Journal of Digital Contents Society (디지털콘텐츠학회 논문지)

Digital Contents Society (한국디지털콘텐츠학회)
권호 표지
DOI QR코드

DOI QR Code

An Improved Detection Performance for the Intrusion Detection System based on Windows Kernel

윈도우즈 커널 기반 침입탐지시스템의 탐지 성능 개선

  • Kim, Eui-Tak (Hauri Technical Laboratory) ;
  • Ryu, Keun Ho (Database/Bioinformatics Laboratory, School of Electrical and Computer Engineering, Chungbuk National University)
  • 김의탁 (하우리 기술연구소) ;
  • 류근호 (충북대학교 전기전자정보컴퓨터학부)
  • Received : 2018.03.22
  • Accepted : 2018.04.21
  • Published : 2018.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

The breakthrough in computer and network has facilitated a variety of information exchange. However, at the same time, malicious users and groups are attacking vulnerable systems. Intrusion Detection System(IDS) detects malicious behaviors through network packet analysis. However, it has a burden of processing a large amount of packets in a short time. Therefore, in order to solve these problem, we propose a network intrusion detection system that operates at kernel level to improve detection performance at user level. In fact, we confirmed that the network intrusion detection system implemented at kernel level improves packet analysis and detection performance.

컴퓨터와 네트워크의 비약적인 발전은 다양한 정보 교환을 쉽게 하였다. 하지만, 그와 동시에 다양한 위험 요소를 발생시켜 악의적 목적을 가진 사용자와 그룹은 취약한 시스템을 대상으로 공격을 하고 있다. 침입탐지시스템은 네트워크 패킷 분석을 통해 악의적인 행위를 탐지한다. 하지만, 많은 양의 패킷을 짧은 시간 내에 처리해야 하는 부담이 있다. 따라서, 이 문제를 해결하기 위하여 우리는 User Level에서 동작하는 네트워크 침입탐지시스템의 탐지 성능 향상을 위해 Kernel Level에서 동작하는 시스템을 제안한다. 실제로, kernel level에서 동작하는 네트워크 침입탐지시스템을 구현함으로써 패킷 분석 및 탐지 성능을 향상함을 확인하였다.

Keywords

References

  1. Wikiphedia, Intrusion Detection System[Internet], Available: https://en.wikipedia.org/wiki/Intrusion_detection_system.
  2. Snort[Internet], Available : http://www.snort.org.
  3. S. Chakrabarti, M. Chakraborty, and I. Mukhopadhyay, "Study of snort-based IDS", Proceedings of the International Conference and Workshop on Emerging Trends in Technology, ACM, 2010.
  4. Jay Beale, James C, Foster Jeffery Posluns, Brian Caswell, "Snort 2.0 Magic Box", Acorn, 2003.
  5. Myeong-Ki Jeong, Seong-Jin Ahn, Won-Hyung Park, "A Comparative Study on Function and Performance of Snort and Suricata", The Journal of Information and Security, Vol. 14, No 5, pp.3-8, Sep 2014.
  6. Yong-Sik Jeon, "Cost-Based Optimizer Detection Tree configuration plan for performance improvement of Signature-Based IDS", M.S. dissertation, Korea, Seoul, 2017.05.
  7. Snort, Snort User Manual[Internet], Available : http://manual-snort-org.s3-wesite-us-east-1.
  8. In-Kyoung Kim, Eul-Gyu Im, "A Study on the Analysis Rule for Network Intrusion Detection System using Snort", The Journal of Korean Institute of Communications and Information Sciences, Vol. 2011, No. 6, pp. 656-658, Jun 2011.
  9. Ji-yong Han, In-bok Lee, Jung-Hee Han, "Accelerating PCRE Performance of Signature-based IDS", The Journal of Korean Instityte of Information Scientistics and Engineering : System and Theory, Vol. 40, No. 2, pp. 53-60, Feb 2013.
  10. M. Alicherry, M. Muthuprasanna, and V. Kumar, "High speed pattern matching for network IDS/IPS", Proceedings of the 2006 14th IEEE International Conference on. IEEE, Santa Barbara, CA, Feb 2006.
  11. M. Roesch, "Snort : Light weight Intrusion Detection for Networks", Proceedings of LISA '99:13th Systems Administration Conference, Seattle, WA, Nov 1999.
  12. Kil-Ho Lee, "A Study of Network Intrusion Detection System using Snort", M.S., Gyeongsang, Aug 2017.
  13. Security Tools, Security Tool Top 100[Internet], Available : http://www.sectools.org
  14. Ho-Sung Jo, Sung-Il Oh, In-Bok Lee, Hee-Jin Park, Joong-Chae Na, "Development and Application of a Similarity Analysis Program for Snort-based Detection Rules", The Journal of Korean Institute of Next Generation Computing, Vol.11, No.1, pp. 32-43, Feb 2015.
  15. K. Scarfone and P. Mell, "Guide to intrusion detection and prevention systems(IDPS)", NIST, Gaithersburg, MD, Special Publication 800-94, Feb 2007.
  16. Seok-Jin Ug, Moon-Seok Choi, Ji-Myung Kim, Jong-Soon Park, "A Comparative Study on Performance of Open Source IDS/IPS Snort and Suricata", The Journal of Korea Society of Digital Industry and Information Management, Vol. 12, No. 1, pp. 89-95, Mar 2016. https://doi.org/10.17662/ksdim.2016.12.1.089
  17. Yong-Woo Jung, "A Study on Normalized Rules of Security System", M.S. dissertation, Soongsil, Seoul, Jun 2017.
  18. Keon-Woong Kong, Yong-gwan Won, "Implementation of Encrypted Mail Program using SMTP and POP3", the Journal of Digital Contents Society, Vol. 18, No. 7, pp.1403-1409, Nov 2017. https://doi.org/10.9728/DCS.2017.18.7.1403
  19. Doo-Won Sik, "A Study on the False Positive detection method of Intrusion Prevention System Using SVM", M.S. dissertation, Sungkyunkwan, Seoul, Apr 2017.
  20. Dong-Hee Han, "A Study on the Method for Selecting Snort Intrusion Detection Rules for Improvement of Efficiency and Reduction of False Positive", M.S. dissertation, Korea, Seoul, 2015.12.
  21. Kedar Namjoshi, Girija Narlikar, "Robust and Fast Pattern Matching for IDS", 2010 Proceedings IEEE, 2010.03.
  22. Suricata[Internet], Available: http://www.suricata-ids.org.