ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper Kernel-level Intrusion Detection System for Minimum Packet Loss
Cited - time in scopus Share share facebook twitter linkedin kakaostory
Authors
Bo Heung Chung, Jeong Nyeo Kim, Sung Won Soh, Chee Hang Park
Issue Date
2004-02
Citation
International Conference on Advanced Communication Technology (ICACT) 2004, pp.207-212
Publisher
IEEE
Language
English
Type
Conference Paper
DOI
https://dx.doi.org/10.1109/ICACT.2004.1292859
Abstract
Supporting dynamic rule change with minimum packet loss is one of the key issues for intrusion detection. To detect intrusion, in general, Intrusion Detection System(IDS) has a copy step where P packet is captured at kernel level and it is used for detection in user level. While doing this job, the next packet cannot be captured because this procedure isn ’t finished yet. This paper proposes the Kernel-level Intrusion Detection System(KIDS) which can detect various network attacks with minimum packet loss. This system is executed in kernel as a kernel program, and can detect intrusion at kernel level without copy step. Dynamic rule change is done quickly through appending and setting a delete mark operation. After this work, it is not needed to reboot a kernel and new type of network attack can be detected easily. With the help of this dynamic rule change, waiting time of detection process is minimized and its job can be continued as quickly as possible. Due to these features, the packet loss is greatly reduced.
KSP Keywords
Intrusion detection system(IDS), Kernel level, Key Issues, Network Attacks, Rule change, Waiting Time, detection process, new type, packet loss, time of detection