• Title/Summary/Keyword: Intrusion protection system

Search Result 68, Processing Time 0.032 seconds

Convergence Performance Evaluation Model for Intrusion Protection System based on CC and ISO Standard (CC와 ISO 표준에 따른 침입방지시스템의 융합 성능평가 모델)

  • Lee, Ha-Yong;Yang, Hyo-Sik
    • Journal of Digital Convergence
    • /
    • v.13 no.5
    • /
    • pp.251-257
    • /
    • 2015
  • Intrusion protection system is a security system that stop abnormal traffics through automatic activity by finding out attack signatures in network. Unlike firewall or intrusion detection system that defends passively, it is a solution that stop the intrusion before intrusion warning. The security performance of intrusion protection system is influenced by security auditability, user data protection, security athentication, etc., and performance is influenced by detection time, throughput, attack prevention performance, etc. In this paper, we constructed a convergence performance evaluation model about software product evaluation to construct the model for security performance evaluation of intrusion protection system based on CC(Common Criteria : ISO/IEC 15408) and ISO international standard about software product evaluation.

A Development of Intrusion Detection and Protection System using Netfilter Framework (넷필터 프레임워크를 이용한 침입 탐지 및 차단 시스템 개발)

  • Baek, Seoung-Yub;Lee, Geun-Ho;Lee, Geuk
    • Convergence Security Journal
    • /
    • v.5 no.3
    • /
    • pp.33-41
    • /
    • 2005
  • Information can be leaked, changed, damaged and illegally used regardless of the intension of the information owner. Intrusion Detection Systems and Firewalls are used to protect the illegal accesses in the network. But these are the passive protection method, not the active protection method. They only react based on the predefined protection rules or only report to the administrator. In this paper, we develop the intrusion detection and protection system using Netfilter framework. The system makes the administrator's management easy and simple. Furthermore, it offers active protection mechanism against the intrusions.

  • PDF

The Concept and Threat Analysis of Intrusion Detection System Protection Profile (침입탐지 시스템 보호프로파일의 개념 및 위협 분석)

  • 서은아;김윤숙;심민수
    • Convergence Security Journal
    • /
    • v.3 no.2
    • /
    • pp.67-70
    • /
    • 2003
  • Since IT industries grew, The information security of both individual and company has come to the front. But, nowadays, It is very hard to satisfy the diversity of security Protection Profile with simple Intrusion Detection System, because of highly developed Intrusion Skills. The Intrusion Detection System is the system that detects, reports and copes with of every kind of Intrusion actions immediately. In this paper, we compare the concept of IDS PPs and analyze the threat of PP.

  • PDF

Quality Evaluation Model for Intrusion Detection System based on Security and Performance (보안성과 성능에 따른 침입탐지시스템의 품질평가 모델)

  • Lee, Ha-Young;Yang, Hae-Sool
    • Journal of Digital Convergence
    • /
    • v.12 no.6
    • /
    • pp.289-295
    • /
    • 2014
  • Intrusion detection system is a means of security that detects abnormal use and illegal intension in advance in real time and reenforce the security of enterprises. Performance of intrusion detection system is judged by information collection, intrusion analysis, intrusion response, review and protection of intrusion detection result, reaction, loss protection that belong to the area of intrusion detection. In this paper, we developed a evaluation model based on the requirements of intrusion detection system and ISO international standard about software product evaluation.

An Improved Detection Performance for the Intrusion Detection System based on Windows Kernel (윈도우즈 커널 기반 침입탐지시스템의 탐지 성능 개선)

  • Kim, Eui-Tak;Ryu, Keun Ho
    • Journal of Digital Contents Society
    • /
    • v.19 no.4
    • /
    • pp.711-717
    • /
    • 2018
  • The breakthrough in computer and network has facilitated a variety of information exchange. However, at the same time, malicious users and groups are attacking vulnerable systems. Intrusion Detection System(IDS) detects malicious behaviors through network packet analysis. However, it has a burden of processing a large amount of packets in a short time. Therefore, in order to solve these problem, we propose a network intrusion detection system that operates at kernel level to improve detection performance at user level. In fact, we confirmed that the network intrusion detection system implemented at kernel level improves packet analysis and detection performance.

