An Auto-Verification Method of Security Events Based on Empirical Analysis for Advanced Security Monitoring and Response
作者: Kyu-Il Kim , Hark-Soo Park , Ji-Yeon Choi , Sang-Jun Ko , Jung-Suk Song
DOI: 10.13089/JKIISC.2014.24.3.507
关键词:
摘要: ABSTRACT Domestic CERTs are carrying out monitoring and response against cyber attacks using security devices(e.g., IDS, TMS, etc) based on signatures. Particularly, in case of public resear ch institutes, about 30 center s being operated under National Cyber Security Center(NCSC) Na tional Intelligence Service(NIS). They mainly Threat Management System(TMS) for providing re sponse service. Since TMS raises a large amount events most them not related to real attacks, analyst who carries the suffers from analyzing all finding them. Also, since tasks depend analyst's know -how, there is fatal problem that they tend focus specific events, so it unable ana lyze respond unknown attacks. Therefore, we propose automated verification method their empirical analysis improve performance response. Keywords: Monitoring Response, Automated Verification, Secu rity Events, Empirical Analysis접수일(2014년 3월 11일), 수정일(2014년 5월 20일), 게재확정일(2014년 21일)* 본 연구는 2014년도 미래창조과학부의 수탁사업 「과학기술사이버안전센터 구축 및 운영사업」의 지원을 받아 수행된 연구임(G-14-GM-IR02)† 주저자, kisados@kisti.re.kr‡ 교신저자, song@kisti.re.kr(Corresponding author)
koreascience.or.kr参考文章(12)
Ho-sub Lee, Eung-ki Park, Jung-taek Seo, None, A New Method to Detect Anomalous State of Network using Information of Clusters information security and cryptology. ,vol. 22, pp. 545- 552 ,(2012)
Peng Ning, Christopher G. Healey, Robert St. Amant, Dingbang Xu, Building Attack Scenarios through Integration of Complementary Alert Correlation Method. network and distributed system security symposium. ,(2004)
Hervé Debar, Andreas Wespi, Aggregation and Correlation of Intrusion-Detection Alerts recent advances in intrusion detection. pp. 85- 103 ,(2001) , 10.1007/3-540-45474-8_6
Peng Ning, Yun Cui, Douglas S. Reeves, Analyzing intensive intrusion alerts via correlation recent advances in intrusion detection. pp. 74- 94 ,(2002) , 10.1007/3-540-36084-0_5
Pedro Casas, Johan Mazel, Philippe Owezarski, Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge Computer Communications. ,vol. 35, pp. 772- 783 ,(2012) , 10.1016/J.COMCOM.2012.01.016
Y. Livnat, J. Agutter, S. Moon, S. Foresti, Visual correlation for situational awareness ieee symposium on information visualization. pp. 13- 13 ,(2005) , 10.1109/INFOVIS.2005.36
Peng Ning, Yun Cui, Douglas S. Reeves, Dingbang Xu, Techniques and tools for analyzing intrusion alerts ACM Transactions on Information and System Security. ,vol. 7, pp. 274- 318 ,(2004) , 10.1145/996943.996947
Kiran Lakkaraju, William Yurcik, Adam J. Lee, NVisionIP: netflow visualizations of system state for security situational awareness visualization for computer security. pp. 65- 72 ,(2004) , 10.1145/1029208.1029219
Peng Ning, Yun Cui, Douglas S. Reeves, Constructing attack scenarios through correlation of intrusion alerts Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 245- 254 ,(2002) , 10.1145/586110.586144
Giorgio Giacinto, Roberto Perdisci, Fabio Roli, Alarm Clustering for Intrusion Detection Systems in Computer Networks Machine Learning and Data Mining in Pattern Recognition. pp. 184- 193 ,(2005) , 10.1007/11510888_19