Active Response Model and Scheme to Detect Unknown Attacks

  • Kim, Bong-Han (Department of Computer and Information Engineering, Chongju University) ;
  • Kim, Si-Jung (Dept. of Computer Science, Chungju University)
  • 발행 : 2008.09.30

초록

This study was conducted to investigate what to consider for active response in the intrusion detection system, how to implement active response, and 6-phase response models to respond actively, including the active response scheme to detect unknown attacks by using a traffic measuring engine and an anomaly detection engine.

키워드

참고문헌

  1. H. Debar, D. Curry, B. Feinstein, 'The Intrusion Detection Message Exchange Format draft-ietf-idwg-idmef-xml-14', Internet-Draft, IETF, 2005
  2. Jinqiao Yu, Y. V. Ramana Reddy, Sentil Selliah, Srinivas Kankanahalli, Sumitra Reddy, Vijayanand Bharadwaj. 'TRINETR: An Intrusion Detection Alert Management System,' 13th IEEE (WETICE'04), pp.235-240, 2004.
  3. Carl Endorf, Eugene Schultz, Jim Mellander, 'Intrusion Detection & Prevention', McGrawHill, 2004
  4. Kim, H.A. and Karp, B., 'Autograph: Toward Automated, Distributed Worm Signature Detection', 13th Usenix Security Symposium (Security 2004), August, 2004
  5. Jian Zhang, Jian Gong and Yong Ding, 'Research on automated rollbackability of intrusion response', Journal of Computer Security, Vol.12, No.5, pp.737-751, 2004 https://doi.org/10.3233/JCS-2004-12504
  6. Kai Hwang, Ying Chen, Hua Liu. 'Defending Distributed Systems Against Malicious Intrusions and Network Anomalies' , IPDPS'05, 2005