• Journal of the Korea Computer Industry Society
• /
• v.6 no.5
• /
• pp.715-724
• /
• 2005

Recently many important systems that used to be operated in a closed environment are now providing web services and these kinds of web-based services are often an easy and common target of attacks. In addition, the great variety of web content and applications cause the development of new various intrusion technologies, while the misuse-based intrusion detection technology cannot keep the peace with the attacks and it seems to lack the capability to deal with such various new security threats, As a result it is necessary to research and develop new types of detection technologies that can detect newly developed attacks and intrusions as well as to be able to deal with previous types of exploits. In this paper, a HTTP traffic model is tested for its anomaly by using a HTTP request traffic pattern analysis and the field information analysis of the HTTP packet. Consequently, the HTTP traffic models by applying anomaly tests is designed and established.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.7C
• /
• pp.985-996
• /
• 2004

In order to solve the increasing security problems, IDSs(Intrusion Detection System) have appeared. However, local IDSs have a limit to detect various intrusions in a large-scale network environment. So there are a lot of researches in progress which organize the elements of IDS in a distributed or hierarchical manner. In this paper, we design a integrated IDS which exchanges messages between them through the standardized message format (IDMEF) and communication protocol (IDXP). We also propose a policy profile for an effective control of IDSs, and employ the PKI mechanism for mutual authentication. We implement a prototype system for the proposed IDSs communicating with Snort and analyze its performance.

• Journal of Acupuncture Research
• /
• v.19 no.6
• /
• pp.234-246
• /
• 2002

Objective : Ankylosing spondylitic is a chronic inflammatory disease which most frequently the sacro-iliac joints of young men and known as rare disease. There was no clinical report on functional assessment of ankylosing spondylitis. In order to evaluate the effect of clinical treatment, it was necessary to apply valuable and useful of assessment. Methods : We evaluate 1 cases of diagnosed patient with askylosing spondylitis by AIMS2, M-HAQ, K-HAQ, BASFI, and BASDAI after a series of herbal acupuncture treatment.(Solution of herbal acupuncture is made of vaporizing extraction method from the prescription Sineumheo 1.) Results : Herbal acupuncture had relieved pain and morning stiffness successfully and recovered ankylosing spondylitis functionally. Conclusion : 1. Herbal acupuncture had relieved pain and morning stiffness of ankylosing spondylitis. 2. AIMS2 was not useful to evaluate ankylosing spondylitis because of long evaluation time and low specificity. 3. Although there is no translation version of them, BASFI, and BASDAI are clinically useful of assessment, because of short evaluation time and high specificity. 4. K-HAQ with M-HAQ is useful to evaluate the treatment of ankylosing spondylitis because of snort evaluation time and high specificity.

• Journal of KIISE:Information Networking
• /
• v.33 no.2
• /
• pp.113-130
• /
• 2006

Recently with the explosive growth of Internet applications, the attacks of hackers on network are increasing rapidly and becoming more seriously. Thus information security is emerging as a critical factor in designing a network system and much attention is paid to Network Intrusion Detection System (NIDS), which detects hackers' attacks on network and handles them properly However, the performance of current intrusion detection system cannot catch the increasing rate of the Internet speed because most of the NIDSs are implemented by software. In this paper, we propose a new high performance network intrusion using Network Processor. To achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added, a new high performance network intrusion detection system using Intel's network processor, IXP1200, is proposed. Unlike traditional intrusion detection engines, which have been implemented by either software or hardware so far, we design an optimized architecture and algorithms, exploiting the features of network processor. In addition, for more efficient detection engine scheduling, we proposed task allocation methods on multi-processing processors. Through implementation and performance evaluation, we show the proprieties of the proposed approach.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.21-27
• /
• 2009

In the environment of development of network bandwidth and intrusion technology there is limit to the pattern analysis of all massed packets through the existing pattern matching method by the intrusion detection system. To detect the packets efficiently when they are received fragmented, it has been presented the matching method only the pattern of packets consisting with the operation system such as Esnort. Pattern matching performance is improved through the use of NMAP, the basic mechanism od Esnort, by scanning the operation system of the same network system and appling pattern match selectively scanned information and the same operation system as the received packets. However, it can be appeared the case of disregarding the receivied packets depending on the diversity of the kind of operation systems and recognition mistake of operation system of nmap. In this paper, we present and verify the improved intrusion detection system shortening the pattern matching time by the creation of hashy table through the pattern hash of intrusion detection system independently with the users system environment .in the state of flux.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.115-125
• /
• 2003

As Web services are generally open for external uses and not filtered by Firewall, these result in attacker's target. Web attacks which exploit vulnerable web-applications and malicious users' requests cause economical and social problems. In this paper, we are modelling general web service usages based on user-web-session and detect anomal usages with Bayesian estimation method. Finally we propose SAD(Session Anomaly Detection) for detection unknown web attacks. To evaluate SAD, we made an experiment on attack simulation with web vulnerability scanner, whisker. The results show that the detection rate of SAD is over 90%, which is influenced by several features such as size of window or training set, detection filter method and web topology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.93-101
• /
• 2009

This paper proposes the detection method of spreading mails which hacker injects malicious codes to steal the information. And I developed the 'Analysis model' which is decoding traffics when hacker's encoding them to steal the information. I researched 'Methodology of intrusion detection techniques' in the computer network monitoring. As a result of this simulation, I developed more efficient rules to detect the PCs which are infected malicious codes in the hacking mail. By proposing this security policy which can be applicable in the computer network environment including every government or company, I want to be helpful to minimize the damage by hacking mail with malicious codes.