Browse > Article

A Malicious Process Control System for Protecting Servers from Internet Worm Attacks  

Kim, Ik-Su (숭실대학교 컴퓨터학부)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.35, no.3B, 2010 , pp. 431-439 More about this Journal
Abstract
The security systems using signatures cannot protect servers from new types of Internet worms. To protect servers from Internet worms, this paper proposes a system removing malicious processes and executable files without using signatures. The proposed system consists of control servers which offer the same services as those on protected servers, and agents which are installed on the protected servers. When a control server detects multicasting attacks of Internet worm, it sends information about the attacks to an agent. The agent kills malicious processes and removes executable files with this information. Because the proposed system do not use signatures, it can respond to new types of Internet worms effectively. When the proposed system is integrated with legacy security systems, the security of the protected server will be further enhanced.
Keywords
Internet Worm; Intrusion Prevention; Zero-day Attack; Malicious Process; Signature;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 김익수, 김명호, "사용되지 않는 포트를 이용하여 해커를 허니팟으로 리다이렉트하는 시스템 설계 및 구현", 한국정보보호학회논문지, 제16권, 제 5호, pp.15-24, 2006.   과학기술학회마을
2 C. Michael and A. Ghosh, "Simple, State-based Approaches to Program-based Anomaly Detection," ACM Transactions on Information and System Security, Vol.5, Issue 3, pp.203-237, 2002.   DOI
3 X. Jiang, D. Xu, and Y. Wang, "Collapsar: A VM-based Honeyfarm and Reverse Honeyfarm Architecture for Network Attack Capture and Detention," Journal of Parallel and Distributed Computing, Vol.66, No.9, pp.1165-1180, 2006.   DOI   ScienceOn
4 U. Lindqvist and P. Porras, "Detecting Computer and Network Misuse through the Production-based Expert System Toolset(P-BEST)," Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp.146-161, 1999.
5 H. Artail, H. Safa, M. Sraj, I. Kuwatly, and Z. Al-Masri, "A Hybrid Honeypot Framework for Improving Intrusion Detection Systems in Protecting Organizational Networks," Computers & Security, Vol.25, No.4, pp.274-288, 2006.   DOI   ScienceOn
6 http://www.cert.org/advisories/CA-2002-27.html
7 MS08-067 악성코드 분석, 한국정보보호진흥원, 2008
8 S. Stolfo, S. Hershkop, L. Bui, R. Ferster, and K. Wang, "Anomaly Detection in Computer Security and an Application to File System Accesses," ISMIS 2005, pp.14-28, 2005.
9 M. Roesch, "Snort - Lightweight Intrusion Detection for Networks," Proc. of LISA '99: 13th Systems Administration Conference, Nov. 1999.
10 고준상, 김봉한, 이재광, "LCSeq를 이용한 변형 웜 시그너쳐 생성 엔진 구현", 한국콘텐츠학회논문지, 제 7권, 제 11호, pp.94-101, 2007.   과학기술학회마을
11 오진태, 김대원, 김익균, 장종수, 전용희, "고속 정적 분석 방법을 이용한 폴리모픽 웜 탐지", 한국정보보호학회논문지, 제19권, 제4호, pp.29-39, 2009.   과학기술학회마을
12 김익수, 조혁, 김명호, "스캔 기반의 인터넷 웜 공격 탐지 및 탐지룰 생성 시스템 설계 및 구현", 한국정보처리학회논문지, 제 12-C권, 제2호, pp.191-200, 2005.   과학기술학회마을
13 강신헌, 김재현, "네트워크 트래픽 특성 분석을 통한 스캐닝 웜 탐지 기법", 한국정보과학회논문지, 제35권, 제6호, pp.474-481, 2008.   과학기술학회마을
14 황유동, 박동규, 유승엽, 임황빈, 장종수, 오진태, "자기 복제 성질을 이용한 웜 탐지 기법에 대한 연구", 한국통신학회논문지, 제34권, 제6호, pp.169-178, 2009.
15 L. Spitzer, Honeypots: Tracking Hackers, Addison-Wesley, 2002.
16 L. Spitzer, Honeypot Farms, http://www.securityfocus.com/infocus/1720, 2003.
17 Know Your Enemy: Honeynets, http://old.honeynet.org/papers/honeynet/, 2005.
18 C. Hoepers, K. Steding-Jessen, L. Cordeiro, and M. Chaves, "A National Early Warning Capability Based on a Network of Distributed Honeypots," 17th Annual FIRST Conference on Computer Security Incident Handling, 2005.