Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.3.121

A Study for Rule Integration in Vulnerability Assessment and Intrusion Detection using Meaning Based Vulnerability Identification Method  

Kim, Hyung-Jong (Seoul Women's University)
Jung, Tae-In (Korea Information Security Agency)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.3, 2008 , pp. 121-129 More about this Journal
Abstract
This paper presents vulnerability identification method based on meaning which is making use of the concept of atomic vulnerability. Also, we are making use of decomposition and specialization processes which were used in DEVS/SES to get identifiers. This vulnerability representation method is useful for managing and removing vulnerability in organized way. It is helpful to make a relation between vulnerability assessing and intrusion detection rules in lower level. The relation enables security manager to response more quickly and conveniently. Especially, this paper shows a mapping between Nessus plugins and Snort rules using meaning based vulnerability identification method and lists usages based on three goals that security officer keeps in mind about vulnerability. The contribution of this work is in suggestion of meaning based vulnerability identification method and showing the cases of its usage for the rule integration of vulnerability assessment and intrusion detection.
Keywords
Meaning-based Vulnerability Identification; Vulnerability Assessment; Intrusion Detection; DEVS-formalism;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Robert J. Ellison, David A. Fisher, Richard C. Linger, Howard F. Lipson, Thomas A. Longstaff, Nancy R. Mead "Survivability : Protecting Your Critical Systems", IEEE Internet Computing, November December, Vol 3, pp. 55-63, 1999
2 TaeHo Cho and HyungJong Kim, "DEVS Simulation of Distributed Intrusion Dctection System", Transactions of the Society for Computer Simulation International, vol. 18, no. 3, pp. 133-146, September, 2001
3 B. P. Zeigler, Multifacetted Modeling and Discrete Event Simulation, Orlando, FL : Academic, 1984
4 B. P. Zeigler, Object-Oriented simulation with Hierarchical, Modular Models, San Diego, CA, USA : Academic Press, 1990
5 F. Cohen, "Simulating Cyber Attacks, Defenses, and Consequences", Computer & Security, Vol.18, pp. 479-518, 1999   DOI   ScienceOn
6 B. P. Zeigler, Theory of Modeling and Simulation 2nd Edition, Academic Press, 2000
7 M. Bishop, "Vulnerabilities Analysis", Proceedings of the Recent Advances in Intrusion Detection, pp. 125-136, September, 1999
8 HyungJong Kim, "System specification Network Modeling for Survivability Testing Simulation", Information Security and Cryptology ICISC 2002, LNCS Vol. 2587, pp. 90-106, November, 2002
9 Renaud Deraison, Nessus Network Auditing Syngress, 2004
10 N. Ye and J. Giordano, "CACA-A Process Control Approach to Cyber Attack Dctection", Communication of the ACM, Vol.44(8), pp. 76-82, 2001
11 Jay Beale, Snort 2.1 Intrusion Detection 2nd Edition, Syngress, 2004
12 Nancy R. Mead et. al., "Survivable Network Analysis Method", CMU/SEI-2000-TR-013, Sep. 2000