study in Security Management', Journal of Network and Systems Management, vol. 10, num. 2, pp. 225-254, June 2002. https://doi.org/10.1023/A:1015910917349
  17. J. Zhai, J. Tian, R. Du, J, Huang, 'Network Intrusion Early Warning Model Based on D-S Evidence Theory', In Proceedings of 2003 International Conference on Machine Learning and Cybernetics, vol. 4, pp. 1972-1977, Nov. 2003
  18. J.Li, C. Manikopoulos, 'Early statistical anomaly intrusion detection of DOS attacks using MIB traffic parameters", Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society, pp. 53 - 59. June 2003
  19. J. Zhang, C Xiao, 'A network earlywarning architecture using mobile agent', In Proceedings of 2003 International Conference on Computer Networks and Mobile Computing, pp.349-352, Oct. 2003
  20. 조상현, 김한성, 이병희, 차성덕, '베이지언 추정을 이용한 웹 서비스 공격 탐지'. 한국정보보호학회논문지, vol. 13, no. 2, pp. 115-126, April 2003
  21. D. C. Montgomery, Introduction to Statistical Quality Control. John Wiley and Sons, 1997