• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1033-1042
• /
• 2023

This paper proposes a network intrusion detection system that identifies abnormal flows within the network. The majority of datasets commonly used in research lack time-series information, making it challenging to improve detection rates for attacks with fewer instances due to a scarcity of sample data. However, there is insufficient research regarding detection approaches. In this study, we build upon previous research by using the Artificial neural network(ANN) model and a stack ensemble technique in our approach. To address the aforementioned issues, we incorporate temporal information by leveraging adjacent flows and enhance the learning of samples from sparse attacks, thereby improving both the overall detection rate and the detection rate for sparse attacks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04d
• /
• pp.653-655
• /
• 2003

센서 네트워크 기술을 군의 무인정찰 응용 시스템에 활용하기 위해서, 무인항공기 (UAV, Unmanned Aerial Vehicle)와 정찰 기지국, 그리고 탐지 센서네트워크와 제어 센서네트워크로 구성된 무인정찰 센서 네트워크 구조를 제안하고, 그 구현 기술에 대하여 기술하였다.

• The KIPS Transactions:PartC
• /
• v.14C no.3 s.113
• /
• pp.199-208
• /
• 2007

In a ubiquitous network environment, detecting the leakage of personal information is very important. The leakage of personal information might cause severe problem such as impersonation, cyber criminal and personal privacy violation. In this paper, we have proposed a detection method of personal information leakage based on network traffic characteristics. The experimental results indicate that the traffic character of a real campus network shows the self-similarity and Proposed method can detect the anomaly of leakage of personal information by malicious code.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.3
• /
• pp.129-134
• /
• 2015

Since automatic social engineering based spam attacks induce for users to click or receive the short message service (SMS), e-mail, site address and make a relationship with an unknown friend, it is very easy for them to active in online social networks. The previous spam detection schemes only apply manual filtering of the system managers or labeling classifications regardless of the features of social networks. In this paper, we propose the spam detection metric after reflecting on a couple of features of social networks followed by analysis of real social network data set, Twitter spam. In addition, we provide the online social networks based unsupervised scheme for automated social engineering spam with self organizing map (SOM). Through the performance evaluation, we show the detection accuracy up to 90% and the possibility of real time training for the spam detection without the manager.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.228-230
• /
• 2022

딥러닝 기반의 인공지능 기술이 발달함에 따라 이상 탐지 방법에도 딥러닝이 적용되었다. 네트워크 트래픽으로부터 요약 및 집계된 Feature 를 학습하는 방법과 Packet 자체를 학습하는 등의 방법이 있었다. 그러나 모두 정보의 제한적으로 사용한다는 단점이 있었다. 본 연구에서는 Http Request에 대한 사전학습 기반의 효과적인 이상 탐지 방법을 제안한다. 사전학습에 고려되는 토큰화 방법, Padding 방법, Feature 결합 방법, Feature 선택 방법과 전이학습 시 Numerical 정보를 추가하는 방법을 소개하고 각 실험을 통해 최적의 방법을 제안한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.471-480
• /
• 2016

Recently, the damage of cyber attack toward infra-system, national defence and security system is gradually increasing. In this situation, military recognizes the importance of cyber warfare, and they establish a cyber system in preparation, regardless of the existence of threaten. Thus, the study of Intrusion Detection System(IDS) that plays an important role in network defence system is required. IDS is divided into misuse and anomaly detection methods. Recent studies attempt to combine those two methods to maximize advantagesand to minimize disadvantages both of misuse and anomaly. The combination is called Hybrid IDS. Previous studies would not be inappropriate for near real-time network environments because they have computational complexity problems. It leads to the need of the study considering the structure of IDS that have high detection rate and low computational cost. In this paper, we proposed a Hybrid IDS which combines C4.5 decision tree(misuse detection method) and Weighted K-means algorithm (anomaly detection method) hierarchically. It can detect malicious network packets effectively with low complexity by applying mutual information and genetic algorithm based efficient feature selection technique. Also we construct upgraded the the hierarchical structure of IDS reusing feature weights in anomaly detection section. It is validated that proposed Hybrid IDS ensures high detection accuracy (98.68%) and performance at experiment section.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.193-195
• /
• 2020

최근 IoT 기술의 발전을 통해 스마트홈 서비스가 사용자에게 활발하게 보급이 되고 있다. 스마트홈 서비스에서 발생하는 데이터는 개인정보를 내포하고 있으므로 보안이 매우 중요한 요소이다. 그러나 매해 스마트홈 해킹 신고가 증가하고 있으며 기존 네트워크 침입탐지 시스템은 관리자 계정을 탈취 당했을 경우 대응할 방법이 미비하다. 본 논문에서는 스마트홈 환경에서 발생하는 활동 데이터를 인공지능 알고리즘의 종류 중 하나인 랜덤포레스트를 통해 학습하고 분류모델을 구현했다. 구현한 모델은 87%이상의 높은 정확도로 측정되었다. 따라서 활동 데이터를 통해 분류를 시행하므로 네트워크에 이미 침입한 사용자를 탐지하여 대응할 수 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.266-268
• /
• 2022

최근 블록체인 기술이 부상하면서 이를 이용한 암호화폐가 범죄의 대상이 되고 있다. 특히 피싱 스캠은 이더리움 사이버 범죄의 과반수 이상을 차지하며 주요 보안 위협원으로 여겨지고 있다. 따라서 효과적인 피싱 스캠 탐지 방법이 시급하다. 그러나 전체 노드에서 라벨링된 피싱 주소의 부족으로 인한 데이터 불균형으로 인하여 지도학습에 충분한 데이터 제공이 어려운 상황이다. 이를 해결하기 위해 본 논문에서는 이더리움 트랜잭션 네트워크를 고려한 효율적인 네트워크 임베딩 기법인 trans2vec 과 준지도 학습 모델 tri-training 을 함께 사용하여 라벨링된 데이터뿐만 아니라 라벨링되지 않은 데이터도 최대한 활용하는 피싱 스캠 탐지 방법을 제안한다.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.101-108
• /
• 2022

We propose an intrusion detection model that detects denial-of-service(DoS) and distributed reflection denial-of-service(DRDoS) attacks, based on the empirical data of each internet of things(IoT) device by training system and network metrics that can be commonly collected from various IoT devices. First, we collect 37 system and network metrics from each IoT device considering IoT attack scenarios; further, we train them using six types of machine learning models to identify the most effective machine learning models as well as important metrics in detecting and distinguishing IoT attacks. Our experimental results show that the Random Forest model has the best performance with accuracy of over 96%, followed by the K-Nearest Neighbor model and Decision Tree model. Of the 37 metrics, we identified five types of CPU, memory, and network metrics that best imply the characteristics of the attacks in all the experimental scenarios. Furthermore, we found out that packets with higher transmission speeds than larger size packets represent the characteristics of DoS and DRDoS attacks more clearly in IoT networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.57-66
• /
• 2007

Scanning worms increase network traffic load because they randomly scan network addresses to find hosts that are susceptible to infection. Since propagation speed is faster than human reaction, scanning worms cause severe network congestion. So we need to build an early detection system which can automatically detect and quarantine such attacks. We propose algorithms to detect scanning worms using network traffic characteristics such as variance, variance to mean ratio(VMR) and correlation coefficient. The proposed algorithm have been verified by computer simulation. Compared to existing algorithm, the proposed algorithm not only reduced computational complexity but also improved detection accuracy.