Development of threat evaluation tool for distributed network environment

Keun Hee Han, Il Gon Kim, Kang Won Lee, Jin Young Choi, Sang Hun Jeon

Research output: Contribution to journalArticle

Abstract

Current information protection systems only detect and warn against individual intrusion, and are not able to provide a collective and synthesized alert message. In this paper, we propose a new Meta-IDS system which is called "SIA System". The SIA system can filter redundant alert messages, analyze mixed attacks using correlation alert messages from each sensor and respond to security threats quickly, after classifying them into one of four different statuses. Then we implement the SIA system and test the efficiency of it in the managed networks. Thus we confirm that the SIA system enables security managers to deal with security threats efficiently.

Original languageEnglish
Pages (from-to)109-121
Number of pages13
JournalComputing and Informatics
Volume24
Issue number2
Publication statusPublished - 2005 Nov 28

Fingerprint

Security systems
Managers
Sensors

Keywords

  • ESM (Enterprise Security Management)
  • IDS (Intrusion Detection System)
  • SIA (Security Information Alert)
  • SIM (Security Information Management)

ASJC Scopus subject areas

  • Artificial Intelligence

Cite this

Han, K. H., Kim, I. G., Lee, K. W., Choi, J. Y., & Jeon, S. H. (2005). Development of threat evaluation tool for distributed network environment. Computing and Informatics, 24(2), 109-121.

Development of threat evaluation tool for distributed network environment. / Han, Keun Hee; Kim, Il Gon; Lee, Kang Won; Choi, Jin Young; Jeon, Sang Hun.

In: Computing and Informatics, Vol. 24, No. 2, 28.11.2005, p. 109-121.

Research output: Contribution to journalArticle

Han, KH, Kim, IG, Lee, KW, Choi, JY & Jeon, SH 2005, 'Development of threat evaluation tool for distributed network environment', Computing and Informatics, vol. 24, no. 2, pp. 109-121.
Han, Keun Hee ; Kim, Il Gon ; Lee, Kang Won ; Choi, Jin Young ; Jeon, Sang Hun. / Development of threat evaluation tool for distributed network environment. In: Computing and Informatics. 2005 ; Vol. 24, No. 2. pp. 109-121.
@article{a394962a002f4c24858dc5df7fbdd5dc,
title = "Development of threat evaluation tool for distributed network environment",
abstract = "Current information protection systems only detect and warn against individual intrusion, and are not able to provide a collective and synthesized alert message. In this paper, we propose a new Meta-IDS system which is called {"}SIA System{"}. The SIA system can filter redundant alert messages, analyze mixed attacks using correlation alert messages from each sensor and respond to security threats quickly, after classifying them into one of four different statuses. Then we implement the SIA system and test the efficiency of it in the managed networks. Thus we confirm that the SIA system enables security managers to deal with security threats efficiently.",
keywords = "ESM (Enterprise Security Management), IDS (Intrusion Detection System), SIA (Security Information Alert), SIM (Security Information Management)",
author = "Han, {Keun Hee} and Kim, {Il Gon} and Lee, {Kang Won} and Choi, {Jin Young} and Jeon, {Sang Hun}",
year = "2005",
month = "11",
day = "28",
language = "English",
volume = "24",
pages = "109--121",
journal = "Computing and Informatics",
issn = "1335-9150",
publisher = "Slovak Academy of Sciences",
number = "2",

}

TY - JOUR

T1 - Development of threat evaluation tool for distributed network environment

AU - Han, Keun Hee

AU - Kim, Il Gon

AU - Lee, Kang Won

AU - Choi, Jin Young

AU - Jeon, Sang Hun

PY - 2005/11/28

Y1 - 2005/11/28

N2 - Current information protection systems only detect and warn against individual intrusion, and are not able to provide a collective and synthesized alert message. In this paper, we propose a new Meta-IDS system which is called "SIA System". The SIA system can filter redundant alert messages, analyze mixed attacks using correlation alert messages from each sensor and respond to security threats quickly, after classifying them into one of four different statuses. Then we implement the SIA system and test the efficiency of it in the managed networks. Thus we confirm that the SIA system enables security managers to deal with security threats efficiently.

AB - Current information protection systems only detect and warn against individual intrusion, and are not able to provide a collective and synthesized alert message. In this paper, we propose a new Meta-IDS system which is called "SIA System". The SIA system can filter redundant alert messages, analyze mixed attacks using correlation alert messages from each sensor and respond to security threats quickly, after classifying them into one of four different statuses. Then we implement the SIA system and test the efficiency of it in the managed networks. Thus we confirm that the SIA system enables security managers to deal with security threats efficiently.

KW - ESM (Enterprise Security Management)

KW - IDS (Intrusion Detection System)

KW - SIA (Security Information Alert)

KW - SIM (Security Information Management)

UR - http://www.scopus.com/inward/record.url?scp=27844572387&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=27844572387&partnerID=8YFLogxK

M3 - Article

VL - 24

SP - 109

EP - 121

JO - Computing and Informatics

JF - Computing and Informatics

SN - 1335-9150

IS - 2

ER -