Çѱ¹Á¤º¸Åë½ÅÇÐȸ ³í¹®Áö (Journal of the Korea Institute of Information and Communication Engineering)
Current Result Document : 1 / 1
| ÇѱÛÁ¦¸ñ(Korean Title) |
ŸÀÓ À©µµ¿ì ±â¹ÝÀÇ T-N2SCD ŽÁö ¸ðµ¨ ±¸Çö |
| ¿µ¹®Á¦¸ñ(English Title) |
Design of T-N2SCD Detection Model based on Time Window |
| ÀúÀÚ(Author) |
½Å¹Ì¿¹
¿øÀÏ¿ë
ÀÌ»óÈ£
Mi-Yea Shin
Il-Young Won
Sang-Ho Lee
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 13 NO. 11 PP. 2341 ~ 2348 (2009. 11) |
Çѱ۳»¿ë
(Korean Abstract) |
È£½ºÆ® ±â¹Ý ħÀÔŽÁö ±â¹ý¿¡´Â ½Ã½ºÅÛ È£Ãâ ¼ø¼¸¦ °í·ÁÇÏ´Â ¹æ¹ý°ú ½Ã½ºÅÛ È£Ãâ ÆĶó¹ÌÅ͸¦ °í·ÁÇÏ´Â ¹æ¹ýÀÌ ÀÖ´Ù. ÀÌ µÎ ¹æ¹ýÀº ÇÁ·Î¼¼½ºÀÇ ½Ã½ºÅÛ È£ÃâÀÌ ÀϾ´Â Àü ±¸°£¿¡¼ ½Ã½ºÅÛ È£Ãâ ¼ø¼¿¡ ÀÌ»óÀÌ Àְųª ½Ã½ºÅÛ È£Ãâ ÆĶó¹ÌÅÍÀÇ ¼ø¼ ¹× ±æÀÌ µî¿¡ ÀÌ»óÀÌ ÀÖ´Â °æ¿ì¿¡ ÀûÇÕÇÏÁö¸¸ ±àÁ¤Àû °áÇÔÀ²°ú ºÎÁ¤Àû °áÇÔÀ²ÀÌ ³ôÀº ´ÜÁ¡ÀÌ ÀÖ´Ù. ÀÌ ³í¹®¿¡¼´Â ½Ã½ºÅÛ È£ÃâÀ» ÀÌ¿ëÇÑ ¹æ¹ý¿¡¼ ¹ß»ýÇÏ´Â ±àÁ¤Àû °áÇÔÀ²°ú ºÎÁ¤Àû °áÇÔÀ²À» ÁÙÀ̱â À§Çؼ ´ÜÀ§ ½Ã°£À» µµÀÔÇÑ Å¸ÀÓ À©µµ¿ì ±â¹ÝÀÇ T-N2SCD ŽÁö ¸ðµ¨À» Á¦¾ÈÇÑ´Ù. Á¦¾È ¸ðµ¨ÀÇ ½ÇÇè¿¡ »ç¿ëµÈ µ¥ÀÌÅÍ´Â DARPA¿¡¼ Á¦°øµÈ µ¥ÀÌÅÍÀ̸ç, ½ÇÇè °á°ú Á¦¾È ¸ðµ¨Àº ´Ù¸¥ ½Ã°£ °£°Ý º¸´Ù 1000ms ½Ã°£ °£°ÝÀ¸·Î ½ÇÇèÇÏ¿´À» °æ¿ì°¡ ±àÁ¤Àû °áÇÕ·ü°ú ºÎÁ¤Àû °áÇÕ·üÀÌ °¡Àå ³·¾Ò´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
An intrusion detection technique based on host consider system call sequence or system call arguments. These two ways are suitable when system call sequence or order and length of system call arguments are out of order. However, there are two disadvantages which a false positive rate and a false negative rate are high. In this paper we propose the T-N2SCD detection model based on Time Window in order to reduce false positive rate and false negative rate. Data for using this experiment is provided from DARPA. As experimental results, the proposed model showed that the false positive rate and the false negative rate are lowest at an interval of 1000ms than at different intervals.
|
| Å°¿öµå(Keyword) |
ħÀÔŽÁö ½Ã½ºÅÛ
½Ã½ºÅÛ È£Ãâ ¼ø¼
Àμö ±æÀÌ
Intrusion Detection System
system call sequence
argument length
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
