• Journal of Digital Contents Society
• /
• v.19 no.4
• /
• pp.711-717
• /
• 2018

The breakthrough in computer and network has facilitated a variety of information exchange. However, at the same time, malicious users and groups are attacking vulnerable systems. Intrusion Detection System(IDS) detects malicious behaviors through network packet analysis. However, it has a burden of processing a large amount of packets in a short time. Therefore, in order to solve these problem, we propose a network intrusion detection system that operates at kernel level to improve detection performance at user level. In fact, we confirmed that the network intrusion detection system implemented at kernel level improves packet analysis and detection performance.

• Journal of the Korea Society for Simulation
• /
• v.17 no.2
• /
• pp.83-90
• /
• 2008

We introduce the coordination among the intrusion detection agents by BBA(BlackBoard Architecture) that belongs to the field of distributed artificial intelligence. The system which uses BBA for the coordination can be easily expanded by adding new agents and increasing the number of BB(BlackBoard) levels. Several simulation tests performed on the targer network will illustrate our techniques. And this paper applies PBN(Policy-Based Network) to reduce the false positives that is one of the main problems of IDS. The performance obtained from the coordination of intrusion detection agent with PBN is compared against the corresponding non PBN type intrusion detection agent. The application of the research results lies in the experimentation of the various security policies according to the network types in selecting the best security policy that is most suitable for a given network.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1159-1162
• /
• 2002

네트워크 기반의 IDS(Intrusion Detection System)가 개발된 이후 네트워크 패킷 정보를 분석하여 침입을 탐지하는 방법들이 연구되고 있다. 그러나 네트워크의 규모가 커지면서 NIDS 에서 발생하는 이벤트의 양이 증가하고 거짓 이벤트의 양도 따라 증가함으로써 이를 분석하는데 어려움이 있다. 본 논문은 많은 이벤트로부터 보다 위험성 있는 공격을 탐지하는 방법을 제시하고, 이를 현재 사용되고 있는 NIDS인 snort에 확장시켜 구현 하였다. 본 시스템은 침입자의 의도파악을 위하여 스캔과 같은 기본적인 이벤트를 관리한다. 또한 새로운 취약점에 대한 공격에 우선순위를 두어 오래된 공격방법보다 최근의 공격방법에 더 높은 우선순위를 부여한다. 전체 request 에서 공격이라 판단되는 request의 비율로써 사용자가 공격의도가 있는지를 파악한다.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.127-135
• /
• 2007

As the Internet is used widely, criminal offense that use computer is increasing, and an information security technology to remove this crime is becoming competitive power of the country. In this paper, we suggest network-based intrusion detection system that use fuzzy expert system. This system can decide quick intrusion decision from attack pattern applying fuzzy rule through the packet classification method that is done similarity of protocol and fixed time interval. Proposed system uses fuzzy logic to detect attack from network traffic, and gets analysis result that is automated through fuzzy reasoning. In present network environment that must handle mass traffic, this system can reduce time and expense of security

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.105-117
• /
• 2001

As we live in the 21st century, so called the "Information Age", network has become a basic establishment. However, we have found the different face that it also has been used as a tool of a unauthorized outflow and destruction of information. In recent years, beginner could easily get a hacking and weakness reference tools from internet. The menace of the situation has increased; the intellectual diverse offensive technique has become increasingly dangerous. The purpose of the thesis is to detect a abnormal packet for networking offense. In order to detect the packet, it gathers the packets and create inspection information that tells abnormality by using probability of special quality, then decision of intrusion is made by using a neural network.l network.

• Journal of Industrial Technology
• /
• v.25 no.B
• /
• pp.211-220
• /
• 2005

The wireless sensor network consists of a number of sensor nodes which have physical constraints. Each sensor node senses surrounding environments and sends the sensed information to Sink. The inherent vulnerability in security of the sensor nodes has promoted the needs for the lightweight security protocol. In this paper, we propose a non-hierarchical sensor network and a security protocol that is suitable for monitoring the man-made objects such as bridges. Furthermore, we present the efficient way of setting the routing path by storing IDs, MAC(message authentication code) and the location information of the nodes, and taking advantage of the two node states, Sleep and Awake. This also will result in the reduced energy consuming rate.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.37-43
• /
• 2004

Expasion of computer network and rapid growth of Internet have made computer security very important. As one of the ways to deal with security risk, much research has been made on Intrusion Detection System(IDS). The paper, also, addresses the issue of intrusion detection, but especially with Neuro-Fuzzy model. By applying the fuzzy logic which is known to deal with uncertainty to Anomaly Intrusion, it not only overcomes the difficulty of Misuse Intrusion, but also ultimately aims to detect the intrusions yet to be known.

• Journal of Internet Computing and Services
• /
• v.10 no.3
• /
• pp.51-60
• /
• 2009

This paper proposes a reliable 2-mode authentication framework for probabilistic key pre-distribution in Wireless Sensor Network (WSN) that guarantees the safe defense against different kinds of attacks: Hello flood attacks, Wormhole attacks, Sinkhole attack, location deployment attacks, and Man in the middle attack. The mechanism storing the trust neighbor IDs reduces the dependence on the cluster head and as the result; it saves the power energy for the authentication process as well as provides peer-to-peer communication.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2006.05a
• /
• pp.283-286
• /
• 2006

안전한 네트워크를 운영하기 위해, 네트워크 침입 탐지에서 오탐지율은 줄이고 정탐지율을 높이는 것은 매우 중요한 일이다. 최근 얼굴 인식, 생물학 정보칩 분류 등에서 활발히 적용 연구되는 SVM을 침입탐지에 이용하면 실시간 탐지가 가능하므로 탐지율의 향상을 기대할 수 있다. 그러나 입력 값들을 벡터공간에 나타낸 후 계산된 값을 근거로 분류하므로, SVM만으로는 이산형의 데이터는 입력 정보로 사용할 수 없다는 단점을 가지고 있다. 따라서 이 논문에서는 데이터마이닝의 의사결정트리를 SVM에 결합시킨 침입 탐지 모델을 제안하고 이에 대한 성능을 평가한 결과 기존 방식에 비해 침입 탐지율, F-P오류율, F-N오류율에 있어 각각 5.6%, 0.16%, 0.82% 향상이 있음을 보였다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.43-47
• /
• 2001

본 논문은 신경망 이론중 하나인 Adaptive Resonance Theory(ART)을 사용하여 네트워크 상의 불법적인 침입을 탐지하는 기법에 대한 연구이다. ART는 비교사 학습을 하는 신경망으로써, 적응적인 학습능력이 있으며, 또 새로운 패턴에 대해서 새로운 클러스터를 생산하는 능력이 있다. ART의 이러한 특성을 이용하여, 여러 가지 침입패턴을 네트워크상에서 생산하여 학습을 시키고, 또 test 했으며, test 이후에도 on-line 상에서 새로운 공격 pattern도 찾아냄을 보였다. 따라서, 이미 알려진 침입뿐만 아니라 새롭게 발생하는 침입 기법에 대해서도 새로운 rule의 첨가 없이 적극적으로 대처할 수 있을 것으로 예측된다.