Development of Integrated Insider Attack Detection System Using Intelligent Packet Filtering

External threats to the cyber-infrastructure of an organization are constantly evolving. The greatest threat, however, is the problem of insiders who misuse their privileges for malicious purposes. These days, private information has often been leaked because of increased IT outsourcing, administrator´s moral problems, multiple root accounts, and root accounts shared by many users, etc. Accordingly, organizations have employed insider attack detection systems to protect their critical information from break-ins by insider attack and hackers. In this paper, we developed an integrated insider attack detection system which was composed of a minimized hardware appliance and a software package using TCP tunneling. It could be configured as a gateway between users and the legacy servers in order to protect the important internal information in the legacy servers. And it could control the access of users on the servers, who were connected by Telnet or FTP, and would block the theft of confidential information using intelligent packet filtering. Also, it should provide an audit using the packet logging on the legacy servers.