• Journal of the Korea Society of Computer and Information
• /
• v.8 no.1
• /
• pp.103-113
• /
• 2003

Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles. and detectes anomaly intrusions effectively. Anomaly detections using system calls are detected only anomaly processes. But this has a Problem that doesn't detect affected various Part by anomaly processes. To improve this problem, the relation among system calls of processes is represented by bayesian probability values. Application behavior profiling by Bayesian Network supports anomaly intrusion informations . This paper overcomes the Problems of various intrusion detection models we Propose effective intrusion detection technique using Bayesian Networks. we have profiled concisely normal behaviors using behavior context. And this method be able to detect new intrusions or modificated intrusions we had simulation by proposed normal behavior profiling technique using UNM data.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.1173-1192
• /
• 2015

The Support Vector Data Description (SVDD) has achieved great success in anomaly detection, directly finding the optimal ball with a minimal radius and center, which contains most of the target data. The SVDD has some limited classification capability, because the hyper-sphere, even in feature space, can express only a limited region of the target class. This paper presents an anomaly detection algorithm for mitigating the limitations of the conventional SVDD by finding the minimum volume enclosing ellipsoid in the feature space. To evaluate the performance of the proposed approach, we tested it with intrusion detection applications. Experimental results show the prominence of the proposed approach for anomaly detection compared with the standard SVDD.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.37-43
• /
• 2004

Expasion of computer network and rapid growth of Internet have made computer security very important. As one of the ways to deal with security risk, much research has been made on Intrusion Detection System(IDS). The paper, also, addresses the issue of intrusion detection, but especially with Neuro-Fuzzy model. By applying the fuzzy logic which is known to deal with uncertainty to Anomaly Intrusion, it not only overcomes the difficulty of Misuse Intrusion, but also ultimately aims to detect the intrusions yet to be known.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.595-604
• /
• 2004

By the help of expansion of computer network and rapid growth of Internet, the information infrastructure is now able to provide a wide range of services. Especially open architecture - the inherent nature of Internet - has not only got in the way of offering QoS service, managing networks, but also made the users vulnerable to both the threat of backing and the issue of information leak. Thus, people recognized the importance of both taking active, prompt and real-time action against intrusion threat, and at the same time, analyzing the similar patterns of in-trusion already known. There are now many researches underway on Intrusion Detection System(IDS). The paper carries research on the in-trusion detection system which hired supervised learning algorithm and Fuzzy membership function especially with Neuro-Fuzzy model in order to improve its performance. It modifies tansigmoid transfer function of Neural Networks into fuzzy membership function, so that it can reduce the uncertainty of anomaly intrusion detection. Finally, the fuzzy logic suggested here has been applied to a network-based anomaly intrusion detection system, tested against intrusion data offered by DARPA 2000 Intrusion Data Sets, and proven that it overcomes the shortcomings that Anomaly Intrusion Detection usually has.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.14-21
• /
• 2005

Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.5 s.43
• /
• pp.157-164
• /
• 2006

The Recently, most of Internet attacks are zero-day types of the unknown attacks by Malware. Using already known Misuse Detection Technology is hard to cope with these attacks. Also, the existing information security technology reached the limits because of various attack's patterns over the Internet, as web based service became more affordable, web service exposed to the internet becomes main target of attack. This paper classifies the traffic type over the internet and suggests the Threat Management System(TMS) including the anomaly intrusion detection technologies which can detect and analyze the anomaly sign for each traffic type.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.3
• /
• pp.544-551
• /
• 2003

Internet as being generalized, intrusion detection system is needed to protect computer system from intrusions synthetically. We propose a criterion on profiling for intrusion detection system using anomaly detection. We present the cause of false positive on profiling and propose anomaly method to control this. Finally, we propose similarity function to decide whether anomaly action or not for user pattern using pattern database.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.3
• /
• pp.22-29
• /
• 2009

In previous work, anomaly-based intrusion detection techniques have been widely used to effectively detect various intrusions into a computer. This is because the anomaly-based detection techniques can effectively handle previously unknown intrusion methods. However, most of the previous work assumed that the normal network connections are fixed. For this reason, a new network connection may be regarded as an anomalous event. This paper proposes a new anomaly detection method based on an association-mining algorithm. The proposed method is composed of two phases: intra-packet association mining and inter-packet association mining. The performances of the proposed method are comparatively verified with JAM, which is a conventional representative intrusion detection method.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.5 no.3
• /
• pp.158-163
• /
• 2012

This paper proposes an FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) design that detects anomaly and misuse attacks by using a Naive Bayesian algorithm, Data Mining, and Fuzzy Logic. The NB-AAD(Naive Bayesian based Anomaly Attack Detection) technique using a Naive Bayesian algorithm within the FHIDS detects anomaly attacks. The DM-MAD(Data Mining based Misuse Attack Detection) technique using Data Mining within it analyzes the correlation rules among packets and detects new attacks or transformed attacks by generating the new rule-based patterns or by extracting the transformed rule-based patterns. The FLD(Fuzzy Logic based Decision) technique within it judges the attacks by using the result of the NB-AAD and DM-MAD. Therefore, the FHIDS is the hybrid attack detection system that improves a transformed attack detection ratio, and reduces False Positive ratio by making it possible to detect anomaly and misuse attacks.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.207-208
• /
• 2006

Intrusion detection technology is highlighted in order to establish a safe information-oriented environment. Intrusion detection system can be categorized into anomaly detection and misuse detection according to intrusion detection pattern. In this paper, we propose an architecture to make up for the defect of conventional anomaly intrusion detection. This architecture reduces additional resource consumption and cost by placing the agent in the strategic location in Internet.