DOI QR코드

DOI QR Code

A Real-Time Intrusion Detection based on Monitoring in Network Security

네트워크 보안에서 모니터링 기반 실시간 침입 탐지

  • 임승철 (우송대학교 컴퓨터정보학과)
  • Received : 2013.04.12
  • Accepted : 2013.06.14
  • Published : 2013.06.30

Abstract

Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user's behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).

최근 침입 탐지 시스템은 공격의 수가 극적으로 증가하고 있기 때문에 컴퓨터 네트워크 시스템에서 아주 중요한 기술이다. 어려운 침입에 대한 감시데이터를 분석하기 때문에 침입 탐지 방법의 대부분은 실시간적으로 침입을 탐지하지 않는다. 네트워크 침입 탐지 시스템은 개별 사용자, 그룹, 원격 호스트와 전체 시스템의 활동을 모니터링하고 그들이 발생할 때, 내부와 외부 모두에서 의심 보안 위반을 탐지하는 데 사용한다. 그것은 시간이 지남에 따라 사용자의 행동 패턴을 학습하고 이러한 패턴에서 벗어나는 행동을 감지한다. 본 논문에서 알려진 시스템의 취약점 및 침입 시나리오에 대한 정보를 인코딩하는 데 사용할 수 있는 규칙 기반 구성 요소를 사용한다. 두 가지 방법을 통합하는 것은 침입 탐지 시스템 권한이 있는 사용자 또는 센서 침입 탐지 시스템 (IDS)에서 데이터를 수집 RFM 분석 방법론 및 모니터링을 사용하여 비정상적인 사용자 (권한이 없는 사용자)에 의해 침입뿐만 아니라 오용을 탐지하기위한 포괄적인 시스템을 만든다.

Keywords

References

  1. M.F. Buckley, "Computer Event Monitoring and Analysis," PhD thesis, Dept of Electrical and Computer Eng, Carnegie mellon Univ, Pittsburgh, PA, May 1992.
  2. A.K. Ghosh, J. Wanken, and F. Charron. Detecting anomalous and unknown intrusions against programs. In Proceedings of the 1998 Annual Computer Security Applications Conference (ACSA'98), December 1998.
  3. W. Lee, S. Stolfo, and P.K. Chan. Learning patterns from Unix process execution traces for intrusion detection. In Proceedings of AAA197 Workshop on Al Methods in Fraud and Risk Management, 1997.
  4. T.F. Lunt, A. Tamaru, F. Gilham, R. Jagannthan, C. Jalili, H.S. Javitz, A. Valdos, P.G. Neumann, and T.D. Garvey. A real-time intrusion-detection expert system (ides). Technical Report, Computer Science Laboratory, SRI International, February 1992.
  5. W. Lee, S. Stolfo, and P.K. Chan. Learning patterns from unix process execution traces for intrusion detection. In Proceedings of AAA197 Workshop on AI Methods in Fraud and Risk Management, 1997.
  6. P.A. Porras and P.G. Neumann. Emerald: Event monitoring enabling responses to anomalous live disturbances. In Proceedings of the 20th National Information System Security Conference, pages 353-365, October 1997.
  7. A.K, Ghosh, J. Wanken, and F. Charron. Detecting anomalous and unknown intrusions against programs. In Proceedings of the 1998 Annual Computer Security Applications Conference (ACSA 98), December 1998.
  8. W.W. Cohen. Fast effective rule induction. In Machine Learning: Proceedings of the Twelfth International Conference. Morgan Kaufmann, 1995.
  9. S. Kumar and E.H. Spafford. A pattern matching model for misuse intrusion detection. The COAST Project, Purdue University, 1996.
  10. P.A. Porras and R.A. Kemmerer. Penetration state transition analysis - a rule-based intrusion detection approach. In Eighth Annual Computer Security Applications Conference, pages 220-229. IEEE Computer Society Press, November 1992.
  11. S. Kumar and E.H. Spafford. A pattern matching model for misuse intrusion detection. The COAST Project, Purdue University, 1996.
  12. K. Ilgun, R.A. Kemmerer, and P.A. Porras. State transition analysis: A ruls-based intrusion detection system. IEEE Transactions on Software Engineering, 21(3), March 1995.
  13. Harley Kozushko, "Intrusion Detection: Host-Based and Network-Based Intrusion Detection Systems", September 11, 2003.
  14. JJ Park, GS Choi, IK Park, JJ Kang, "Digital Modeling of a Time delayed Continuous-Time System", Journal of The institute of Internet, Broadcasting and Comm., vol. 12, issue 1, pp. 211-216, Feb. 2012.