A Scheme for Protecting Security Rules in Intrusion Detection System (침입 탐지 시스템을 위한 효율적인 룰 보호 기법)

  • 손재민;김현성;부기동
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.8 no.4
    • /
    • pp.8-16
    • /
    • 2003
  • This paper moses a method to solve the weakness in Snort, the network based intrusion detection system. Snort which is the rule-based intrusion detection system dose not supports a protection method for their own rules which are signatures to detect intrusions. Therefore the purpose of this paper is to provide a scheme for protecting rules. The system with the proposed scheme could support integrity and confidentiality to the rules.

  • PDF

A Study on the Development Method of Security Functional Requirements of Common Criteria-based Protection Profiles: Focused on development process of Intrusion Detection System Protection Profile (공통평가기준 기반 보호프로파일의 보안기능요구사항 개발 방법 연구: 침입탐지시스템 보호프로파일 개발 과정 중심)

  • 이태승;김태훈;조규민;김상호;노병규
    • Convergence Security Journal
    • /
    • v.3 no.1
    • /
    • pp.51-57
    • /
    • 2003
  • By analysing the development process of Intrusion Detection System Protection Profile, we suggest the development method of Security Functional Requirements of Common Criteria- based Protection Profile and discuss how the method satisfies the requirements of If product or system Protection Profile in the development process.

  • PDF

Design and Implementation of Modified Web Contents Detection System (웹 컨텐츠 변경 탐지 시스템의 설계 및 구현)

  • 김영선;장덕철
    • Journal of Korea Multimedia Society
    • /
    • v.7 no.1
    • /
    • pp.91-97
    • /
    • 2004
  • As the electronic commercial transaction is being transacted by contents which can get an illegal intrusion from the outside, we sincerely require security for them. We must consider a protection countermeasure about intrusion from protection of the passive form to protection intrusion of the active one. So the security is required against hackers illegality intrusion into the contents. As soon as the intrusion happens about the contents, the tools providing the monitor of contents are required to minimize the damage to the systems. Modified web contents detection system in this paper prevents the loss of resources and manpower required through individually monitoring on the web. Also, this paper offers rapid support of security that it analyzes the weakness of contents security of the web environment and the cause of the problem with the leakage of information. So this system has the pur pose of protecting the weakness of contents security and the leakage of information.

  • PDF

Security Structure for Protection of Emergency Medical Information System (응급의료정보시스템의 보호를 위한 보안 구조)

  • Shin, Sang Yeol;Yang, Hwan Seok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.8 no.2
    • /
    • pp.59-65
    • /
    • 2012
  • Emergency medical information center performs role of medical direction about disease consult and pre-hospital emergency handling scheme work to people. Emergency medical information system plays a major role to be decreased mortality and disability of emergency patient by providing information of medical institution especially when emergency patient has appeared. But, various attacks as a hacking have been happened in Emergency medical information system recently. In this paper, we proposed security structure which can protect the system securely by detecting attacks from outside effectively. Intrusion detection was performed using rule based detection technique according to protocol for every packet to detect attack and intrusion was reported to control center if intrusion was detected also. Intrusion detection was performed again using decision tree for packet which intrusion detection was not done. We experimented effectiveness using attacks as TCP-SYN, UDP flooding and ICMP flooding for proposed security structure in this paper.

Automatic Intrusion Response System based on a Self-Extension Monitoring (자기확장 모니터링 기반의 침입자동대응 시스템)

  • Jang, Hee-Jin;Kim, Sang-Wook
    • Journal of KIISE:Information Networking
    • /
    • v.28 no.4
    • /
    • pp.489-497
    • /
    • 2001
  • In the coming age of information warfare, information security patterns take on a more offensive than defensive stance. It is necessary to develop an active form of offensive approach to security protection in order to guard vital information infrastructures and thwart hackers. Information security products need to support an automatic response facility without human intervention in order to minimize damage to the attacked system and cope with the intrusion immediately. This paper presents an automatic intrusion response model which is developed on a Self-Extension Monitoring. It also proposes an ARTEMIS(Advanced Realtime Emergency Management and Intruder Identification System), which is designed and implemented based on the suggested model. The Self-Extension Monitoring using self-protection and replication minimizes spatial limitations on collection of monitoring information and intruder tracing. It enhances the accuracy of intrusion detection and tracing.

  • PDF