Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2005.12C.6.817

Multi-Domain Security Management Framework and Its Performance Evaluation for Protecting BcN Infrastructure  

Jang Jung-Sook (대구가톨릭대학교)
Jeon Yong-Hee (대구가톨릭대학교 컴퓨터정보통신공학부)
Jang Jong-Soo (한국전자통신연구원 정보보호연구단)
Publication Information
The KIPS Transactions:PartC / v.12C, no.6, 2005 , pp. 817-826 More about this Journal
Abstract
BcN(Broadband convergence Network) is being developed in order to support a variety of network applications, with enhanced capabilities of QoS(Quality of Service) provisioning and security, and IPv6. In a high-speed network environment such as BcN, it if more likely for the network resources to be exposed to various intrusion activities. The propagation speed of intrusion is alto expected to be much faster than in the existing Internet In this paper, we present a multi-domain security management framework which my be used for a global intrusion detection at multiple domains of BcN and describe its characteristics. For the performance evaluation, we first present test results for the security node and compare with other products. Then we design and Implement an OPNET simulator for the proposed framework, and present some simulation results. In the simulation model, we focus on the performance of alert information in the security overlay network.
Keywords
Broadband Convergence Networks; Intrusion Detection System; Security Management; Communication Model; Performance Evaluation; Simulation;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 D. Curry, H Debar, 'Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition', IETF Internet Draft, drafhetf-idwg-idmef-xml-07.txt, Jun., 2002
2 IP Security Policy, http://www.ietf.org;html.charters/ipspcharter.html
3 장종수, 김기영, 류걸우, '안전한 정보보호 인프라 제공을 위한 글로벌 네트워크 보안제어 프레임워크', 한국통신학회지, 제19권 8호, pp.1146-1156, 2002년 8월   과학기술학회마을
4 M. Stevens, Policy Framework Internet Draft, draft-ietf-policy-framework-05.txt, Sep., 1999
5 Ian Poynter and Brad Doctor, Beyond the firewall: The next level of network security, StillSecure, Jan., 2003
6 Top Layer White Paper, Beyond IDS: Essentials of Network Intrusion Prevention, pp.1-18, Nov., 2002
7 Neil Desai, Intrusion Prevention Systems: the Next Step in the Evolution of IDS, http://www.securityfocus.com/printable/infocus/1670, Feb., 2003
8 Diego Martin lamboni, 'Using Internal Sensors for Computer Intrusion Detection', Ph. D. dissertation, Purdue University, CERIAS TR 2001-42, August, 2001
9 Rajeev Gopalalaishna, 'A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents', CERIAS Tech Report 2001-44, Purdue University, 2001
10 'Telecommunications and Internet Protocol Harmonization over Networks(TIPHON) Security; Threat Analysis', DTR/TIPHON-08002 V0.1.9 (2001-02-09)
11 서동일, 김광식, 장종수, 손승원, 'IT 839 전략 추진을 위한 정보보호 기술개발 방향', 한국전자통신연구원 전자통신동향분석 제 20권 제 1호, 2005년 2월
12 Carl Endorf, Eugene Schultz, and Jim Mellander, Intrusion Detection & Prevention, McGraw-HilI, 2004
13 Eric Ahlm, Is Intrusion Prevention Changing Information Security?, Rev. Ver. 1.1, March 2004, Vigilar Inc.
14 A White Paper by NetScreen Technologies Inc., Intrusion Detection and Prevention: Protecting your network from attacks, version 2.0, http://www.netscreen.com
15 IETF, RFC 3084, 'COPS Usage for Policy Provisioning (COPS-PR)', March, 2001
16 B. Gamm, B. Howard, O. Paridaens, 'Security features required in an NGN', Alcatel Telecommunications Review, 2nd Quarter 2001, pp.129-133
17 정보통신부 BcN 구축 기본 계획(2. 통합망 보안기능 고도화), pp76-83, 2004년 2월, 한국전산원
18 김병구, 김익균, 이종국, 장종수, '고속 침입 탐지 및 대응을 위한 기가비트 침입지시스템의 구현', 제8회 COMSW 학술대회 논문집, pp. 51-55, 2003. 7월
19 Madalina Baltatu, Antonio Lioy, and Daniele Mazzocchi, 'Security Policy System: status and perspective', pp.278-284, 1999   DOI