Browse > Article

An Implementation of ESM with the Security Correlation Alert for Distributed Network Environment  

한근희 (건국대학교 정보통신대학원)
전상훈 (SK infosec 전임 컨설턴트)
김일곤 (고려대학교 컴퓨터학과)
최진영 (고려대학교 컴퓨터학과)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.10, no.2, 2004 , pp. 199-208 More about this Journal
Abstract
In this paper, we propose and implement SIA System for filtering redundant alert messages and dividing them into four statuses. Also, we confirm that our system can find and analyze vulnerability types of network intrusion by attackers in a managed network, so that it provides very effective means for security managers to cope with security threats in real time.
Keywords
ESM(Enterprise security Management); SIM(Security Information Management); CAM(Correlation Alert Message); SIA(Security Information Alert);
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. Botha, R. V. Solms, K. Perry, E. Loubser and G. Yamoyany, 'The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System,' Proceedings of SAICSIT 2002, pp. 149-155, 2002
2 P. Ning, 'Abstraction-Based Intrusion Detection In Distributed Environments,' ACM Transactions on Information and System Security, Vol.4, No.4, pp, 407-452, 2001   DOI
3 T. Bass, 'Intrusion Detection Systems And Multisensor Data Fusion,' Communications of the ACM, Vol.43, No.4, pp. 99-105, 2001   DOI   ScienceOn
4 D. Frincke, 'Balancing Cooperation and Risk in Intrusion Detection,' ACM Transactions on Information and System Security, Vol.3, No.1, pp. 1-29, 2001   DOI
5 NetForensics Article, http://www.netforensics.com. 2003
6 P. Ning, Y. Cui, D. S. Reeves, 'Construction Attack Scenarios through Correlation of Intrusion Alerts,' ACM1-58113-612-9, pp. 245-254, 2002
7 D. Curry, Intrusion Detection Message Exchange Format Extensible Markup Language(XML) Document Type Definition, http://www.ietf.org/ids.by.wg/idwg.html, 2003
8 P. Loshin, Information Security Magazine article for Meta-IDS, http://www.infosecuritymag.com/articles/june01/columns_standards_watch.shtml, 2001
9 IDMEF XML Library (libidmef) Version 0.6.1 API 2002, Silicon Defense. http://www.silicondefense.com/idwg/libidmef/API, 2002