Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.1.55

Design and Theoretical Analysis of a Stepwise Intrusion Prevention Scheme  

Ko Kwangsun (Sungkyunkwan University)
Kang Yong-hyeog (Far East University)
Eom Young Ik (Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.1, 2006 , pp. 55-63 More about this Journal
Abstract
Recently, there is much abnormal traffic driven by several worms, such as Nimda, Code Red, SQL Stammer, and so on, making badly severe damage to networks. Meanwhile, diverse prevention schemes for defeating abnormal traffic have been studied in the academic and commercial worlds. In this paper, we present the structure of a stepwise intrusion prevention system that is designed with the feature of putting limitation on the network bandwidth of each network traffic and dropping abnormal traffic, and then compare the proposed scheme with a pre-existing scheme, which is a True/False based an anomaly prevention scheme for several worm-patterns. There are two criteria for comparison of the schemes, which are Normal Traffic Rate (NTR) and False Positive Rate (FPR). Assuming that the abnormal traffic rate of a specific network is $\beta$ during a predefined time window, it is known that the average NTR of our stepwise intrusion prevention scheme increases by the factor of (1+$\beta$)/2 than that of True/False based anomaly prevention scheme and the average FPR of our scheme decrease by the factor of (1+$\beta$)/2.
Keywords
stepwise intrusion prevention Scheme; theorretical analysis;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 F. Kargl. J. Maier, and M. Weber, 'Protecting Web Servers from Distributed Denial of Service Attacks,' Proc. of the 10th international conference on World Wide Web, pp. 514-524, May 2001
2 전용희, '침입방지시스템(IPS)의 기술 분석 및 성능평가 방안,' 정보보호학회지 Vol. 15, No. 2, pp. 63-73. 2005   과학기술학회마을
3 J. Kim, K. Ko, Y. Kang and Y. I. Eom, 'Stepwise Intrusion Prevention based on Abnormal Traffic Control Framework.' Proc. of the 4th International Conference on Asian Language Processing and Information Technology (ALPIT 2005), pp. 77-82, Jun. 2005
4 박영희, 정병천, 이윤호, 김희열, 이재원, 윤현수, 'Diffie-Hellman 키 교환을 이용한 확장성을 가진 계층적 그룹키 설정 프롵콜,' 정보봏학회논문지 Vol. 13, No. 5, pp. 3-15. 2003
5 CERT/CC, 'CERT Advisory CA-2001-26 Nimda Worm,' http://www.cert.org/ad visories/ CA-2001-26.html, Sept. 2001
6 R. Russell and A. Machie, 'Code Red II Worm,' Technical Report, Incident Analysis, SecurityFocus, Aug. 2001
7 A Machie. J. Roculan, R. Russell, and M. V. Velzen. 'Nimda Worm Analysis.' Technical Report, Incident Analysis, SecurityFocus, Sep. 2001
8 이상원, 천정희, 김용대, 'Pairing을 이용한 트리 기반 그룹키 합의 프로토콜,' 정보보호학회논문지 Vol. 13, No. 3, pp. 101-110, 2003
9 Linux Advanced Routing HOWTO, http://www.linuxdoc.org/
10 D. Song, R. Malan, and R. Stone. 'A Snapshot of Global Internet Worm Activity,' Technical Report, Arbor Networks, Nov. 2001
11 박영호, 이경현, '이동네크워크 환경에서 그룹키 관리구조,' 정보보호학회논문지 Vol. 12, No. 2, pp. 77-89, 2002
12 조태남, 이상호, '(2,4)-트리를 이용한 그룹키 관리,' 정보보호학회논문지 Vol. 11, No. 4, pp. 64-77, 2001
13 R. K. C. Chang, 'Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial.' IEEE Communications Magazine, Vol. 40, No. 10. pp, 42-51, oct. 2002
14 권정옥, 황정연, 김현정, 이동훈, 임종인, '일방향 함수와 XOR을 이용한 효율적인 그룹키 관리 프로토콜: ELKH,' 정보보호학회논문지 Vol. 12, No. 6, pp 93-112, 2002
15 S. Stamford, V. Paxson, and N. Weaver, 'How to Own the Internet in Your Spare Time.' Proc. of the 11th USENIX Security Symposium (Security '02). pp 149-167, Aug. 2002
16 K. Ko, E. Cho, T. Lee, Y. Kang, and Y. I. Eom, 'The Abnormal Traffic Control Framework based on QoS Mechanisms,' Lecture Notes in Computer Science 3280, pp. 167-175, Oct. 2004   DOI