• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.385-389
• /
• 2001

인터넷 기술이 발전되고 활성화됨에 따라 인터넷에 연결된 호스트들과 네트워크는 외부의 악의적인 침입자에 의해 공격받을 수 있는 잠재성이 나날이 증가하고 있다. 이러한 이유로 네트워크 및 호스트 보안에 대한 관심과 연구활동이 활발해 졌으며, 대표적인 보안 솔루션 중의 하나인 침입탐지시스템이 각광을 받고 있다. 탐지 기술적 분류에 따라 크게 네트워크 기반 침입탐지시스템과 호스트 기반 침입탐지시스템이 존재하며, 한편으로 네트워크 규모의 증대로 다수의 침입탐지시스템의 운용이 필요하다. 이와 같이 이질적인 다수의 침입탐지시스템을 운용하는 경우, 관리의 복잡성과 관리비용의 증대라는 문제점을 내포한다. 본 논문에서는 이질적인 다수의 침입탐지에이전트들을 통합 관리하기 위한 중앙통제 시스템의 구현을 설명하고, 여기에 확장성과 유연성을 부여하기 위한 관리 자료 구조의 설계에 대해 기술한다.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.7
• /
• pp.953-956
• /
• 2002

The threat to the network is increasing due to explosive increasing use of the Internet. Current IDS(Intrusion Detection System) detects intrusion and does individual response in small area network. It is important that construction of infra to do response in all system environment through sharing information between different network domains. This paper provides a policy-based IDS management architecture enabling management of intrusion detection systems. The IIDS(Integrated Intrusion Detection System) is composed of IDAs(Intrusion Detection Agents). We describe requirements in design and the elements of function.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.643-645
• /
• 2002

현재 웹기반의 네트워크 침입 탐지 시스템은 관리자가 네트워크가 연결된 상태어서 관리자가 컴퓨터 앞에서 감시하고 그에 적절한 대응을 해야 하지만 관리자가 자리를 비웠을 경우에는 그러한 침입에 신속하게 대응하기가 어렵다. 하지만 무선 인터넷의 발달로 인하여 관리자가 무선 단말기 상에서 네트워크 침입탐지를 감지하고 그에 적절한 대응을 할 수 있게끔 하기 위해서 본 논문을 작성하게 되었다. 본 논문에서는 WAP Push Framework 기술을 바탕으로 해서 모바일 기반에서 시스템 관리자가 장애탐지, 네트워크 모니터링, IP관리 등을 직접 무선 단말기 상에서 관리함으로써 IDS관리를 좀더 효율적으로 관리할 수 있을 것이다.

• Convergence Security Journal
• /
• v.1 no.1
• /
• pp.21-29
• /
• 2001

For multiple attacks through large networks e.g., internet, IDS had better be installed over several hosts and collect all the audit data from them with appropriate synthesis. We propose a new distributed intrusion detection system called SPIDER II which is the upgraded version of the previous standalone IDS - SPIDER I. As like the previous version, SPIDER II has been implemented on Linux Accel 6.1 in CNU C. After planting intrusion detection engines over several target hosts as active agents, the administration module of SPIDER II receives all the logs from agents and analyzes hem. For the world-wide standardization on IDS, SPIDER II is compatible with MITRE's CVE(Common Vulnerabilities and Exposures).

• Journal of the Korea Society for Simulation
• /
• v.21 no.4
• /
• pp.91-102
• /
• 2012

Network port scan attack is the method for finding ports opening in a local network. Most existing IDSs(intrusion detection system) record the number of packets sent to a system per unit time. If port scan count from a source IP address is higher than certain threshold, it is regarded as a port scan attack. The degree of risk about source IP address performing network port scan attack depends on attack count recorded by IDS. However, the measurement of risk based on the attack count may reduce port scan detection rates due to the increased false negative for slow port scan. This paper proposes a method of summarizing 4 types of information to differentiate network port scan attack more precisely and comprehensively. To integrate the riskiness, we present a risk index that quantifies the risk of port scan attack by using PCA. The proposed detection method using risk index shows superior performance than Snort for the detection of network port scan.

• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.43-53
• /
• 2007

Intrusion detection system(IDS) has recently evolved while combining signature-based detection approach with anomaly detection approach. Although signature-based IDS tools have been commonly used by utilizing machine learning algorithms, they only detect network intrusions with already known patterns, Ideal IDS tools should always keep the signature database of your detection system up-to-date. The system needs to generate the signatures to detect new possible attacks while monitoring and analyzing incoming network data. In this paper, we propose a new outlier cluster detection algorithm with density (or influence) function, Our method assumes that an outlier is a kind of cluster with similar instances instead of a single object in the context of network intrusion, Through extensive experiments using KDD 1999 Cup Intrusion Detection dataset. we show that the proposed method outperform the conventional outlier detection method using Euclidean distance function, specially when attacks occurs frequently.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.57-65
• /
• 2003

A protection profile is the required specification document by consumer groups to specify what security purpose they would like to have in their specialized products. A protection profile assumption is the document that specifies consumer environment in the physical, artificial, network perspective and the contents of intended usage which include usage limitation, the value of latent asset, and additional applications for a TOE (Target of Evaluation). In this paper, we compare the assumptions of the NSA IDS PP and the IDS PP for government.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.2 s.40
• /
• pp.75-82
• /
• 2006

The service use management for keeping up stable and effective environment is hard little by little by according to increase of internet user and being complicated network environment of the Internet little by little. being various of the requirements of the service which is provided and the user demand. And the beginning flag security was limited in IDS, But recently the integrated civil management is coming to be considered seriously according to adventting IDS. Firewall , Security or system. The development of integrated security civil management system to analyze widely through observation and detection at Network or host base, the judgment of attack, and integrated analysis of infiltration information is necessary because of detecting the various type attack.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.9-14
• /
• 2010

The network architecture and analysis model for evaluating the information security are presented to distribute the reliable and secure multimedia digital contents. Using the firewall and IDS, the function of the proposed model includes the security range, related data collection/analysis, level evaluation and strategy proposal. To develop efficient automatic analysis tool, the inter-distribution algorithm and network design based on the traffic analysis between web-server and user are needed. Furthermore, the efficient algorithm and design of DRM/PKI also should be presented before the development of the automatic information security model.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.10a
• /
• pp.777-780
• /
• 2000

최근 세계적으로 유수한 인터넷 사이트들의 해킹으로 인해 네트워크 보안의 중요성이 강조되고 있다. 네트워크 보안을 위해 방화벽보다는 좀 더 신뢰성이 높은 네트워크 및 시스템에 대한 보안 솔루션으로 침입 탄지 시스템(IDS)이 차세대 보안 솔루션으로 부각되고 있다. 본 논문에서는 기존의 IDS의 단점이었던 호스트 레벨에서 확장된 분산환경에서의 실시간 침입 탐지는 물론 이기종간의 시스템에서도 탐지가 가능한 새로운 IDS 모델을 제안.설계하였다. 그리고, 프로토타입을 구현하여 그 타당성을 검증하였다. 이를 위해 서로 다른 이기종에서 침입 탐지에 필요한 감사 파일을 자동적으로 추출하기 위해서 분산 에이전트를 이용한다.