An effective method for analyzing intrusion situation through IP-Based classification

  • Authors:

  • Minsoo Kim;Jae-Hyun Seo;Seung-Yong Lee;Bong-Nam Noh;Jung-Taek Seo;Eung-Ki Park;Choon-Sik Park

  • Affiliations:

  • Dept. of Information Security, Mokpo Nat’l Univ., Mokpo, Korea;Dept. of Information Security, Mokpo Nat’l Univ., Mokpo, Korea;Div. of Electr-Comp. & Inform-Engine., Chonnam Nat’l Univ., Gwangju, Korea;Div. of Electr-Comp. & Inform-Engine., Chonnam Nat’l Univ., Gwangju, Korea;National Security Research Institute, Daejeon, Korea;National Security Research Institute, Daejeon, Korea;National Security Research Institute, Daejeon, Korea

  • Venue:
  • ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

Due to a false alert or mass alerts by current intrusion detection systems, the system administrators have difficulties in real-time analysis of an intrusion. In order to solve this problem, it has been studied to analyze the intrusion situation or correlation. However, the existing situation analysis method is grouping with the similarity of measures, and it makes hard to respond appropriately to an elaborate attack. Also, the result of the method is so abstract that the raw information before reduction must be analyzed to realize the intrusion. In this paper, we reduce the number of alerts using the aggregation and correlation and classify the alerts by IP addresses and attack types. Through this method, our tool can find a cunningly cloaked attack flow as well as general attack situation, and more, they are visualized. So an administrator can easily understand the correct attack flow.