• The KIPS Transactions:PartA
• /
• v.12A no.5 s.95
• /
• pp.395-404
• /
• 2005

There have been large concerns about survivability defined as the capability of a system to perform a mission-critical role, in a timely manner, in the presence of attacks, failures. In particular, One of the most important core technologies required for the design of the ITS(Intrusion Tolerance System) that performs continuously minimal essential services even when the computer system is partially compromised because of intrusions is the survivability one of In included the dependability analysis of a reliability and availability etc. quantitative dependability analysis of the In. In this Paper, we applied self-healing mechanism utilizing two factors of self-healing mechanism (fault model and system response), the core technology of autonomic computing to secure the protection power of the ITS and consisted of a state transition diagram of the ITS composed of a primary server and a backup server. We also defined the survivability, availability, and downtime cost of the ITS, and then performed studies on simulation experiments and two cases of vulnerability attack. Simulation results show that intrusion tolerance capability at the initial state is more important than coping capability at the attack state in terms of the dependability enhancement.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.7-12
• /
• 2009

It is very difficult to completely block the DDoS attack, which paralyzes services by depleting resources or occupying the network bandwidth by transmitting a vast amount of traffic to the specific website or server from normal users' PCs that have been already infected by an outside attacker. In order to defense or endure the DDoS attack, we usually use various solutions such as IDS (Intrusion Detection System), IPS (Intrusion Prevention System), ITS (Intrusion Tolerance System), FW (Firewall), and the dedicated security equipment against DDoS attack. However, diverse types of security appliances cause the cost problem, besides, the full function of the equipments are not performed well owing to the unproper setting without considering connectivity among systems. In this paper, we present the effective connectivity of security equipments and countermeasure methodology against DDoS attack. In practice, it is approved by experimentation that this designed methdology is better than existing network structure in the efficiency of block and endurance. Therefore, we would like to propose the effective security control measures responding and enduring against discriminated DDoS attacks through this research.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.971-974
• /
• 2005

네트워크 기반 컴퓨터 시스템이 내/외부 침입에 의해 시스템 일부가 손상(Partially Compromised) 되더라도, 최소한의 필수 서비스를 지속적으로 제공할 수 있게 해주는 침입감내시스템(Intrusion Tolerance System)의 설계에 요구되는 요소 기술 중의 하나는 정량적 신인도(Dependability) 분석이라 할 수 있다. 특히, 신인도중에서 생존성(Survivability)은 침임감내의 개념을 일관되게 반영하고 있는 척도(Measure)이므로 침입감내시스템의 설계시 중요한 요소라 할 수 있다. 본 논문에서는 자가치유 (Self-healing) 메커니즘을 활용하여 주서버와 보조서버가 각 1 대인 Cold-standby 방식의 침입감내시스템의 상태천이(State Transition)를 표현한 후, 시스템의 가용도 및 생존성을 정의하였다. 또한, 시뮬레이션을 통해 두가지 취약성 공격 사례에 대한 생존성 변화추이를 분석함으로써 신인도 향상 방안을 기술하였다.

• Proceedings of the IEEK Conference
• /
• 2003.07d
• /
• pp.1359-1362
• /
• 2003

The intrusions appears continuously by new unknown attacks exploiting vulnerabilities of systems or components but there are no perfect solutions to protect this unknown attacks. To overcome this problem, in this paper, we have proposed and implemented a Web service intrusion tolerant system that provides continuous Web services to the end users transparently even after the occurrence of an attack against the Web services, and prevents the disclosure of system's configuration data from server Our system has an N+l node architecture which is to minimize the number of redundant server nodes and to tolerate the intrusion effectively, and it also supports diversity in its design. Experimental result obtained on an implemented system show that our system can cope with intrusion such as DoS, file modification, confidentiality compromise of system properly.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2004.05a
• /
• pp.1-6
• /
• 2004

