Design and Implementation of a System to Detect Intrusion and Generate Detection Rule against Scan-based Internet Worms


The KIPS Transactions:PartC, Vol. 12, No. 2, pp. 191-200, Apr. 2005
10.3745/KIPSTC.2005.12.2.191,   PDF Download:

Abstract

The brilliant achievements in computers and the internet technology make it easy for users to get useful information. But at the same time, the damages caused by intrusions and denial of service attacks are getting more worse. Specially because denial of service attacks by internet worm incapacitate computers and networks, we should draw up a disposal plan against it. So far many rule-based intrusion detection systems have been developed, but these have the limits of these ability to detect new internet worms. In this paper, internet worms scan network to infect hosts. The system detects internet worms using detection rule. And if it detects traffic causing by a new scan-based internet worm, it generates new detection rule using traffic information that is gathered. Therefore it can response to new internet worms early. Because the system gathers packet payload, when it is being necessary only, it can reduce system's overhead and disk space that is required.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
I. S. Kim, H. Jo, M. H. Kim, "Design and Implementation of a System to Detect Intrusion and Generate Detection Rule against Scan-based Internet Worms," The KIPS Transactions:PartC, vol. 12, no. 2, pp. 191-200, 2005. DOI: 10.3745/KIPSTC.2005.12.2.191.

[ACM Style]
Ik Su Kim, Hyuk Jo, and Myung Ho Kim. 2005. Design and Implementation of a System to Detect Intrusion and Generate Detection Rule against Scan-based Internet Worms. The KIPS Transactions:PartC, 12, 2, (2005), 191-200. DOI: 10.3745/KIPSTC.2005.12.2.191.