A Study on Network Security Management Improvement with Insider Information
| Autor: | Chia-Hao Tu, 杜家豪 |
|---|---|
| Rok vydání: | 2004 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 92 In the recent years, many organizations suffered information security events caused by hackers; it brings financial expense or even imperils survival of organizations. When organizations meet such an information security issue, they always buy network security productions and consti-tute security policy. But all these methods only focus on external threat from outside, they ignore the threat that caused by insider. So this study proposes the Integrated Insider Information DIDS. With the proposed scheme, information security issues caused by insiders could be initiated and monitored. The system structure of Integrated Insider Information DIDS is de-scribed as the following. First, it installs the intrusion detection sensor in each personal computer which insiders use. Each intrusion detection sen-sor will detect attack behaviors when computer is started. If the sensor detected an attack behavior, it sends warning messages to the database server. Information security management staff can read these messages with a central management computer. Since many intrusion detection sensors install and generate a lot of warning messages. In order to process the generated warning messages, an insider and attacker information se-quence mechanism is designed to filter warning messages and get key information for information security management staffs to know who suffered a high-risk state or had animosity in an organization. Next, sev-eral test scenarios are executed to verify the functionalities of the pro-posed system. At last, this study also tries to understand the advantages and flaws in the proposed scheme by comparing with other mechanism that can protect insider security. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|