패킷 로그 분석을 통한 Snort 규칙 추천 기법 연구

Abstract

Recently, as using of network service systems providing various services, such as FTP increases, attacks of hacker on them having vulnerabilities are increasing. Thus we need various security tools for detecting and preventing attacks. A IDS(Intrusion Detection System) being one of security tools detects external attacks by using rules for intrusion detection. Because applying whole of rules at a IDS consumes many resources and decrease speed of services, users of IDS need knowledge of security experts to properly configure rules at a IDS. To overcome these problems, this thesis proposes the system recommending Snort rules through packet log analysis. For this, firstly, the proposed system structures Snort rules and analyzes packet log generated from network service systems by using structured rule data. Secondly, the proposed system recommends proper rules based on the result of analysis. Finally, the proposed system applies recommended rules at Snort and removes them from Snort. The proposed system has an advantage of managing rules at Snort automatically and efficiently without knowledge of security experts.