Browse > Article
http://dx.doi.org/10.13089/JKIISC.2003.13.6.129

Design and Implementation of Anomaly Traffic Control framework based on Linux Netfilter System and CBQ Routing Mechanisms  

조은경 (성균관대학교 정보통신공학부 분산컴퓨팅연구실)
고광선 (성균관대학교 정보통신공학부 분산컴퓨팅연구실)
이태근 (성균관대학교 정보통신공학부 분산컴퓨팅연구실)
강용혁 (극동대학교 경영학부 전자상거래학과)
엄영익 (성균관대학교 정보통신공학부 분산컴퓨팅연구실)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.13, no.6, 2003 , pp. 129-140 More about this Journal
Abstract
Recently viruses and various hacking tools that threat hosts on a network becomes more intelligent and cleverer, and so the various security mechanisms against them have ken developed during last decades. To detect these network attacks, many NIPSs(Network-based Intrusion Prevention Systems) that are more functional than traditional NIDSs are developed by several companies and organizations. But, many previous NIPSS are hewn to have some weakness in protecting important hosts from network attacks because of its incorrectness and post-management aspects. The aspect of incorrectness means that many NIPSs incorrectly discriminate between normal and attack network traffic in real time. The aspect of post-management means that they generally respond to attacks after the intrusions are already performed to a large extent. Therefore, to detect network attacks in realtime and to increase the capability of analyzing packets, faster and more active responding capabilities are required for NIPS frameworks. In this paper, we propose a framework for real-time intrusion prevention. This framework consists of packet filtering component that works on netfilter in Linux kernel and traffic control component that have a capability of step-by-step control over abnormal network traffic with the CBQ mechanism.
Keywords
IPS(Intrusion Prevention System); Netfilter system; CBQ(Class Based Queue);
Citations & Related Records
연도 인용수 순위
  • Reference
1 Protecting Web Servers from Distributed Denial of Service Attacks /
[ Frank Kargl;Jm Maier;Michael Weber ] / Proceedings of the 10th tenthinternational conference on World Wide Web
2 Network Intrusion an Analyst's Handbook /
[ Stephen Northcutt;Judy Novak ] / New Riders (2nd Edition)
3 An Introduction to Intrusion Detection /
[ Aurobind sundaram ] / ACM crossroads Magazine
4 Applying Data Mining to Intrusion Detection: The Quest for Automation, Efficiency, and Credibility /
[ Wenke Lee ] / SIGKDD Explorations   DOI
5 A Distributed Approach to Network Intrusion Detection and Prevention /
[ Qi Zhang;Ramaprabhu Janakiraman ] / Washington University Technical Report # WUCS-01-30
6 /
[ Daniel P.Bovet;Marco Cesati ] / Understanding the linux Kernel(2nd Edition)
7 /
[ Fengmin Gong ] / Next Generation Intrusion Detection Systems
8 /
[ Rusty Russell ] / Linux Netfilter Hacking Howto
9 Real Time Data Mining-based Intrusion Detection /
[ W.Lee;S.Stolfo;P.Chan;E.Eskin;W.Fan;M.Miller;S.Hershkop;J.Zhang ] / Proceedings of the 2nd DARPA Information Survivability Conference and Exposition
10 /
[ Alessardo Rubini;Jonathan Corbet ] / Linux Device Driver(2nd Edition)
11 /
[ Michael Beck (et al.) ] / Linux Kernel Programming(3rd Edition)
12 Intrusion detection: Systems and Models /
[ Joseph S. Sherif;Tommy G. Dearmond ] / Proceedings of the 11th IEEE International Workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises
13 A Statistical Method for Profiling Network Traffic /
[ David Marchette ] / Proceedings of Workshop on Intrusion Detection and Network Monitoring
14 A Data Mining Framework for Building Intrusion Detection Models /
[ Wenke Lee;Salvatore J. Stolfo;Kui W. Mok ] / Proceedings of the 7th USENIX Security Symposium
15 Defending Against Flooding-Based, Distributed Denial-of-Service Attacks: A Tutorial /
[ Rocky KC Chang ] / IEEE Communications Magazine