Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Automatic Intrusion Response System based on a Self-Extension Monitoring

자기확장 모니터링 기반의 침입자동대응 시스템

  • Published : 2001.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

In the coming age of information warfare, information security patterns take on a more offensive than defensive stance. It is necessary to develop an active form of offensive approach to security protection in order to guard vital information infrastructures and thwart hackers. Information security products need to support an automatic response facility without human intervention in order to minimize damage to the attacked system and cope with the intrusion immediately. This paper presents an automatic intrusion response model which is developed on a Self-Extension Monitoring. It also proposes an ARTEMIS(Advanced Realtime Emergency Management and Intruder Identification System), which is designed and implemented based on the suggested model. The Self-Extension Monitoring using self-protection and replication minimizes spatial limitations on collection of monitoring information and intruder tracing. It enhances the accuracy of intrusion detection and tracing.

차세대 정보전에서는 자신의 정보 시스템에 대한 침해방지, 복구 등의 수동적인 형태의 보호뿐만 아니라 상대방의 정보 기반구조(Information Infrastructure)에 대한 공격과 같은 적극적인 형태의 보호가 요구된다. 침입이 발생함과 동시에 시스템에 대한 피해를 최소화하고 침입자 추적 등의 즉각적인 대응을 하기 위해 정보보호시스템이 인간의 개입없이 자동적으로 대응하는 기능을 제공할 필요가 있다. 본 논문에서는 자기확장 모니터링 기법과 이를 기반으로 설계된 침입자동대응 모델을 제시한다. 또한 제안된 모델에 의해 설계, 구현된 침입자동대응 시스템인 ARTEMIS(Advanced Realtime Emergency Management Identification System)를 소개한다. 자기보호 기능을 가진 모니터링과 복제를 이용한 자기확장 모니터링은 모니터링 정보수집과 침입자 추적에 대한 공간적인 제약을 최소화하여 침입탐지와 침입자 추적의 정확도를 높인다.

Keywords

References

  1. D. Schnackenberg and K. Djahandari, Infra-structure for Intrusion Detection and Response, http://seclab.cs.ucdavis.edu/projects/idip.html
  2. P.A. Porras and P.G. Neumann, 'EMERALD : Event Monitoring Enabling Responses to Anomalous Live Disturbance,' Proceedings of the National Information Systems Security Conference, pp.353-365, October 1997
  3. Network Associates, Active Security, http://www.nai.com/asp_set/products/tns/activesecurity/acts_ intro.asp/
  4. H. Jang and S. Kim, 'A Self-Extension Monitoring for Security Management,' Proceeding of the 16th Annual Computer Security Applications Conference, pp. 196-203, December 2000 https://doi.org/10.1109/ACSAC.2000.898873
  5. 장희진, 박보석, 김상욱, '미행 메커니즘에 의한 침입자동대응', 한국통신정보보호학회 종합학술발표회논문집, pp.514-522, 2000.11
  6. S.Garfinkel, G.Spafford, Practical UNIX and Internet Security ,2nd Ed. OReilly & Associates Inc., pp.731-757, 1996
  7. S.A. hofmeyr, S.Forrest, A.Somayaji, 'Intrusion Detection using Sequences of System Calls,' Dept. Of Computer Science, Univ. of New Mexico, 1998, http://www.cs.unm.edu/~steveah/publication/ids.ps
  8. E.A.Fisch, 'Intrusion Damage Control and Assessment: A Taxonomy and Implementation of Automated Responses to Intrusive Behavior,' Ph.D. Dissertion, Texax A&M University, College station, TX, 1996
  9. T.F.Lunt, R.Jagannathan, R.Lee et al., 'IDES : The enhanced prototype, A Real-time Intrusion Detection System,' Technical report SRI-CSL-88-12, Computer Science Laboratory, SRI International, USA, October 1988
  10. T.Hebelein, G. Dias, K.Levitt et al., 'A Network Security Monitor,' Proceedings of the IEEE Symposium on Research in Security and Privacy, pp.296-304, 1990 https://doi.org/10.1109/RISP.1990.63859
  11. K.Ilgun, R.A.Kemmerer, and P.A.Porras, 'State transition analysis: A rule based intrusion detection approach,' IEEE Transactions on Software Engineering, vol.21, no.3, pp.181-199, March 1995 https://doi.org/10.1109/32.372146
  12. D.Anderson, T.Frivold, and A.Valdes, 'Next generation Intrusion Detection Expert System,' Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, USA, May 1995
  13. S.S.Chen, S.Cheung, R.Crawford et al, 'GrIDS-A Graph based Intrusion Detection System for large networks,' Proceedings of th 19th National Information Systems Security Conference, 1996