Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2005.12C.6.855

Modeling and Performance Analysis on the Response Capacity against Alert Information in an Intrusion Detection System  

Jeon Yong-Hee (대구가톨릭대학교 컴퓨터정보통신공학부)
Jang Jung-Sook (대구가톨릭대학교 컴퓨터정보통신공학부)
Jang Jong-Soo (한국전자통신연구원 정보보호연구단)
Publication Information
The KIPS Transactions:PartC / v.12C, no.6, 2005 , pp. 855-864 More about this Journal
Abstract
In this paper, we propose an intrusion detection system(IDS) architecture which can detect and respond against the generation of abnormal traffic such as malicious code and Internet worms. We model the system, design and implement a simulator using OPNET Modeller, for the performance analysis on the response capacity of alert information in the proposed system. At first, we model the arrival process of alert information resulted from abnormal traffic. In order to model the situation in which alert information is intensively produced, we apply the IBP(Interrupted Bernoulli Process) which may represent well the burstiness of traffic. Then we perform the simulation in order to gain some quantitative understanding of the system for our performance parameters. Based on the results of the performance analysis, we analyze factors which may hinder in accelerating the speed of security node, and would like to present some methods to enhance performance.
Keywords
IDS; Performance Evaluation; Simulation; Alert Information;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Rajeev Gopalakrishna, 'A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents', CERIAS Tech Report 2001-44, Purdue University, 2001
2 Joseph Barrus and Neil C. Rowe. A distributed autonomousagent network-intrusion detection and response system. In Proceedings of Command and Control Research and Technology Symposium, Monterey, CA, pp.577-586, June, 1998
3 IETF, RFC 3084, 'COPS Usage for Policy Provisioning (COPS-PH)', March, 2001
4 IETF, RFC 2251, 'Lightweight Directory Access Protocol (v3)', December, 1997
5 IETF RFC 2748, 'The COPS(Common Open Policy Service) Protocol', Jan., 2000
6 한국전자통신연구소 최종연구보고서, 분산형 라우터 성능분석을 위한 Traffic Generator 구조에 관한 연구, 1995년 12월
7 Jai Sundar Balasubramaniyan, Jose Omar Garcia Fernandez, David Isacoff, Eugene Spafford, and Diego Zamboni, 'An architecture for intrusion detection using autonomous agents'. In Proceedings of the Fourteenth Annual Computer Security Applications Conference, pages 13-24, IEEE Computer Society, December, 1998   DOI
8 lehiro Ide, 'Superposition of Interrupted Poisson Process and its application to packetized voice multiplexer', in ITC-12, pp.1399-1405, Turin, 1988
9 Carl Endorf, Eugene Schultz, and Jim Mellander, Intrusion Detection & Prevention, McGraw-Hill, 2004
10 H. Debar and A Wespi, 'Aggregation and Correlation of Intrusion Detection Alerts', RAID 2001, LNCS 2212, pp.85-103, 2001
11 Frederic Cuppens, Alexander Mierge, 'Alert Correlation in a Cooperative Intrusion Detection Framework', IEEE Symposium on Security and Privacy 2002   DOI
12 CISCO. CISCO Intrusion Detection System. Technical Information, November, 2001
13 M. Roesch. 'Snort-Lightweight Intrusion Detection for Networks'. In Proceedings of the USENlX LISA '99 Conference, November, 1999
14 한국전자통신연구원 기술문서 v1.0, 2003년 7월
15 ISS. RealSecure Gigabit Network Sensor. http://www.iss.net/products_serivces/ enterprise_protection/rsnetwork/gigabitsensor.php, Setember, 2002
16 D. Curry, H. Debar, 'Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Docmnent Type Definition', IETF Internet Draft, draft-ietf-idwg-idrnef-xml-07.txt, Jun., 2002
17 H. Debar, D. Curry, B. Feinstein, 'The Intrusion Detection Message Exchange Format', IETF Internet Draft, draftietf-idwg-idmef-xml-14, January, 2005
18 Kruegel, C., Valeur, F., Vigna, G. and Kemmerer, R. 'Stateful intrusion detection for high-speed networks', In Proceedings of the IEEE Symposium in Security and Privacy, pp.266-274, 2002   DOI