Browse > Article
http://dx.doi.org/10.13089/JKIISC.2003.13.3.81

The host-based Intrusion Detection System with Audit Correlation  

황현욱 (전남대학교 정보보호협동)
김민수 (전남대학교 정보보호협동)
노봉남 (전남대학교 정보보호협동)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.13, no.3, 2003 , pp. 81-90 More about this Journal
Abstract
The presence of the intrusion is judged by intrusion detection system based on the audit log and the Performance of this system depends on how correctly and effectively it has been described about the intrusion pattern with audit log. In this paper, the relativity concerning intrusion is demonstrated among the information those are ‘System call, Network packet and Syslog’ and the related pattern of the state-transition-based method and those rule-based pattern is identified. By applying this correlation to them, the accuracy rate of detection was able to be improved. Especially, the availability of detection with correlation pattern through Covert Channel detection test has been substantiated.
Keywords
IDS; correlation; audit log; pattern;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Alert Correlation in a Cooperative Intrusion Detection Framework /
[ F.Cuppens;A.Miege ] / IEEE Symposium on Security and Privacy
2 보안 솔루션에 대한 우회 공격 기법 분석 연구 /
[ 손태식;김진원;박일곤;문종섭;박현미;김상철 ] / 한국정보보호학회 학술대회
3 Decentralized Event Correlation for Intrusion Detection /
[ Christopher Knugel;Thomas Toth;Clemens Kerer ] / Pre-Proceedings of ICISC 2001
4 An Intrusion Detection Model /
[ D.Denning ] / IEEE Transactions on Software Engineering
5 Once upon a free0 /
[ anonymous ] / Phrack Magazine
6 UNIX 환경에서 퍼지 Petri net을 이용한 호스트 기반 침입탐지 시스템 설계 /
[ 김민수;은유진;노봉남 ] / 정보처리논문지   과학기술학회마을
7 Experience with EMERALD to Date /
[ Peter G.Neumann;Phillip A. Porras ] / Proceeding of the Workshop on Intrusion Detection and Network Monitorin
8 Intrusion Detection : a survey /
[ M.Esmaili;R. Safavi-Naini;J.Pieprzyk ] / International Conference in Computer Communication
9 /
[ Thomas H. Ptacek ] / Insertion, Evasion, and Denial of Service:Eluding Network Intrusion Detection
10 /
[ Kristopher Kendall ] / A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems
11 리눅스 보안 모듈설계 및 구현 /
[ 박남열;송춘환;김정일;노봉남 ] / 제1회 정보보호 연구회 논문발표집
12 Pentration state transition analysis : A rule-based intrusion detection approach /
[ P.A.Porras;R.A.Kemmerer ] / Proc. 8th Annual Computer Security Application Conference
13 A High Performance Network Intrusion Detection System /
[ R.Sekar;Y.Guang;T.Shanbhag;S.Verma ] / ACM Computer and Communication Security Conference
14 L O K I2(the implementation) /
[ daemon9 ] / Phrack Magazine