The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Secure Communication Framework for the Detection System of Network Vulnerability Scan Attacks

네트워크 취약점 검색공격 탐지 시스템을 위한 안전한 통신 프레임워크 설계

  • Published : 2003.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose a secure communication framework for interaction and information sharing between a server and agents in DS-NVSA(Detection System of Network Vulnerability Scan Attacks) proposed in〔1〕. For the scalability and interoperability with other detection systems, we design the proposed IDMEF and IAP that have been drafted by IDWG. We adapt IDMEF and IAP to the proposed framework and provide SKTLS(Symmetric Key based Transport Layer Security Protocol) for the network environment that cannot afford to support public-key infrastructure. Our framework provides the reusability of heterogeneous intrusion detection systems and enables the scope of intrusion detection to be extended. Also it can be used as a framework for ESM(Enterprise Security Management) system.

본 논문에서는 취약점 검색공격 탐지시스템 DS-NVSA(Detection System of Network Vulnerability Scan Attacks)에서 서버와 에이전트들 사이의 상호연동을 위한 안전한 통신 프레임워크를 제안한다. 기존 시스템과의 상호연동을 위하여 제안 프레임워크는 IETF의 IDWG에서 제안한 IDMEF와 IAP를 확장 적용하였다. 또한 공개키 기반의 환경을 지원하지 못하는 네트워크 시스템을 위해 대칭키 기반의 암호화 통신 프로토콜 SKTLS(Symmetric Key based Transport Layer Security Protocol)를 제시하였다. 제안된 프레임워크는 DS-NVSA 이외에도 기존의 이기종 침입탐지 시스템의 제사용과 탐지 영역의 확대를 제공하며, 또한 기업내 통합 보안환경시스템 ESM(Enterprise Security Management) 시스템에도 적용될 수 있다.

Keywords

References

  1. II-Sun You and Kyoungsan Cho, 'An Improved Detection System for the Network Vulnerability Scan Attacks,' The KIPS Transations : Part C, Vol.8-C, No. 5, pp.543-550, 2001
  2. Korea Information Security Agency, 'Analysis of Large Scale Network Vulnerability Scan Attacks and Implementation of the Scan-Detection tool,' 1999, http://www.certcc.or.kr
  3. Korea Information Security Agency, '2001 Security incident Statistic in Korea,' 2001, http://www.certcc.or.kr.
  4. Clifford Kahn, Don Bolinger and Dan Schnackenberg, 'A Common Intrusion Detection Framework,' 1998, http://www.isi.edu/~brain/cidf/drafts/communication.txt
  5. D.Curry, H.Debar, 'Intrusion Detection Message Exchange Format data Model and Extensible Markup Language(XML) Document Type Difinition,, 2002
  6. Dierks,T. and C.Allen, 'The TLS Protocol Version1.0,' RFC2246, 1999
  7. Dipankar Gupta, 'IAP:Intrusion Alert Protocol,, 2001
  8. Fielding, et al., 'Hypertest Transfer Protocol-HTTP/1.1,' RFC 2616, 1999
  9. G.Mansfiled and D.Curr, 'Intrusion Detection Message Exchange Format Comparison of SMI and XML Implementions,, 2000
  10. http://www.isi.edu/~brain/cidf/
  11. J.Kim and P.Bentley, 'The Artificial immune Model for Network Intrusion Detection,'7th European Congress on intelligent Techniques and Soft Computing(EUFIT'99), http://www.cs.ucl.ac.uk/stuff/J.Kim/publication.html, 1999
  12. Mark Wood and Michael Erlinger, 'Intrusion Detection Message Exchange Requirements,, 2002
  13. Peng Ning, Sushil Jajodia and Sean Wang, 'Abstraction based Intrusion Detection in Distributed Environments,' ACM Transactions on Information and System Security(TISSEC), Vol.4, Issue.4, pp.407-452, 2001 https://doi.org/10.1145/503339.503342
  14. Rich Feiertag, et al., 'A Common Intrusion Specification Language(CISL),' http://www.isi.edu/~brain/cidf/drafts/language.txt. 1999
  15. Stephen Northcutt, 'Intelligence Gathering Techniques,' http://www.microsoft.com/technet/security/intel.asp
  16. Pollock, et al., 'Implementing the Intrusion Detection Exchange Protocol,' Proceedings of the 17th Annual Computer Security Applications Conference, http://www.acsac.org/2001/papers/67.pdf, 2001 https://doi.org/10.1109/ACSAC.2001.991519
  17. B.Feinstein, G.Matthews, and J.White, 'The Intrusion Detection Exchange Protocol(IDXP),, 2002
  18. Wenke Lee, et al., 'A Data Mining and CIDF Based Approach for Detecting Nobel and distributed Intrusions,' Proceedings of the 3rd International Workshop on the Recent Advances in Intrusion Detection, pp.49-65, 2000