• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.448-450
• /
• 2002

현재의 보안활동은 침입방지, 침입탐지 및 패치 제공과 같은 수동적인 보안이 주로 수행된다. 그러나 소프트웨어에서 취약성이 존재하지 않는다는 것을 증명하는 것은 불가능한 일이다. 침입감내 시스템은 수동적인 보안이 아닌 적극적인 보안의 개념으로 침입이 발생하더라도 시스템이 제공하는 서비스를 지속적으로 제공하는 것을 목표로 하고 무결성과 가용성을 강조하는 개념이다. 본 논문에서는 현재 진행 중인 침입감내 시스템에 대한 프로젝트에 대해 알아보고 침입감내 시스템에 대해 계층기반과 복제기반으로 분류를 수행한다. 그리고 계층기반과 복제기반은 프로그램과 데이터의 관점에서 나누어 분류하고 각 4가지 분류에서 고려해야할 기술적 기능적 특징을 알아본다.

• Journal of Convergence for Information Technology
• /
• v.9 no.3
• /
• pp.134-139
• /
• 2019

As the development of modern society progresses rapidly, the technologies of society as a whole are progressing and becoming more advanced. Especially in the field of security, more sophisticated and intelligent attacks are being created. Meanwhile, damaging situations are becoming several times larger than before Therefore, it is necessary to re-classify and enhance the existing classification system. It is required to minimize the intrusion damage by actively responding to intelligent intrusions by applying this classification scheme to currently operating intrusion detection systems. In this paper, we analyze the intrusion type caused by intelligent attack We propose a new classification scheme for intrusion situations to guarantee the service safety, reliability, and availability of the target system, We use this classification model to lay the foundations for the design and implementation of a smart intrusion cognitive system capable of early detection of intrusion, the damages caused by intrusion, and more collections active response.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2002.11a
• /
• pp.59-65
• /
• 2002

Recently, lots of researchers work focused on the intrusion detection system. Pattern matching technique is commonly used to detect the intrusion in the system, However, the method requires a lot of time to match between systems rule and inputted packet data. This paper proposes a new intrusion detection system based on the pattern matching technique. Proposed system reduces the required time for pattern matching by using classified system rule. The classified rule is implemented with a general tree for efficient pattern matching. Thereby, proposed system could perform network intrusion detection efficiently.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2002.11a
• /
• pp.59-65
• /
• 2002

Recently, lots of researchers work focused on the intrusion detection system. Pattern matching technique is commonly used to detect the intrusion in the system, However, the method requires a lot of time to match between systems rule and inputted packet data. This paper proposes a new intrusion detection system based on the pattern matching technique. Proposed system reduces the required time for pattern matching by using classified system rule. The classified rule is implemented with a general tree for efficient pattern matching. Thereby, proposed system could perform network intrusion detection efficiently.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.27-32
• /
• 2005

Recently there has been much interest in applying data mining to computer network intrusion detection. A new approach, based on the k-Nearest Neighbour(kNN) classifier, is used to classify Program behaviour as normal or intrusive. Each system call is treated as a word and the collection of system calls over each program execution as a document. These documents are then classified using kNN classifier, a Popular method in text mining. A simple example illustrates the proposed procedure.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.524-527
• /
• 2002

본 연구에서는 Support Vector Machine(SVM)을 이용한 호스트 기반 침임 탐지 방법을 제안한다. 침입 탐지는 침입과 정상을 판단하는 이진분류 문제이므로 이진분류에 뛰어난 성능을 발휘하는 SVM을 이용하여 침입 탐지 시스템을 구현하였다. 먼저 감사자료를 system call level에서 분석한 후, sliding window기법에 의해 패턴 feature를 추출하고 training set을 구성하였다. 여기에 SVM을 적용하여 decision model을 생성하였고, 이에 대한 판정 테스트 결과 90% 이상의 높은 침입탐지 적중률을 보였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.1
• /
• pp.40-44
• /
• 2005

Applying artificial intelligence, machine learning and data mining techniques to intrusion detection system are increasing. But most of researches are focused on improving the performance of classifier. These classifiers are performed by batch way and it is not proper method for realtime intrusion detection system. We propose an incremental feature extraction and classification technique for realtime intrusion detection system. Applying proposed system to KDD CUP 99 data, experimental result shows that it has similar capability compared to batch way intrusion detection system.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.1
• /
• pp.249-256
• /
• 2024

Machine learning-based intrusion detection methodologies require a large amount of uniform learning data for each class to be classified, and have the problem of having to retrain the entire system when adding an attack type to be detected or classified. In this paper, we use feature learning and hierarchical classification methods to solve classification problems and data imbalance problems using relatively little training data, and propose an intrusion detection methodology that makes it easy to add new attack types. The feasibility of the proposed system was verified through experiments using KDD IDS data..

• Journal of Digital Convergence
• /
• v.16 no.5
• /
• pp.399-406
• /
• 2018

Much research has been done using the KDDCup99 data set to study intrusion detection using artificial intelligence. Previous studies have shown that the performance of the SMO (SVM) algorithm is superior. However, intrusion detection studies of new intrusion types not used in training are insufficient. In this paper, a model was created using the instances of weka's SMO and KDDCup99 training data set, kddcup.data.gz. We tested existing instances(292,300) of the corrected.gz file and new intrusions(18,729). In general, intrusion labels not used in training are not tested, so new intrusion labels were changed to normal. Of the 18,729 new intrusions, 1,827 were classified as intrusions. 1,827 instances classified as new intrusions are buffer_overflow. Three, neptune. 392, portsweep. 164, ipsweep. 9, back. 511, imap. 1, satan. Dogs, 645, nmap. 102.

• Information and Communications Magazine
• /
• v.16 no.11
• /
• pp.46-63
• /
• 1999

컴퓨터망의 확대 및 컴퓨터 이용의 급격한 증가에 따른 부작용으로 컴퓨터 보안 문제가 중요하게 대두되고 있다. 이에 따라 침입자들로부터 침입을 줄이기 위한 침입탐지시스템에 대한 요구가 증가되고 있다. 이에 본 논문에서는 침입탐지시스템의 기술적 구성요소 및 일반적인 요구사항과 침입탐지시스템의 분류방법, 그리고 대표적인 침입탐지기술에 대하여 살펴보고, 현재 국외에서 개발된 침입탐지시스템들을 데이터소스와 침입모델을 기반으로 분석하며, 국외 침입탐지시스템 현황과 국내 정보보호 산업에서 침입탐지시스템의 위상을 살펴본 후, 침입탐지시스템에 대한 연구 필요성에 대해 논한다.