Intrusion tolerant technology is the technology to guarantee the Quality of service for certain amount time from the attacks which cannot be defended by the previous information security technologies. It increases the availability and confidentiality of the system by minimizing the damage from the attacks. And the fundamental components of the intrusion tolerant technology are voting and GMP(Group Management Protocol). In this paper, we present a new scheme to analyze the voting dependability and corrupt member detection dependability, which is very critical in GMP. Based on this scheme, we can make a new security policy and the methodology of analyzing the dependability itself also can be applicable to the other field.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.6
• /
• pp.1273-1293
• /
• 2010

Immune-inspired intrusion detection is a promising technology for network security, and well known for its diversity, adaptation, self-tolerance, etc. However, scalability and coverage are two major drawbacks of the immune-inspired intrusion detection systems (IIDSes). In this paper, we propose an IIDS framework, named GEP-IIDS, with improved basic system elements to address these two problems. First, an additional bio-inspired technique, gene expression programming (GEP), is introduced in detector (corresponding to detection rules) representation. In addition, inspired by the avidity model of immunology, new avidity/affinity functions taking the priority of attributes into account are given. Based on the above two improved elements, we also propose a novel immune algorithm that is capable of integrating two bio-inspired mechanisms (i.e., negative selection and positive selection) by using a balance factor. Finally, a pruning algorithm is given to reduce redundant detectors that consume footprint and detection time but do not contribute to improving performance. Our experimental results show the feasibility and effectiveness of our solution to handle the scalability and coverage problems of IIDS.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.799-808
• /
• 2003

Existing security solutions such as Firewell and IDS (Intrusion Detection System) have a trouble in getting accurate detection rate about new attack and can not block interior attack. That is, existing securuty solutions have various shortcomings. Shortcomings of these security solutions can be supplemented with mechanism which guarantees an availability of systems. The mechanism which guarantees the survivability of node is various, we approachintrusion telerance using real time response mechanism. The monitoring code monitors related resources of system for survivability of vulnerable systm continuously. When realted resources exceed threshold, monitoring and response code is deployed to run. These mechanism guarantees the availability of system. We propose control mathod about resource monitoring. The monitoring code operates with this method. The response code may be resident in active node for availability or execute a job when a request is occurred. We suggest the node survivability mechanism that integrates the intrusion tolerance mechanism that complements the problems of existing security solutions. The mechanism takes asvantage of the automated service distribution supported by Active Network infrastructure instead of passive solutions. The mechanism takes advantage of the automated service distribution supported by Active Network infrastructure instead of passive system reconfiguration and patch.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.95-102
• /
• 2003

In order to guarantee the survivability of essential services against attacks based on new methodology, we need a solution to recognize important resources for the services and to adapt the urgent situation properly. In this paper, we present a dynamic resource reallocation scheme which is one of the core technologies for the construction of intrusion tolerant systems. By means of resource reallocation within a host, this scheme enables selected essential services to survive even after the occurrence if a system attack. Experimental result obtained on a test-bed reveals the validity of the proposed scheme for resource reallocation. This scheme may work together with IDS (Intrusion Detection System) to produce more effective responsive mechanisms against attacks.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.1
• /
• pp.1-12
• /
• 2010

Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks,from 0.62 to 0.84 about 35%.

• Journal of the Speleological Society of Korea
• /
• no.80
• /
• pp.11-19
• /
• 2007

Most studies in the past in testing and benchmarking on Intrusion Detection System (IDS) were conducted as comparisons, rather than evaluation, on different IDSs. This paper presents the evaluation of the performance of one of the open source IDS, snort, in an inexpensive high availability system configuration. Redundancy and fault tolerance technology are used in deploying such IDS, because of the possible attacks that can make snort exhaust resources, degrade in performance and even crash. Several test data are used in such environment and yielded different results. CPU speed, Disk usage, memory utilization and other resources of the IDS host are also monitored. Test results with the proposed system configuration environment shows much better system availability and reliability, especially on security systems.