• Title/Summary/Keyword: intrusion response

Search Result 143, Processing Time 0.019 seconds

Security Policy Model for the Intrusion Detection and Response on Enterprise Security Management System (통합보안 관리시스템의 침입탐지 몇 대응을 위한 보안 정책 모델)

  • 손우용;송정길
    • Journal of the Korea Society of Computer and Information
    • /
    • v.9 no.2
    • /
    • pp.81-87
    • /
    • 2004
  • Very various intrusion by development of systems that is based on network is spread. To detect and respond this intrusion, security solutions such as firewall or IDS are bringing and management of security system that load these becomes more harder. Moreover, because environment of systems that require security is various, hard to manage establishing suitable security policy Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

  • PDF

The Design of Integrated Intrusion Detection System in Large Networks (대규모 네트워크를 위한 통합 침입탐지시스템 설계)

  • 정연서
    • Journal of the Korea Computer Industry Society
    • /
    • v.3 no.7
    • /
    • pp.953-956
    • /
    • 2002
  • The threat to the network is increasing due to explosive increasing use of the Internet. Current IDS(Intrusion Detection System) detects intrusion and does individual response in small area network. It is important that construction of infra to do response in all system environment through sharing information between different network domains. This paper provides a policy-based IDS management architecture enabling management of intrusion detection systems. The IIDS(Integrated Intrusion Detection System) is composed of IDAs(Intrusion Detection Agents). We describe requirements in design and the elements of function.

  • PDF

Security Policy Model for the Intrusion Detection and Response on Enterprise Security Management System (통합보안관리 시스템에서의 침입탐지 및 대응을 위한 보안 정책 모델에 관한 연구)

  • Kim, Seok-Hun;Kim, Eun-Soo;Song, Jung-Gil
    • Convergence Security Journal
    • /
    • v.5 no.2
    • /
    • pp.9-17
    • /
    • 2005
  • Recently It's difficult to deal with about variety of attack. And Simple Security management have a problem. It is that they don't develop system measuring their system envoirment and have efficient attack detector, countermeasure organization about large network. Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

  • PDF

Active Response Model and Scheme to Detect Unknown Attacks

  • Kim, Bong-Han;Kim, Si-Jung
    • Journal of information and communication convergence engineering
    • /
    • v.6 no.3
    • /
    • pp.294-300
    • /
    • 2008
  • This study was conducted to investigate what to consider for active response in the intrusion detection system, how to implement active response, and 6-phase response models to respond actively, including the active response scheme to detect unknown attacks by using a traffic measuring engine and an anomaly detection engine.

Real-Time File Integrity Checker for Intrusion Recovery and Response System (침입 복구 및 대응 시스템을 위한 실시간 파일 무결성 검사)

  • Jeun Sanghoon;Hur Jinyoung;Choi Jongsun;Choi Jaeyoung
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.32 no.6
    • /
    • pp.279-287
    • /
    • 2005
  • File integrity checking is the most reliable method to examine integrity and stability of system resources. It is required to examine the whole data whenever auditing system's integrity, and its process and result depends on administrator's experience and ability. Therefore the existing method is not appropriate to intrusion response and recovery systems, which require a fast response time. Moreover file integrity checking is able to collect information about the damaged resources, without information about the person who generated the action, which would be very useful for intrusion isolation. In this paper, we propose rtIntegrit, which combines system call auditing functions, it is called Syswatcher, with file integrity checking. The rtlntegrit can detect many activities on files or file system in real-time by combining with Syswatcher. The Syswatcher audit file I/O relative system call that is specified on configuration. And it can be easily cooperated with intrusion response and recovery systems since it generates assessment data in the standard IDMEF format.

Intrusion Situation Classification Model for Intelligent Intrusion Awareness (지능적인 침입 인지를 위한 침입 상황 분류 모델)

  • Hwang, Yoon-Cheol;Mun, Hyung-Jin
    • Journal of Convergence for Information Technology
    • /
    • v.9 no.3
    • /
    • pp.134-139
    • /
    • 2019
  • As the development of modern society progresses rapidly, the technologies of society as a whole are progressing and becoming more advanced. Especially in the field of security, more sophisticated and intelligent attacks are being created. Meanwhile, damaging situations are becoming several times larger than before Therefore, it is necessary to re-classify and enhance the existing classification system. It is required to minimize the intrusion damage by actively responding to intelligent intrusions by applying this classification scheme to currently operating intrusion detection systems. In this paper, we analyze the intrusion type caused by intelligent attack We propose a new classification scheme for intrusion situations to guarantee the service safety, reliability, and availability of the target system, We use this classification model to lay the foundations for the design and implementation of a smart intrusion cognitive system capable of early detection of intrusion, the damages caused by intrusion, and more collections active response.

