The Transactions of the Korea Information Processing Society (한국정보처리학회논문지)

Korea Information Processing Society (한국정보처리학회)
권호 표지

Development on Intrusion Detection, Based on Blackboard Architecture

Blackboard 기반의 침입탐지 시스템 개발

  • Published : 2000.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, an architecture is suggested which efficiently detects intrusions in network environments. In the architecture, the Blackboardbased agent coordinates opinions of several independent agents which are performing unique functions, by resolving conflicts and reconfirming notices of intrusion. In the simulation, it was found that conventional agents judge simple resource access activities as 'intrusion' while blakcboard-based agent reserves the judgement until additional information confirms notices of independent agents. Reconfirmation process based on additional questioning will roduce positive errors.

본 논문에서는 네트워크 환경에서의 외부침입에 대한 효율적인 탐지 구조를 제안하였다. 제안된 탐지구조에서는 각기 고유의 기능과 영역을 갖는 다수의 에이젼트들 사이에 블랙보드 구조를 갖는 협조 에이젼트(Coordination Agent)를 두고 Conflict Resolution 기능과 침입여부 확증 기능을 갖도록 함으로서 False Alarm을 감소시키도록 하였다. 시뮬레이션 결과 단순한 시스템 자원의 접근에도 기존 에이전트 방식은 침입이라는 판단을 내릴 수 있는 반면, 블랙보드 시스템은 에이젼트에 대한 적극적인 질의과정을 통해 최종적인 침입의 여부를 판정함으로써 침입 탐지 시스템의 신뢰도를 높일 수 있는 것으로 판단되었다.

Keywords

References

  1. Halsall, F., 'Data Communications, Computer Networks and Open Systems,' 4th Edition, Addison Wesley, 1996
  2. Kumar, S. and E. H. Spafford, 'A Pattern Matching Model for Misuse Intrusion Detection,' The COAST Project, Department of Computer Sciences, Purdue University
  3. Silberschatz A. And P.B. Galvin, 'Operating System Concepts,' 4th Edition, Addison Wesley, 1994
  4. Hofmeyer, S. A., A. Somayaji, and S. Forrest, 'Intrusion Detection System using Sequences of System Calls,' http://www.cs.unm.edu/-steveah/papers.htmI
  5. Lunt, T. F., 'Automated Audit Trail Analysis and Intrusion Detection : A Survey,' Proceeding of 11th National Computer Security Conference, Baltimore, MD, Oct. 1988, http://www.csl.sri.com/nids/index5.html
  6. Crosbie, M. and E. H. Spafford, 'Active Defense of a Computer System using Autonomous Agents,' Department of Computer Sciences, Purdue University, CSD-TR-95-022, 1994
  7. Crosbie, M. and G. Spafford, 'Defending a Computer System using Autonomous Agents,' Department of Computer Sciences, Purdue University, Technical Report No.95-022
  8. Kumar, S., 'Classfication and Detection of Computer Intrusions,' PhD Thesis, Department of Computer Sciences, Purdue University, 1995
  9. Robert, E. and T. Morgan., 'Blackboard Systems,' Addison Wesley, 1988
  10. Goldberg D.E., 'Genetic Algorithms,' Addison Wesley, 1989