Coordination among the Security Systems using the Blackboard Architecture

블랙보드구조를 활용한 보안 모델의 연동

  • Published : 2003.04.01


As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.


  1. E. D. Zwicky, S. Cooper and D. B. Chapman, Building Internet Firewalls second edition, O'reilly & Associates, 2000
  2. E. Amoroso, Intrusion Detection-An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response, Intrusion.Net Books, 1999
  3. S. Mclure, J. Scambray and G. Kurtz, Hacking Exposed: Network Security Secrets and Solutions, McGraw-Hill, 1999
  4. R. Bace, Intrusion Detection, Macmillan Technical Publishing, 2000
  5. F. Cohen, 'Simulating Cyber Attacks, Defences, and Consequences,' Computer & Security, vol. 8, pp. 479-518, 1999
  6. H. S. Seo, and T. H. Cho, 'Simulation of Network Security with Collaboration among IDS Models,' Lecture Notes on Artificial Intelligence, Springer Verlag, LNAI 2256, pp 438-448, Dec. 2001
  7. H. S. Seo, and T. H. Cho, 'Modeling and Simulation of Network Security with the Coordination of IDSes and Firewall,' Proceedings of International Conference on Security and Management, Las Vegas, Nevada, USA, pp. 207-212, Jun. 2002
  8. N. Puketza, M. Chung, R. Olsson and B. Mukherjee, 'A Software Platform for Testing Intrusion Detection Systems,' IEEE Software, pp. 43-51, Oct. 1997
  9. U. Lindqvist and P. A. Porras, 'Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset(P-BEST),' Proceedings of the IEEE Symposium on Security and Privacy, Oakland California, May. 1999
  10. P. Porras and P. Neumann, 'EMERALD: Event Monitoring Enabling Responses to anomalous live disturbances,' Proceedings of the 20th National Information Systems Security Conference, National Institute of Standards an Technology, 1997
  11. M. Crosbie and G. Spafford, 'Active Defence of a Computer System using Autonomous Agents,' Technical Report No. 95-008, COAST Group, Dept. of Computer Science, Purdue University, Feb. 1995
  12. P. Neumann and D. Parker, 'A Summary of computer misuse techniques,' In Proceedings of the 12th National Computer Security Conference, pp. 396-407, Oct. 1989
  13. D. Haixin, W. Jianping and L. Xing, 'Policy based access control framework for large networks,' Proceedings of IEEE International Conference on ICON 2000, Sept. 2000
  14. N. A. Noureldien and J. M. Osman, 'On Firewalls Evaluation Criteria,' Proceeding of TENCON 2000, pp 104-110, Sept. 2000
  15. G. V. Zeir, J. P. Kruth and J. Detand, 'A Conceptual Framework for Interactive and Blackboard Based CAPP,' International Journal of Production Research, vol. 36(6), pp. 1453-1473, 1998
  16. K. Decker, A. Garvey, M. Humphrey and V. R. Lesser, 'Control Heuristics for Scheduling in a Parallel Blackboard System,' International Journal of pattern Recognition and Artificial Intelligence, vol. 7, no. 2, pp. 243-264, 1993
  17. F. Klassner, V. R. Lesser and S. H. Nawab, 'The IPUS Blackboard Architecture as a Framework for Computational Auditory Scene Analysis,' IJCAI-95 Workshop on Computational Auditory Scene Analysis, Montreal, Canada, Aug. 1995
  18. B. P. Zeigler, Object-Oriented Simulation with Hierarchical, Modular Models, USA:Academic Press, San Diego CA,1990
  19. B. P. Zeigler, Theory of Modeling and Simulation, John Wiley, NY, USA, 1976, reissued by Krieger, Malabar, FL, USA. 1985
  20. T. H. Cho and B. P. Zeigler, 'Simulation of Intelligent Hierarchical Flexible Manufacturing: Batch Job Routing in Operation Overlapping,' IEEE trans. Syst. Man, Cyber. A, vol. 27, pp. 116-126, Jan. 1997
  21. J. Barrus and N. C. Rowe, 'A Distributed Autonomous-Agent Network-Intrusion Detection and Response System,' Proceedings of Command and Control Research and Technology Symposium, Monterey CA, pp. 577-586, Jun. 1998