Title :
Development of Integrated Insider Attack Detection System Using Intelligent Packet Filtering
Author_Institution :
Div. of IT, Kimpo Coll., Gimpo, South Korea
Abstract :
External threats to the cyber-infrastructure of an organization are constantly evolving. The greatest threat, however, is the problem of insiders who misuse their privileges for malicious purposes. These days, private information has often been leaked because of increased IT outsourcing, administrator´s moral problems, multiple root accounts, and root accounts shared by many users, etc. Accordingly, organizations have employed insider attack detection systems to protect their critical information from break-ins by insider attack and hackers. In this paper, we developed an integrated insider attack detection system which was composed of a minimized hardware appliance and a software package using TCP tunneling. It could be configured as a gateway between users and the legacy servers in order to protect the important internal information in the legacy servers. And it could control the access of users on the servers, who were connected by Telnet or FTP, and would block the theft of confidential information using intelligent packet filtering. Also, it should provide an audit using the packet logging on the legacy servers.
Keywords :
security of data; software packages; IT outsourcing; TCP tunneling; Telnet; administrator moral problems; gateway; integrated insider attack detection system; intelligent packet filtering; legacy servers; malicious purposes; multiple root accounts; packet logging; root accounts; software package; Engines; Filtering; Hardware; Home appliances; Program processors; Security; Servers; Integrated Insider Attack Detection; Intelligent agent; Packet Filtering; TCP tunneling; provisioning;
Conference_Titel :
Computers, Networks, Systems and Industrial Engineering (CNSI), 2011 First ACIS/JNU International Conference on
Conference_Location :
Jeju Island
Print_ISBN :
978-1-4577-0180-1
DOI :
10.1109/CNSI.2011.4
