A Study on Dynamic Configuration of Attacker Blocking Time through Linux Log Analysis

Jinyong Jo; Ju-Won Park; Seung-Hae Kim; Buseung Cho

A Study on Dynamic Configuration of Attacker Blocking Time through Linux Log Analysis

Vol. 49, No. 10, pp. 1397-1409, Oct. 2024

10.7840/kics.2024.49.10.1397

PDF Full-Text

Abstract

Network firewalls are a key security element that protects internal resources from security attacks. However, as the number of firewall rules increases, the performance of firewalls degrades and the management burden increases. In particular, small-capacity firewalls can accommodate only a limited number of rules, making it difficult to defend against persistent attacks. This study proposes the MALP (More Attack, Longer Penalty) algorithm that can dynamically set the attack blocking time to mitigate the lack of rule capacity and performance degradation problems. MALP adaptively increases the blocking time when subsequent attacks are detected during the penalty time. It leverages data features such as attack intervals, obtained by Linux logs collected from a host-based intrusion detection system. Computer simulation showed that the proposed algorithm yielded an 81.22% performance improvement, effectively blocking attacks with a small number of firewall rules.

Statistics

Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.

Sang-Hoon Jeon, Jeong-Hoon Jeon · Vol. 35, No. 7

Jeong-hoon Jeon · Vol. 33, No. 8

Byeong-hong Son, Myungsik Yoo · Vol. 49, No. 9

Jeon-Hoon Jeon · Vol. 36, No. 11

Jeon-Hoon Jeon · Vol. 36, No. 1

Cite this article

[IEEE Style]

J. Jo, J. Park, S. Kim, B. Cho, "A Study on Dynamic Configuration of Attacker Blocking Time through Linux Log Analysis," The Journal of Korean Institute of Communications and Information Sciences, vol. 49, no. 10, pp. 1397-1409, 2024. DOI: 10.7840/kics.2024.49.10.1397.

[ACM Style]

Jinyong Jo, Ju-Won Park, Seung-Hae Kim, and Buseung Cho. 2024. A Study on Dynamic Configuration of Attacker Blocking Time through Linux Log Analysis. The Journal of Korean Institute of Communications and Information Sciences, 49, 10, (2024), 1397-1409. DOI: 10.7840/kics.2024.49.10.1397.

[KICS Style]

Jinyong Jo, Ju-Won Park, Seung-Hae Kim, Buseung Cho, "A Study on Dynamic Configuration of Attacker Blocking Time through Linux Log Analysis," The Journal of Korean Institute of Communications and Information Sciences, vol. 49, no. 10, pp. 1397-1409, 10. 2024. (https://doi.org/10.7840/kics.2024.49.10.1397)

Vol. 49, No. 10 Index

A Study on Dynamic Configuration of Attacker Blocking Time through Linux Log Analysis

Submenu

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

Recent Publications
(LAST 3 YEARS)

A Study on Dynamic Configuration of Attacker Blocking Time through Linux Log Analysis

A Secure Clustering Methodology and an Arrangement of Functional Firewall for the Enhancement of Performance in the Inbound Network

Study of the Enhancement Performance and Security of Inbound Network

A Study on the Automatic Configuration System for Firewall Blocking Rules Using IPS and NAT Session Mapping Information to Improve Network Web Service Attack Traffic Load in a Network Address Translation Environment

A Study of Carbon Dioxide Emissions due to the Performance Degradation Factors of An Inner Network

A Study of the Performance Degradation Factors of An Internal Network

Submenu

Search (IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS(TOP 10 KEYWORDS)

Recent Publications(LAST 3 YEARS)

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)