• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

• Journal of Multimedia Information System
• /
• v.7 no.3
• /
• pp.215-220
• /
• 2020

Many state agencies and companies collect personal data for the purpose of providing public services and marketing activities and use it for the benefit and results of the organization. In order to prevent the spread of COVID-19 recently, personal data is being collected to understand the movements of individuals. However, due to the lack of technical and administrative measures and internal controls on collected personal information, errors and leakage of personal data have become a major social issue, and the government is aware of the importance of personal data and is promoting the protection of personal information. However, theory-based training and document-based intrusion prevention training are not effective in improving the capabilities of the privacy officer. This study analyzes the processing steps and types of accidents of personal data managed by the organization and describes measures against personal data leakage and misuse in advance. In particular, using Capture the Flag (CTF) scenarios, an evaluation platform design is proposed to respond to personal data breaches. This design was proposed as a troubleshooting method to apply ISMS-P and ISO29151 indicators to reflect the factors and solutions to personal data operational defects and to make objective measurements.

• The Journal of the Korea Contents Association
• /
• v.10 no.6
• /
• pp.156-165
• /
• 2010

ESM(Enterprise Security Management) is representing domestic security management, and there is requirement to enhance it. This paper will evaluate quality of ESM products, understand its quality level, and derive method to improvement so as to develop security evaluation model and test methodology which can support quality enhancement. In addition, it presented the performance test cases and evaluation method to measure product's security quality, and to perform research on the judgement method for the results based on appropriate criteria. Developed quality evaluation model is expected perform important role in evaluating and enhancing the quality of intrusion prevention system.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.3
• /
• pp.311-321
• /
• 2003

A current firewall or IDS (intrusion detection system) of the network level suffers from many vulnerabilities in internal computing servers. For a secure Linux implementation using system call hooking, this paper defines two requirements such as the multi-level security function of TCSEC B1 and a prevention of hacking attacks. This paper evaluates the secure Linux implemented in terms of the mandatory access control, anti-hacking and performance overhead, and thus shows the security, stability and availability of the multi-level secure Linux. At the kernel level this system protects various hacking attacks such as using Setuid programs, inserting back-door and via-attacks. The performance degradation is an average 1.18% less than other secure OS product.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.185-192
• /
• 2006

By mistaking normal packets for harmful traffic, it may not offer service according to the intention of attacker with harmful traffic, because it is not easy to classify network traffic for normal service and it for DUoS(Distributed DoS) attack like the Internet worm. And in the IPv6 environment these researches on harmful traffic are weak. In this dissertation, hosts in the IPv6 environment are attacked by NETWIB and their attack traffic is monitored, then the statistical information of the traffic is obtained from MIB(Management Information Base) objects used in the IPv6. By adapting the ESM(Exponential Smoothing Method) to this information, a normal traffic boundary, i.e., a threshold is determined. Input traffic over the threshold is thought of as attack traffic.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.543-545
• /
• 2011

The concern which is abundant in MANET VoIP for comprising the mobility guarantee and mobile network is received without the infrastructure system between the mobile terminal node. However, because the access of system and border is easy, the issue which is big in the security problem becomes more than the wired network system with this convenience by the foreign network attacker differently. In this paper, we would like to the fundamental web network, NAT and concluding the security problem technology in which Firewall can inquire on MANET VoIP and whether it is appropriate or not which can solve this is proposed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.4
• /
• pp.671-690
• /
• 2010

The continuous growth of attacks in the Internet causes to generate a number of rules in security devices such as Intrusion Prevention Systems, firewalls, etc. Policy anomalies in security devices create security holes and prevent the system from determining quickly whether allow or deny a packet. Policy anomalies exist among the rules in multiple security devices as well as in a single security device. The solution for policy anomalies requires complex and complicated algorithms. In this paper, we propose a new method to remove policy anomalies in a single security device and avoid policy anomalies among the rules in distributed security devices. The proposed method classifies rules according to traffic direction and checks policy anomalies in each device. It is unnecessary to compare the rules for outgoing traffic with the rules for incoming traffic. Therefore, classifying rules by in-out traffic, the proposed method can reduce the number of rules to be compared up to a half. Instead of detecting policy anomalies in distributed security devices, one adopts the rules from others for avoiding anomaly. After removing policy anomalies in each device, other firewalls can keep the policy consistency without anomalies by adopting the rules of a trusted firewall. In addition, it blocks unnecessary traffic because a source side sends as much traffic as the destination side accepts. Also we explain another policy anomaly which can be found under a connection-oriented communication protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.431-439
• /
• 2010

The security systems using signatures cannot protect servers from new types of Internet worms. To protect servers from Internet worms, this paper proposes a system removing malicious processes and executable files without using signatures. The proposed system consists of control servers which offer the same services as those on protected servers, and agents which are installed on the protected servers. When a control server detects multicasting attacks of Internet worm, it sends information about the attacks to an agent. The agent kills malicious processes and removes executable files with this information. Because the proposed system do not use signatures, it can respond to new types of Internet worms effectively. When the proposed system is integrated with legacy security systems, the security of the protected server will be further enhanced.

• Journal of Service Research and Studies
• /
• v.5 no.1
• /
• pp.57-70
• /
• 2015

This paper develop curnel based high speed packet filtering imbedded gateway and firewall using cloud database. This study develop equipment include of predict function through bigdata analysis using cloud system. This equipment include intrusion prevention for network attack, and include system security function of L7 switch based contents. This study can improve security level of little company and general family. This study can pioneer a new market. This study can develop high perfomance switch and replacement of existing security equipment. This study proposed new next generation algorithm for constuction of high performance system from low specifications.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2161-2164
• /
• 2003

현재 사용되고 있는 침입 탐지 시스템들은 새로운 공격 패턴을 가진 침입을 탐지하기 위하여 규칙 데이터베이스를 지속적으로 갱신하고 있다. 그러나 이러한 침입 탐지 능력은 현재 알려진 기술이나 기법들에 한정된다. 따라서, 기존침입 탐지 시스템들은 공격을 받은 후, 현재까지 존재하지 않았던 새로운 기법이 적용된 공격이나 다소 변형된 공격을 받게 되면 침입을 탐지하지 못하거나 능동적 대처를 하지 못하였으며, tcpdump 또는 libpcap과 같은 응용 레벨의 프로그램을 사용하였기 때문에 실시간으로 패킷들을 감시할 수 없었다. 이러한 추가적인 공격들을 탐지하기 위해서 보다 강력하고 능동적인 네트워크 기반의 대응 기술이 요구되는데, 이에 본 논문에서는 이러한 요구 사항을 해결하기 위하여 패킷 감시의 정확성과 침입에 대한 실시간 대응성을 높이는 커널 레벨에서 동작하는 침입 탐지 모듈과, 악의적인 목적을 가진 패킷들을 차단하는 필터링 모듈 개발 기법을 제시하고자 한다.