A Practical Effectiveness Analysis on Alert Verification Method Based on Vulnerability Inspection

취약점 점검을 활용한 보안이벤트 검증 방법의 실증적 효과분석

  • Received : 2014.09.02
  • Accepted : 2014.09.16
  • Published : 2014.11.28


Cyber threats on the Internet are tremendously increasing and their techniques are also evolving constantly. Intrusion Detection System (IDS) is one of the powerful solutions for detecting and analyzing the cyber attacks in realtime. Most organizations deploy it into their networks and operate it for security monitoring and response service. However, IDS has a fatal problem in that it raises a large number of alerts and most of them are false positives. In order to cope with this problem, many approaches have been proposed for the purpose of automatically identifying whether the IDS alerts are caused by real attacks or not. In this paper, we present an alert verification method based on correlation analysis between vulnerability inspection results for real systems that should be protected and the IDS alerts. In addition, we carry out practical experiments to demonstrate the effectiveness of the proposed verification method using two types of real data, i.e., the IDS alerts and the vulnerability inspection results.


Grant : 대용량 보안 이벤트 자동검증 고도화 기술연구

Supported by : 한국과학기술정보연구원


  1. 조호대, 신동일, "공공 및 민간부문의 사이버침해사고 현황분석에 따른 대응방안", 한국콘텐츠학회논문지, 제9권, 제1호, pp.331-338, 2009(1).
  2. 이문구, "사이버 국방 보안에 대한 연구", 한국콘텐츠학회논문지, 제11권, 제3호, pp.18-22, 2013(12).
  3. Safaa O. Al-Mamory, "A Survey on IDS Alerts Processing Techniques," 6th WSEAS International Conference on Information Security and Privacy, Tenerife, Spain, 2007.
  4. T. Heyman, Bart De Win, C. Huygens, W. Joosen, "Improving Intrusion Detection through Alert Verification," WOSIS, INSTICC Press, pp.207-216, 2006.
  5. 김규일, 박학수, 최지연, 고상준, 송중석, "보안관제 효율성 제고를 위한 실증적 분석 기반 보안이벤트 자동검증 방법", 한국정보보호학회논문지, 제24권, 제3호, pp.507-522, 2014(6).
  6. K. Kim, S. Ko, S. Choi, and J. Song, "An Auto-verification Framework of IDS Alerts Based on Static and Dynamic Analysis", Proc. of the International Conference on Intelligent Information System and Technology(ICIIST'14), pp.65-68, 2014(6).
  7. C. Kruegel, W. Robertson, "Alert verification: determining the success of intrusion attempts," DIMVA 2004, 2004(7).
  8. Sungtaek Chun, "An Alert Verification Framework Based on Semi-automated Vulnerability Inspection," ICIF 2013, p.5, 2013.