DOI QR코드

DOI QR Code

보안성과 성능에 따른 침입탐지시스템의 품질평가 모델

Quality Evaluation Model for Intrusion Detection System based on Security and Performance

  • 이하용 (서울벤처대학원대학교 융합산업학과) ;
  • 양해술 (호서대학교 벤처전문대학원 정보경영학과)
  • Lee, Ha-Young (Dept. of Fusion Industry, Seoul Venture University) ;
  • Yang, Hae-Sool (Dept. of Information Management, Graduate School of Venture, Hoseo University)
  • 투고 : 2014.03.15
  • 심사 : 2014.06.20
  • 발행 : 2014.06.28

초록

침입탐지시스템은 컴퓨터 시스템 내 외부의 비정상적인 사용을 실시간으로 탐지하는 시스템으로 기업의 보안을 강화하고 불법적 의도를 사전에 감지하는 적극적인 보안 방안이다. 침입탐지시스템의 성능은 침입탐지시스템의 영역에 해당하는 정보수집, 침입분석, 침입대응, 침입탐지 결과 검토 및 보호, 대응행동, 손실방지 등에 관해 제 역할을 수행하고 있는가를 판단해야 한다. 본 연구에서는 이러한 침입탐지시스템의 요구사항과 소프트웨어 제품평가에 관한 ISO 국제표준을 근간으로 평가모델을 구성하였다.

Intrusion detection system is a means of security that detects abnormal use and illegal intension in advance in real time and reenforce the security of enterprises. Performance of intrusion detection system is judged by information collection, intrusion analysis, intrusion response, review and protection of intrusion detection result, reaction, loss protection that belong to the area of intrusion detection. In this paper, we developed a evaluation model based on the requirements of intrusion detection system and ISO international standard about software product evaluation.

키워드

참고문헌

  1. Dong-Jin Shin, Hae-Sool Yang, Design and Implementation of an Intrusion Detection System based on Outflow Traffic Analysis, Journal of Korea Contents Association, Vol 9 No. 4, p. 131, 2009. 4. https://doi.org/10.5392/JKCA.2009.9.4.131
  2. Taek-Khun Kim, Sang-Kyun Yun, The Design and Implementation of Network Intrusion Detection System Hardware on FPGA, Journal of The Korea Society of Computer and Information, Vol. 17, No. 4, p. 12, 2012. 4. https://doi.org/10.9708/jksci.2012.17.4.011
  3. ISO/IEC 15408-1:2009, Information technology-Security techniques-Evaluation criteria for IT security--Part1: Introduction and general model.
  4. ISO/IEC 15408-2:2008, Information technology-Security techniques-Evaluation criteria for IT security-Part2: Security functional components.
  5. ISO/IEC 15408-3:2008, Information technology-Security techniques-Evaluation criteria for IT security-Part3: Security assurance components.
  6. Kyunggu-Lee, Byungkyu-No et al., Intrusion Detection System Protection Profile V2.0, Korea Information Security Agency & Hannam University, 2008. 4.
  7. http://sinic45.blog.me/50168373818
  8. ISO/IEC9126, "Information Technology-Software Quality Characteristics and metrics
  9. ISO/IEC 14598, "Information Technology-Software product evaluation-Part 1-6.
  10. ISO/IEC 12119, "Information Technology-Software Package-Quality requirement and testing".