• Journal of the Korea Society for Simulation
• /
• v.17 no.2
• /
• pp.83-90
• /
• 2008

We introduce the coordination among the intrusion detection agents by BBA(BlackBoard Architecture) that belongs to the field of distributed artificial intelligence. The system which uses BBA for the coordination can be easily expanded by adding new agents and increasing the number of BB(BlackBoard) levels. Several simulation tests performed on the targer network will illustrate our techniques. And this paper applies PBN(Policy-Based Network) to reduce the false positives that is one of the main problems of IDS. The performance obtained from the coordination of intrusion detection agent with PBN is compared against the corresponding non PBN type intrusion detection agent. The application of the research results lies in the experimentation of the various security policies according to the network types in selecting the best security policy that is most suitable for a given network.

• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.39 no.1
• /
• pp.77-82
• /
• 2002

IDS has been studied mainly in the field of the detection decision and collecting of audit data. The detection decision should decide whether successive behaviors are intrusions or not , the collecting of audit data needs ability that collects precisely data for intrusion decision. Artificial methods such as rule based system and neural network are recently introduced in order to solve this problem. However, these methods have simple host structures and defects that can't detect changed new intrusion patterns. So, we propose the method using data mining that can retrieve and estimate the patterns and retrieval of user's behavior in the distributed different hosts.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.10a
• /
• pp.479-482
• /
• 2001

IDS has been studied mainly in the field of the detection decision and collecting of audit data. The detection decision should decide whether successive behaviors are intrusions or not, the collecting of audit data needs ability that collects precisely data for intrusion decision. Artificial methods such as rule based system and neural network are recently introduced in order to solve this problem. However, these methods have simple host structures and defects that can't detect transformed intrusion patterns. So, we propose the method using data mining that can retrieve and estimate the patterns and retrieval of user's behavior in the distributed different hosts.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.879-882
• /
• 2001

본 논문에서는 이동 에이전트를 이용하여 현재 침입탐지시스템이 가지고 있는 문제점을 해결하고자 한 연구들에 대하여 살펴보고자 한다. 현재 대부분 네트워크 침입탐지시스템의 분산되어 있고, 계층화되어 있는 구조에 의하여 시스템의 유연성이 부족해지고 정보가 단일 모듈에 집중되는 문제점이 발생된다. 이러한 문제점을 해결하고자 자치성 및 이동성을 가진 이동 에이전트 시스템을 도입하는 연구들이 진행되고 있다. 이러한 연구들 중에서 침입의 근원지를 추적하는 연구 및 네트워크에 면역 시스템을 구축하는 연구에 대하여 살펴볼 것이며, 이러한 두 가지의 연구 분야 이외에도 이동 에이전트 시스템을 도입할 수 있는 분야에 대해서도 언급할 것이다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.676-679
• /
• 2001

As network security is coning up with significant problem after the major Internet sites were hacked nowadays, IDS(Intrusion Detection System) is considered as a next generation security solution for more reliable network and system security rather than firewall. In this paper, we propose the new IDS model which tan detect intrusion in different systems as well as which ran make real-time detection of intrusion in the expanded distributed environment in host level of drawback of existing IDS. We implement its prototype and verify its validity. We use pattern extraction agent so that we can extract automatically audit file needed in distributed intrusion detection even in other platforms.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.808-811
• /
• 2010

최근 네트워크를 구성하는 기반 시설의 성능이 향상됨에 따라 대량의 트래픽에 대한 네트워크 침입탐지 시스템의 성능을 향상시키기 위한 연구가 진행되고 있다. 대규모 네트워크에서는 단일 시스템으로 네트워크 내의 모든 트래픽을 분석하는 것이 불가능하므로 병렬 구조 NIDS를 도입하여야 하는데, 이를 위해서는 병렬 구조를 이루는 각 NIDS 노드로의 부하 분산이 필요하다. 플로우 기반 부하 분산 기법은 이러한 부하 분산 기법 중 하나로, TCP 세그먼트의 재조합으로 인해 발생하는 통신 오버헤드를 줄일 수 있어 효율적이다. 본 논문에서는 네트워크 트래픽의 특성과 각 노드의 성능을 고려하여 플로우 기반 부하 분산이 효율적으로 이루어질 수 있는 방안을 제안한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.05a
• /
• pp.619-622
• /
• 2002

IDS has been studied mainly in the field of the detection derision and collecting of audit data. The detection decision should decide whether successive behaviors are intrusions or not , the collecting of audit data needs ability that collects precisely data for intrusion decision. Artificial methods such as rule based system and neural network are recently introduced in order to solve this problem. However, these methods have simple host structures and defects that can't detect transformed intrusion patterns. So, we propose the method using data mining agent that can retrieve and estimate the patterns and retrieval of user's behavior in the distributed different hosts.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.2
• /
• pp.251-260
• /
• 2004

As the importance and the need for network security is increased, many organization uses the various security systems. They enable to construct the consistent integrated security environment by sharing the vulnerable information among firewall, intrusion detection system, and vulnerable scanner. We construct the integrated security simulation environment that can be used by some security system model. In this paper, we have designed and constructed the general simulation environment of network security model composed of multiple IDSs agent and a firewall agent which coordinate by CNP (Contract Net Protocol). The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. We compare the selection algorithm in the CPN with the Fuzzy Controller for the effective method to select the agents.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.1067-1070
• /
• 2005

컴퓨터와 네트워크의 보급이 일반화되면서 인터넷을 통한 정보 전달이 일상생활처럼 되고 있다. 또한 인터넷, 무선통신, 그리고 자료 교환에 대한 증가로 인해 다른 사용자와 접속하기 위한 방식은 빠르게 변화하고 있다. 그러나 기존의 침입 차단 시스템과 침입 탐지 시스템과 같은 시스템 외부방어 개념의 보안 대책은 전산망 내의 중요한 정보 및 자원을 보호함에 있어서 그 한계를 갖는다. 본 논문에서는 해킹으로 판단되는 침입에 대하여 라우터의 구조적 변경 없이 효율적으로 역추적 하기 위해서 ICMP 역추적 메시지(ICMP Traceback Message)를 이용한 ICMP 기반의 역추적 시스템을 설계한다.

• Journal of the Korea Computer Industry Society
• /
• v.4 no.12
• /
• pp.965-974
• /
• 2003

Today's network consists of a large number of routers and servers running a variety of applications. In this paper, we have designed and constructed the general simulation environment of network security model composed of multiple IDSs agent and a firewall agent which coordinate by CNP (Contract Net Protocol). The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. Command console in the CNP is a manager who controls the execution of agents or a contractee, who performs intrusion detection. In the knowledge-based network security model, each model of simulation environment is hierarchically designed by DEVS (Discrete Event system Specification) formalism. The purpose of this simulation is the application of rete pattern-matching algorithm speeding up the inference cycle phases of the intrusion detection expert system. we evaluate the characteristics and performance of CNP architecture with rete pattern-matching algorithm.