Threat evaluation method for distributed network environment

Keun Hee Han, Il Gon Kim, Kang Won Lee, Jim Young Choi, Sang Hun Jeon

Research output: Contribution to journalArticle

Abstract

The approach proposed in this paper involves the creation of a new algorithm for analyzing correlation alerts and providing the correct information regarding the detection of various types of security attacks, such as DDoS. It also enables the evaluation of the attack status, the degree of danger from the viewpoint of a managed network environment and the assets protected by the security devices. This paper proposes an advanced ESM system (referred to as the "SIA System"), which is capable of grouping a large amount of alert messages, analyzing mixed attacks using correlation alert messages from each sensor and responding to security threats quickly, after classifying them into one of four different statuses. It was confirmed that this system implementation could identify and analyze all types of intrusion by attackers in a managed network. Therefore, it provides a very effective means for security experts to cope with security threats in real time.

Original languageEnglish
Pages (from-to)889-902
Number of pages14
JournalJournal of Information Science and Engineering
Volume22
Issue number4
Publication statusPublished - 2006 Jul 1

    Fingerprint

Keywords

  • ESM (enterprise security management)
  • Meta-IDS
  • SIA (security information alert)
  • SIM (security information management)
  • Status evaluation logic

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Hardware and Architecture
  • Library and Information Sciences
  • Computational Theory and Mathematics

Cite this