• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1197-1213
• /
• 2014

Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels' 'Network Security Situational Awareness(NSSA)' is effectively determining the security situation of overall computer network on the basis of the relation between the security events that occur in the several views. The process of situational awareness is divided into three stages of the 'identification,' 'understanding' and 'prediction'. And 'identification' and 'understanding' are prerequisites for 'predicting' and the following appropriate responses. But 'identification' and 'understanding' in the vast amount of information became more difficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the 'identification' and 'understanding' stages. And we identified the empirical effects of this system on the basis of the 'VAST Challenge 2012' data.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.7B
• /
• pp.1050-1057
• /
• 2010

Nowadays, the network attack occurs frequently. At the same time, the inbound network is also attacked. Even though the security system has been continuously developed in order to prevent from attacks, the network performance is sacrificed for the network security. Therefore, a security system which obtains performance and security together is urgently needed. In this paper, an arrangement of functional firewall and a secure clustering methodology, obtained from distributing functions of a conventional firewall, are proposed based on the idea that performance and security should be obtained together.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1577-1580
• /
• 2005

With remarkable growth of using Internet, attempts to try intrusions on network are now increasing. Intrusion Detection System is a security system which detects and copes illegal intrusions. Especially with increasing dispersive attacks through network, concerns for this Distributed Intrusion Detection are also rising. The previous Intrusion Detection System has difficulty in coping cause it detects intrusions only on particular network and only same segment. About same attacks, system lacks capacity of combining information and related data. Also it lacks cooperations against intrusions. Systematic and general security controls can make it possible to detect intrusions and deal with intrusions and predict. This paper considers Distributed Intrusion Detection preventing attacks and suggests the way sending active packets between nodes safely and performing in corresponding active node certainly. This study suggested improved E-IDS system which prevents service attacks and also studied sending messages safely by encoding. Encoding decreases security attacks in active network. Also described effective ways of dealing intrusions when misuses happens thorough case study. Previous network nodes can't deal with hacking and misuses happened in the middle nodes at all, cause it just encodes ends. With above suggested ideas, problems caused by security services can be improved.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.256-259
• /
• 2013

Data and network security for e-Healthcare Systems are a primary concern due to the easiest deployment area accessibility of the sensor devices. Furthermore, they are often interacting closely in cooperation with the physical environment and the surrounding people, where such exposure increases security vulnerabilities in cases of improperly managed security of the information sharing among different healthcare organizations. Hence, healthcare-specific security standards such as authentication, data integrity, system security and internet security are used to ensure security and privacy of patients' information. This paper discusses security threats on e-Healthcare Systems where an attacker can access both data and network using masquerade attack. Moreover, an efficient and cost effective approach for countermeasures is discussed for the delivery of secure services.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1602-1605
• /
• 2005

An audit tracer is one of the last ways to defend an attack for network equipments. Firewall and IDS which block off an attack in advance are active way and audit tracing is passive way which analogizes a type and a situation of an attack from log after an attack. This paper explains importance of audit trace function in network equipment for security and defines events which we must leave by security audit log. We design and implement security audit system for secure router. This paper explains the reason why we separate general audit log and security audit log.

• Journal of the Korea Society of Computer and Information
• /
• v.3 no.4
• /
• pp.120-125
• /
• 1998

Many Company or college construct the network for the of office efficient and information but they construct the total solution from vendor without security consultant. It makes many security problems. In this paper, I expalaned the network security system method from the three information security system that block system, encryption system, authentication system

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.9
• /
• pp.1374-1381
• /
• 2022

Existing research on security technology related to network attack response has focused on research using hardware network security technology, network attacks that wiretap and wiretap network packets, denial of service attack that consumes server resources to bring down the system, and network by identifying vulnerabilities before attack. It is classified as a scanning attack. In addition, methods for increasing network security, antivirus vaccines and antivirus systems have been mainly proposed and designed. In particular, many users do not fully utilize the security function of the router. In order to overcome this problem, it is classified according to the network security level to block external attacks through layered security management through layer-by-layer experiments. The scope of the study was presented by examining the security technology trends of edge routers, and suggested methods and implementation examples to protect from threats related to edge router-based network attacks.

• Journal of the Korea Society for Simulation
• /
• v.12 no.4
• /
• pp.25-40
• /
• 2003

With the growing usage of the networks, the world-wide Internet has become the main means to exchange data and carry out transactions. It has also become the main means to attack hosts. To solve the security problems which occur in the network such as Internet, we import software products of network security elements like an IDS (Intrusion Detection System) and a firewall. In this paper, we have designed and constructed the general simulation environment of network security model composed of multiple IDSes and a firewall which coordinate by CNP (Contract Net Protocol) for the effective detection of the intrusion. The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. Command console in the CNP is a manager who controls the execution of agents or a contractee, who performs intrusion detection. In the network security model, each model of simulation environment is hierarchically designed by DEVS(Discrete Event system Specification) formalism. The purpose of this simulation is that the application of rete pattern-matching algorithm speeds up the inference cycle phases of the intrusion detection expert system and we evaluate the characteristics and performance of CNP architecture with rete pattern-matching algorithm.

• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.197-206
• /
• 2003

With the growing usage of the networks, the world-wide Internet has become the main means to exchange data and carry out transactions. It has also become the main means to attack hosts. To solve the security problems which occur in the network such as Internet, we import software products of network security elements like an IDS (Intrusion Detection System) and a firewall. In this paper, we have designed and constructed the General Simulation Environment of Network Security model composed of multiple IDSes and a firewall which coordinate by CNP (Contract Net Protocol) for the effective detection of the intrusion. The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. Command console in the CNP is a manager who controls tie execution of agents or a contractee, who performs intrusion detection. In the Network Security model, each model of simulation environment is hierarchically designed by DEVS (Discrete EVent system Specification) formalism. The purpose of this simulation is to evaluate the characteristics and performance of CNP architecture with rete pattern matching algorithm and the application of rete pattern matching algorithm for the speeding up the inference cycle phases of the intrusion detection expert system.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.1-7
• /
• 2005

Today, network is a fragile state in many threat attacks. Especially, the company serviced like internet or e-commerce is exposed to danger and targeted of attacker Therefore, it is realistic that the company use the security solution. It exist various security solution in our school network. For example, Firewall, IDS, VirusWall, VPN, etc. The administrator must manage various security solution. But it is inefficient. Therefore, we need the Management System to controll every security solution. In this paper, we deal with basic contents of security solution to manage the ESM and merits and demerits when use it. Also we suggest method that the Administrator can manage his network more efficiently and systematically by using the ESM in our school network.