Efficient Attack Traffic Detection Method for Reducing False Alarms (False Alarm 감축을 위한 효율적인 공격 트래픽 탐지 기법)

최일준; 추병균; Changsuk Oh (오창석)

Efficient Attack Traffic Detection Method for Reducing False Alarms

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2009, 14(5), pp.65-75
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

최일준 ¹, 추병균 ¹, Changsuk Oh ¹

¹충북대학교

Accredited

ABSTRACT

The development of IT technology, Internet popularity is increasing geometrically. However, as its side effect, the intrusion behaviors such as information leakage for key system and infringement of computation network etc are also increasing fast. The attack traffic detection method which is suggested in this study utilizes the Snort, traditional NIDS, filters the packet with false positive among the detected attack traffics using Nmap information. Then, it performs the secondary filtering using nessus vulnerability information and finally performs correlation analysis considering appropriateness of management system, severity of signature and security hole so that it could reduce false positive alarm message as well as minimize the errors from false positive and as a result, it raised the overall attack detection results.

KEYWORDS

Traffic Detection, DDos, Network-IDS, Snort

Citation status

* References for papers published after 2023 are currently being built.

[web] OWASP / vulnerability / http://www.owasp.org/index.php/OWASP:About

[thesis] S. Kumar / 1995 / Classification and Detection of Computer Intrusion / 박사 / Purdue University

[confproc] A. Valdes / 2001 / Probabilistic alert correlation / RAID 2001 : 54~68

[confproc] Jonatan Gomez / 2003 / An Immuno-Fuzzy Approach to Anomaly Detection / Proc, IEEE

[web] / Snort Signature Database / http://www.snort.org/snort-db/sid.html?sid=112

[journal] 신현준 / 2007 / IHarmful Traffic Detection by Web Traffic Analysis / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 12(2) : 221~230

[journal] 장문수 / 2008 / Web Application Attack Prevention by Traffic Analysis / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 13(3) : 139~146

[thesis] 한순재 / 2004 / 상관성을 이용한 웹 기반의 침입탐지 트래픽 분석 / 석사 / 충북대학교 대학원

[confproc] 최일준 / 2008 / 상관성을 이용한 웹 공격 탐지 기법 / 한국엔터테인먼트산업학회 2008년 춘계학술대회 논문집 : 70~73

[journal] 홍성민 / 2007 / 사용자 인증과 파라미터 암호화를 이용한 웹 공격 차단 알고리즘 / 한국엔터테인먼트산업학회 논문지 1(1) : 54~59

[confproc] A. Valdes / 2001 / Probabilistic alert correlation / RAID 2001 : 54~68

[book] H. Debar / 2001 / Aggregation and correlation of intrusion-detection alerts / In Recent Advances in Intrusion Detection

[book] P. Ning / 2002 / An intrusion alert correlator based on prerequisites of intrusion / North Carolina State University

[confproc] C. Schuba / 1997 / Analysis of a Denial of Service Attack on TCP / Proc. of the IEEE Symp, on Security and Privacy : 208~223

[confproc] R. Stone / 2000 / An IP Overlay Network for Tracing DoS Floods / Proc. 2000 USENIX Security Symp

[book] D. Dittrich / 2000 / Distributed Denial of Service Attacks/tools Resource Page / University of Wasington

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65