The Scheme for Generate to Active Response Policy in Intrusion Detection System (침입 탐지 도구에서 능동 대응 정책 생성 방안)

  • Lee Jaw-Kwang;Paek Seung-Hyun;Oh Hyung-Geun;Park Eung-Ki;Kim Bong-Han
    • The Journal of the Korea Contents Association
    • /
    • v.6 no.1
    • /
    • pp.151-159
    • /
    • 2006
  • This paper studied active response policy generation scheme in intrusion detection system. We considered seven requirements of intrusion detection system for active response with components as the preceding study We presented the scheme which I can generate signature with a base with integrate one model with NIDS and ADS. We studied detection of the Unknown Attack which was active, and studied scheme for generated to be able to do signature automatically through Unknown Attack detection.

  • PDF

Design of Intrustion Prevention System(IPS) in Linux Environment (리눅스 환경에서의 침입방지시스템(IPS) 설계)

  • 이상훈;김우년;이도훈;박응기
    • Convergence Security Journal
    • /
    • v.4 no.2
    • /
    • pp.1-7
    • /
    • 2004
  • The growth of incidents on the Internet has reflected growth of the internet itself and growth of the computing Power. while in Previous years, external attacks tended to originate from those interested trend in exploring the Internet for its own sake and testing their skills, there is an increasing trend towards intrusions motivated by financial, Political, and military objectives. so, attacks on the nation's computer infrastructures are becoming an increasingly serious problem. Even though the problem is ubiquitious, government agencies are particularly appealing targets and they tend to be more willing to reveal such events than commercial organizations. The threat of damage made necessity of security's recognition, as a result, many researches have been carried out into security of system actively. Intrusion Detection technology is detection of intrusion using audit data differently from using traditional simple filtering and informs manager of it. It has security manager of system deal with the intrusion more quickly. but, cause current environment of Internet manager can't doing response Intrusion alert immediately That's why IPS needed. IPS can response automatically the intrusion alert. so, manager is more comfortable and can response quickly.

  • PDF

An Intrusion Detection Method Based on Changes of Antibody Concentration in Immune Response

  • Zhang, Ruirui;Xiao, Xin
    • Journal of Information Processing Systems
    • /
    • v.15 no.1
    • /
    • pp.137-150
    • /
    • 2019
  • Although the research of immune-based anomaly detection technology has made some progress, there are still some defects which have not been solved, such as the loophole problem which leads to low detection rate and high false alarm rate, the exponential relationship between training cost of mature detectors and size of self-antigens. This paper proposed an intrusion detection method based on changes of antibody concentration in immune response to improve and solve existing problems of immune based anomaly detection technology. The method introduces blood relative and blood family to classify antibodies and antigens and simulate correlations between antibodies and antigens. Then, the method establishes dynamic evolution models of antigens and antibodies in intrusion detection. In addition, the method determines concentration changes of antibodies in the immune system drawing the experience of cloud model, and divides the risk levels to guide immune responses. Experimental results show that the method has better detection performance and adaptability than traditional methods.

A Study for Feature Selection in the Intrusion Detection System (침입탐지시스템에서의 특징 선택에 대한 연구)

  • Han, Myung-Mook
    • Convergence Security Journal
    • /
    • v.6 no.3
    • /
    • pp.87-95
    • /
    • 2006
  • An intrusion can be defined as any set of actors that attempt to compromise the integrity, confidentiality and availability of computer resource and destroy the security policy of computer system. The Intrusion Detection System that detects the intrusion consists of data collection, data reduction, analysis and detection, and report and response. It is important for feature selection to detect the intrusion efficiently after collecting the large set of data of Intrusion Detection System. In this paper, the feature selection method using Genetic Algorithm and Decision Tree is proposed. Also the method is verified by the simulation with KDD data.

  • PDF