Real-time analysis of intrusion detection alerts via correlation연관성 분석 기술을 이용한 실시간 침입탐지정보 분석시스템에 관한 연구
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.advisor | Yoon, Hyun-Soo | - |
| dc.contributor.advisor | 윤현수 | - |
| dc.contributor.author | Lee, Soo-Jin | - |
| dc.contributor.author | 이수진 | - |
| dc.date.accessioned | 2011-12-13T05:21:32Z | - |
| dc.date.available | 2011-12-13T05:21:32Z | - |
| dc.date.issued | 2006 | - |
| dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=254440&flag=dissertation | - |
| dc.identifier.uri | http://hdl.handle.net/10203/32912 | - |
| dc.description | 학위논문(박사) - 한국과학기술원 : 전산학전공, 2006.2, [ ix, 67 p. ] | - |
| dc.description.abstract | With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. In addition, their content is so poor that it requires the human operator to go back to the original data source to acquire the necessary information. That is, human operators are fully responsible for analyzing a network``s status and the trends of cyber attacks. Moreover, although cyber attacks can produce multiple correlated alerts, IDSs are generally unable to detect such attacks as a complex single attack but regard each alert as a separate attack. Therefore, in the early-stage, it is difficult to detect large-scale attacks such as a distributed denial of service(DDoS) or a worm. To address this problem, many researchers have proposed a technique named alert correlation. Unfortunately, even though a number of correlation approaches have been suggested, most approaches have several limitations: shortage of practicality, additional overhead of human operators that cannot be ignored, neglect of the importance of time information, and so on. We therefore propose a fast and efficient system for analyzing alerts via correlation. In proposing the system, we focused on providing flexibility, automation, and real-time processing capability. Our system basically depends on the probabilistic correlation. However, we enhance the probabilistic correlation by applying more systematically defined similarity functions and also present a new correlation component that is absent in other correlation models. Compared with other models, our model has several advantages. First, we considered the time similarity, though this major measure of correlation is disregarded in other models, and we ... | eng |
| dc.language | eng | - |
| dc.publisher | 한국과학기술원 | - |
| dc.subject | Alert analysis | - |
| dc.subject | Intrusion detection system | - |
| dc.subject | Correlation | - |
| dc.subject | 연관성 분석 | - |
| dc.subject | 침입탐지정보 분석 | - |
| dc.subject | 침입탐지 시스템 | - |
| dc.title | Real-time analysis of intrusion detection alerts via correlation | - |
| dc.title.alternative | 연관성 분석 기술을 이용한 실시간 침입탐지정보 분석시스템에 관한 연구 | - |
| dc.type | Thesis(Ph.D) | - |
| dc.identifier.CNRN | 254440/325007 | - |
| dc.description.department | 한국과학기술원 : 전산학전공, | - |
| dc.identifier.uid | 020025223 | - |
| dc.contributor.localauthor | Yoon, Hyun-Soo | - |
| dc.contributor.localauthor | 윤현수 | - |
- Appears in Collection
- CS-Theses_Ph.D.(박사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.