The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

The Management and Security Plans of a Separated Virtualization Infringement Type Learning Database Using VM (Virtual Machine)

VM(Virtual Machine) 을 이용한 분리된 가상화 침해유형 학습 데이터베이스 관리와 보안방안

  • Received : 2011.05.16
  • Accepted : 2011.07.20
  • Published : 2011.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

These days, a consistent and fatal attack attribute toward a database has proportionally evolved in the similar development form to that of security policy. Because of access control-based defensive techniques regarding information created in closed networks and attacks on a limited access pathway, cases of infringement of many systems and databases based on accumulated and learned attack patterns from the past are increasing. Therefore, the paper aims to separate attack information by its types based on a virtual infringement pattern system loaded with dualistic VM in order to ensure stability to limited certification and authority to access, to propose a system that blocks infringement through the intensive management of infringement pattern concerning attack networks, and to improve the mechanism for implementing a test that defends the final database, the optimal defensive techniques, and the security policies, through research.

최근 지속적이고 치명적인 데이터베이스에 대한 공격성향은 보안 정책과 유사한 발전형태를 가지고 비례적으로 진보하고 있다. 폐쇄적 네트워크에서 생성된 정보에 대한 접근제어 기반의 방어기법과 제한된 접근경로에 대한 공격을 과거 축적되고 학습되어진 공격패턴을 기반으로 많은 시스템과 데이터베이스가 침해당하는 사례가 늘고 있다. 따라서 본 논문 연구를 통하여 제한된 인증과 접근권한에 대한 안정성 확보를 위해 이원화된 VM(Virtual Machine)을 탑재한 가상 침해 패턴 시스템 기반으로 공격정보와 형태를 분리하고 공격 네트워크에 대한 침해 패턴 집중관리를 통해 침해를 차단하는 시스템을 제안하고 최종 데이터베이스를 방어하는 실험과 최적의 방어 기법 및 보안 정책을 구현하기 위한 메커니즘을 개선코자 한다

Keywords

References

  1. Li Xinlei, Zheng Kangfeng, Yang Yixian, "A DDoS attack defending scheme based on network processor", 2009 WASE International Conference on Information Engineering, pp.238-241, 2009.
  2. Zaihong Zhou, Dongqing Xie, Wei Xiong, "A P2P-based Distributed Detection Scheme Against DDoS Attack", 2009 First International Workshop on Education Technology and Computer Science, pp.304-309, 2009.
  3. P.Jayashreel, K. S. Easwarakumar, D. Radhakrishnan, N. Lakshmanan, P. Dinakaran, "A Payload driven Security model for flooding attacks in Active networks", 2009 IEEE International Advance Computing Conference, pp.934-939, 2009.
  4. Yusuke Shomura, Yoshinori Watanabe, "A Traffic Monitoring Method for High Speed Networks", 2009 Ninth Annual International Symposium on Applications and the Internet, pp.107-113, 2009.
  5. PENG Yali, Deng Mingxing, Deng Jiangang, YU Min, "Formal Modeling of a Kind of IDS and Research of Its Detection Technology", 2009 First International Workshop on Education Technology and Computer Science, pp.570-573, 2009.
  6. Muhammad Hasan Islam, Kamran Nadeem, Dr Shoab A Khan, "Optimal Placement of Detection Nodes against Distributed Denial of Service Attack", International Conference on Advanced Computer Control, pp.675-679, 2009.
  7. 김미영, 이영록, 이형효, 김용민, "데이터베이스 에서 개인정보보호를 위한 정책기반 쿼리 변환기 설계 및 구현", 한국정보처리학회 학술대회, pp.1112-1115, 2008년 5월.

Cited by

  1. Design of the MS-SQL Password Vulnerability Checking Function Using OLE Remote Connection vol.4, pp.3, 2015, https://doi.org/10.3745/KTCCS.2015.4.3.97