• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2257-2260
• /
• 2003

기존의 네트워크 기반의 IDS 는 쉘코드를 단순 매칭 함으로써 침입여부를 판별한다 이러한 방식은 알려진 공격에 대해서만 탐지할 수 있으며, 다형 쉘코드 및 IDS 우회 방법을 사용할 경우 탐지하지 못하는 문제점을 가진다. 따라서 본 논문에서는 Hidden Markov Model을 이용하여 자동화되고 효율적인 패킷 내용 기반의 침입 탐지기법을 제안한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10c
• /
• pp.43-45
• /
• 2004

사이버침입을 수행하고 이에 따른 네트워크의 행동변화를 시뮬레이션 하기 위해서는 실제 네트워크 구조를 반영하는 네트워크를 모델링한 후 각 서브시스템의 특성을 네트워크 모델에 반영하여야 한다. 본 논문에서는 프로세스 기반 사건 중심 시뮬레이션 시스템인 SSFNet을 기반으로 사이버 침입 시뮬레이션에서 핵심 요소인 침입 탐지 시스템(IDS)을 구현하였다. 구현된 IDS는 룰 기반 오용 행위 탐지 방식의 네트워크 침입탐지 시스템이며, 다양한 시뮬레이션을 통해 구현된 모들의 성능 및 실세계 반영 모습을 제시하였다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.471-480
• /
• 2016

Recently, the damage of cyber attack toward infra-system, national defence and security system is gradually increasing. In this situation, military recognizes the importance of cyber warfare, and they establish a cyber system in preparation, regardless of the existence of threaten. Thus, the study of Intrusion Detection System(IDS) that plays an important role in network defence system is required. IDS is divided into misuse and anomaly detection methods. Recent studies attempt to combine those two methods to maximize advantagesand to minimize disadvantages both of misuse and anomaly. The combination is called Hybrid IDS. Previous studies would not be inappropriate for near real-time network environments because they have computational complexity problems. It leads to the need of the study considering the structure of IDS that have high detection rate and low computational cost. In this paper, we proposed a Hybrid IDS which combines C4.5 decision tree(misuse detection method) and Weighted K-means algorithm (anomaly detection method) hierarchically. It can detect malicious network packets effectively with low complexity by applying mutual information and genetic algorithm based efficient feature selection technique. Also we construct upgraded the the hierarchical structure of IDS reusing feature weights in anomaly detection section. It is validated that proposed Hybrid IDS ensures high detection accuracy (98.68%) and performance at experiment section.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.10
• /
• pp.2171-2180
• /
• 2011

Security is a significant concern for many sensor network applications. Intrusion detection is one method of defending against attacks. However, standard intrusion detection techniques are not suitable for sensor networks with limited resources. In this paper, propose a new method for selecting and managing the detect nodes in IDS(intrusion detection system) for anomaly detection in sensor networks and the node scheduling technique for maximizing the IDS's lifetime. Using the genetic algorithm, developed the solutions for suggested optimization equation and verify the effectiveness of proposed methods by simulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1313-1322
• /
• 2016

Recently, many virus and hacking attacks on public organizations and financial institutions by internet are becoming increasingly intelligent and sophisticated. The Advanced Persistent Threat has been considered as an important cyber risk. This attack is basically accomplished by spreading malicious codes through complex networks. To detect and extract PE files in smart manufacturing industry networks, an efficient processing method which is performed before analysis procedure on malicious codes is proposed. We implement a preprocessor of open intrusion detection system Snort for fast extraction of PE files and install on a hardware sensor equipment. As a result of practical experiment, we verify that the network sensor can extract the PE files which are often suspected as a malware.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.6
• /
• pp.9-17
• /
• 2021

In this paper, we propose a reversely using the "Man In The Middle Attack" attack technique as a way to introduce network security without changing the physical structure and configuration of the existing network, a Virtual Network Overlay is formed with only a single Ethernet Interface. Implementing In-line mode to protect the network from external attacks, we propose an integrated control method through a micro network security sensor and cloud service. As a result of the experiment, it was possible to implement a logical In-line mode by forming a Virtual Network Overlay with only a single Ethernet Interface, and to implement Network IDS/IPS, Anti-Virus, Network Access Control, Firewall, etc.,. It was possible to perform integrated monitor and control in the service. The proposed system in this paper is helpful for small and medium-sized enterprises that expect high-performance network security at low cost, and can provide a network security environment with safety and reliability in the field of IoT and embedded systems.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.727-730
• /
• 2011

본 논문에서는 무선 센서네트워크 환경에 적용할 수 있는 외부 노드의 침입을 탐지하는 방법을 제안하였다. 센서노드의 무선통신을 지원하는 네트워크 장치에 고유하게 부여된 MAC 주소를 이용하여 외부로부터의 허락되지 않는 노드의 네트워크 내부로의 침입을 감지하는 방안을 제안하였다. 실제 센서노드를 이용한 침입탐지 시스템을 개발, 실험을 통하여 효율성을 확인하였다.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2008.10a
• /
• pp.514-518
• /
• 2008

인터넷의 보급에 따라 네트워크를 통한 공격에 피해가 급증하고 있다. 이러한 네트워크 침해를 막기위해 여러 연구자들은 침입탐지 시스템(IDS)을 제안하였으나, 시스템의 탐지율에만 초점을 맞추고 있기 때문에 실시간(Realtime)으로 동작하지 못하고 있다. 실시간 IDS를 위하여 최근 다양한 특징선택(Feature selection)들이 제안되고 있다. 본1) 논문에서는 특징들을 중요도의 순위를 정하는 새로운 랭킹 방법과 이 방법에 따라서 특징을 선택하는 특징 선택 알고리즘을 제안한다. 또한 제안된 알고리즘을 통하여 선택된 특징을 사용할 경우 탐지결과가 우수함을 실험으로 보여주고 있다.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.291-295
• /
• 2004

Recently, distributing information on the Internet is common in our daily li(e. Also, data exchange on Internet has rapidly changed the way we connect with other people. But current firewall and IDS(Intrusion Detection System) of the network level suffers from many vulnerabilities in internal computing informations and resources. In this paper, we analyzes Traceback System that based on active network and design of Traceback System that based on active network for efficiently traceback.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.391-395
• /
• 2002

Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of use of computers. A attach of intruders using a vulnerability of operating system, protocol and application programs. And so, The attack methods is to be high technology and professional. Thus It must be necessity that we necessary a solution to structure, management for framework of information technology. This paper develope intrusion detecting system for separating intruders form critical system and design IDS model and implementation of it.