DMKB : A Defense Mechanism Knowledge Base

  • Eun-Jung Choi
  • Hyung-Jong Kim
  • Myuhng-Joo Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3043)


The major cause of the internet incidents is the vulnerability, which is usually exploited by human attackers or worm virus. Thus the implementation of database on vulnerability is most valuable. If vulnerability is found newly, its information can be included in this database. The contemporary vulnerability databases, however, show weakness in describing countermeasures, although they are practically useful in removing or avoiding vulnerability. This comes from the lack of the analysis process on both semantics and patterns for countermeasures. In this paper, we defined the countermeasures in view of defense mechanism and suggested their representation schemes. In semantics, defense mechanisms can be classified into prevention, detection, recovery and tolerance. And they can be expressed in patterns as the composition of aim, condition, and action. Considering these features, we implemented a knowledge base on defense mechanism – DMKB. By using DMKB, users can get almost whole knowledge with keyword searching under GUI. Our DMKB can be utilized in automatic security testing and management for a given system.


Defense Mechanism Intrusion Detection Security Policy Intrusion Detection System Knowledge Representation Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lipson, H.F.: Tracking and Training Cyber-Attacks: Technical Challenges and Global Policy Issues. Special Report No. CMU/SEI-2002-SR-009, Software Engineering Institute, Carnegie Mellon University, Pittsburgh PA, 9-12 (2002) Google Scholar
  2. 2.
  3. 3.
  4. 4.
    Kim, H., Koh, K., Shin, D., Kim, H.: Vulnerability Assessment Simulation for Information Infrastructure Protection. In: Infrastructure Security Conference 2002, Bristol, UK (2002)Google Scholar
  5. 5.
    Ilgun, K.: USTAT - A Real Time Intrusion Detection System for UNIX, MS Degree Dissertation, Univ. of California at Santa Barbara (1992) Google Scholar
  6. 6.
  7. 7.
  8. 8.
    F/W-1 User’s Manual, CheckPoint Google Scholar
  9. 9.
  10. 10.
    Howard, J.D., Longstaff, T.A.: A Common Language for Computer Security Incidents. SANDIA98-8667 Sandia National Laboratories, pp. 8–16 (1998) Google Scholar
  11. 11.
    Bishop, M.: Vulnerabilities Analysis. Proceedings of the Recent Advances in Intrusion Detection (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Eun-Jung Choi
    • 1
  • Hyung-Jong Kim
    • 2
  • Myuhng-Joo Kim
    • 1
  1. 1.College of Information and CommunicationsSeoul Women’s UniversitySeoulKorea
  2. 2.Korea Information Security AgencySeoulKorea

Personalised recommendations