• Journal of the Korea Society for Simulation
• /
• v.10 no.1
• /
• pp.83-92
• /
• 2001

For the prevention of the network intrusion from damaging the system, both IDS (Intrusion Detection System) and Firewall are frequently applied. The collaboration of IDS and Firewall efficiently protects the network because of making up for the weak points in the each demerit. A model has been constructed based on the DEVS (Discrete Event system Specification) formalism for the simulation of the system that consists of IDS and Firewall. With this model we can simulation whether the intrusion detection, which is a core function of IDS, is effectively done under various different conditions. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network where the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. If an agent detects intrusions, it transfers attacker's information to a Firewall. Using this mechanism attacker's packets detected by IDS can be prevented from damaging the network.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.11 no.6
• /
• pp.619-626
• /
• 2016

Intrusion detection model detects a intrusion when intrusion behaviour occurred. The model analyzes a variety of intrusion pattern and supports a modeling method to represent for a intrusion pattern efficiently. Particularly, the model defines classes of intrusion pattern and supports modeling method that detects a network level intrusion through multiple hosts for multiple intrusions. In this paper, proposes a multiple intrusion detection model that support a verification method for intrusion detection systems and verifies a safeness of proposed model and compares with other models.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.2
• /
• pp.235-242
• /
• 2004

As e-business being rapidly developed the importance of security is on the rise in network. Intrusion detection systems which are a core security system detect the network intrusion trial. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network and the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. Each agent cooperates through the BBA (Black Board Architecture) and CNP (Contract Net Protocol) for detecting intrusions. In this paper, we propose the effective method comparing the blackboard architecture to contract net protocol.

• Journal of the Korea Society for Simulation
• /
• v.11 no.4
• /
• pp.91-105
• /
• 2002

The attackers on Internet-connected systems we are seeing today are more serious and technically complex than those in the past. So it is beyond the scope of amy one system to deal with the intrusions. That the multiple IDSes (Intrusion Detection System) coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (BlackBoard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (BlackBoard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete EVent system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses these detection information.

• Journal of Institute of Control, Robotics and Systems
• /
• v.9 no.4
• /
• pp.310-319
• /
• 2003

As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.1051-1055
• /
• 2003

Policies are collections of general principles specifying the desired behavior and state of a system. Network management is mainly carried out by following policies about the behavior of the resources in the network. Policy-based (PB) network management supports to manage distributed system in a flexible and dynamic way. This paper focuses on configuration management based on Internet Engineering Task Force (IETF) standards. Network security approaches include the usage of intrusion detection system to detect the intrusion, building firewall to protect the internal systems and network. This paper presents how the policy-based framework is collaborated among the network security systems (intrusion detection system, firewall) and intrusion detection systems are cooperated to detect the intrusions.

• Journal of Internet Computing and Services
• /
• v.4 no.2
• /
• pp.69-80
• /
• 2003

Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles, and detectes modificated anomaly intrusions effectively. In this paper, the relation among system calls of processes is represented by bayesian network and Multiple Sequence Alignment. Program behavior profiling by Bayesian Network classifies modified anomaly intrusion behaviors, and detects anomaly behaviors. we had simulation by proposed normal behavior profiling technique using UNM data.

• Proceedings of the KSRS Conference
• /
• 2008.10a
• /
• pp.100-103
• /
• 2008

COMS(Communication, Ocean and Meteorological Satellite) has multiple payloads; Meteorological Image(MI), Ocean Color Imager(GOCI) and Ka-band communication payloads. MI has 4 IR and 1 visible channel. In order to improve the quality of IR image, two calibration sources are used; black body image and cold space look data. In case of COMS, the space look is performed at 10.4 degree away from the nadir in east/west direction. During space look, SUN or moon intrusions are strictly forbidden, because it would degrade the quality of collected IR channel calibration data. Therefore we shall pay attention to select space look side depending on SUN and moon location. This paper proposes and discusses a simple and complete space look side selection logic based on SUN and moon intrusion event file. Computer simulation has been performed to analyze the performance of the proposed algorithm in term of east/west angular distance between space look position and hazardous intrusion sources; SUN and moon.

• The Journal of the Petrological Society of Korea
• /
• v.11 no.2
• /
• pp.74-89
• /
• 2002

Rock units, relating with the Guamsan caldera, are composed of Guamsan Tuff and rhyolitic intrusions. The Guamsan Tuff consists almost entirely of ash-flow tuffs with some volcanic breccias and fallout tuffs. The volcanic breccia comprises block and ash-flow breccias of near-vent facies and caldera-collapse breccia near the ring fracture. The lower ash-flow tuffs are of an expanded pyroclastic flow phase from the pyroclastic flow-forming eruption with an ash-cloud fall phase of the fallout tuffs on the flow units, but the upper ones are of a non-expanded ash-flow phase from the boiling-over eruption. The rhyolitic intrusions are divided into intracaldera intrusions and ring dikes that are subdivided into inner, intermediate and outer dikes. We compile the volcanic processes along a single cycle of cadela development from the eruptive phases in the Guamsan area. The explosive eruptions began with block and ash-flow phases from collapse of glowing lava dome caused by Pelean eruption, progressed through expanded pyroclastic flow phases and ash-cloud fallout phases during high column collapse of pyroclastic flow-forming eruption from a single central vent. This was followed by non-expanded ash-flow phases due to boiling-over eruption from multiple ring fissure vents. The caldera collapse induced the translation into ring-fissure vents from a single central vent in the earlier eruption. After the boiling-over eruption, there followed an effusive phase in which rhyolitic magma was injected and erupted to be progressively emplaced as small plugs/dikes and ring dikes with many lava domes on the surface. Finally rhyodacitic magma was on emplaced as a series of dikes along the junction of both outer and intermediate dikes on the southwestern side of the caldela.

• Economic and Environmental Geology
• /
• v.16 no.2
• /
• pp.111-123
• /
• 1983

The studied area is situated in tho southern part of the Ogcheon fold belt, where the "Ogcheon Group" is widespread with Jurassic and Cretaceous intrusions. The regional stratigraphy may be divided into three formations, the lower pebble bearing phyllitic, the middle dark grey phyllitic, and the upper black phyllitic formations. For the purposes of the present study, the area has been partitioned to three structural subareas based on major fold axes and fault line. The main subjects of the research have been discussed from two different points, multiple deformation and minor-micro fold styles. The former is analyzed by pebble elongation, folding and lineation in a pebbly formation as well as schistosity, crenulation cleavage and crenulated lineation in the phyllitic formation. The later describes the characteristic features of fold style in each formation and structural subarea. Although minor fold axes within broad pelitic rocks usually tend to trend northeast and to plunge northward, most of these were probably formed by two stages, first a similar fold phase and second a kink fold phase. Measured structural elements indicate that crenulation cleavage in phyllite formed parallel to fold axes of folded pebble followed a NE phase of first deformation and a fold axes of pebbles diagonal to bedding of phyllite are represented by a NW phase of a second deformation. Microscopically, quartz and mica grains form a micro fold enabling one to establish tectonic levels which occur in different deformation modes in each stratigraphic sequence. Microtextures such as crenulation cleavage, kink band, aggregate band of mica and pressure shadows of porphyroblast of quartz related to qarnet and staurolite may suggest the time relation of crystallization and tectonism. The result of this study may conform that three deformation phase, NE first phase-NE second phase-NW phase, occurred in the area.