• Title/Summary/Keyword: Anomaly based Intrusion Detection System

Search Result 74, Processing Time 0.024 seconds

A Design of FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) using Naive Bayesian and Data Mining (나이브 베이지안과 데이터 마이닝을 이용한 FHIDS(Fuzzy Logic based Hybrid Intrusion Detection System) 설계)

  • Lee, Byung-Kwan;Jeong, Eun-Hee
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.5 no.3
    • /
    • pp.158-163
    • /
    • 2012
  • This paper proposes an FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) design that detects anomaly and misuse attacks by using a Naive Bayesian algorithm, Data Mining, and Fuzzy Logic. The NB-AAD(Naive Bayesian based Anomaly Attack Detection) technique using a Naive Bayesian algorithm within the FHIDS detects anomaly attacks. The DM-MAD(Data Mining based Misuse Attack Detection) technique using Data Mining within it analyzes the correlation rules among packets and detects new attacks or transformed attacks by generating the new rule-based patterns or by extracting the transformed rule-based patterns. The FLD(Fuzzy Logic based Decision) technique within it judges the attacks by using the result of the NB-AAD and DM-MAD. Therefore, the FHIDS is the hybrid attack detection system that improves a transformed attack detection ratio, and reduces False Positive ratio by making it possible to detect anomaly and misuse attacks.

Normal Behavior Profiling based on Bayesian Network for Anomaly Intrusion Detection (이상 침입 탐지를 위한 베이지안 네트워크 기반의 정상행위 프로파일링)

  • 차병래;박경우;서재현
    • Journal of the Korea Society of Computer and Information
    • /
    • v.8 no.1
    • /
    • pp.103-113
    • /
    • 2003
  • Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles. and detectes anomaly intrusions effectively. Anomaly detections using system calls are detected only anomaly processes. But this has a Problem that doesn't detect affected various Part by anomaly processes. To improve this problem, the relation among system calls of processes is represented by bayesian probability values. Application behavior profiling by Bayesian Network supports anomaly intrusion informations . This paper overcomes the Problems of various intrusion detection models we Propose effective intrusion detection technique using Bayesian Networks. we have profiled concisely normal behaviors using behavior context. And this method be able to detect new intrusions or modificated intrusions we had simulation by proposed normal behavior profiling technique using UNM data.

  • PDF

Design of Security Policy-based Intrusion Detection System Model (보안정책 기반 침입탐지 시스템 모델 설계)

  • Kim, Kang;Jeon, Jong-Sik
    • Journal of the Korea Society of Computer and Information
    • /
    • v.8 no.4
    • /
    • pp.81-86
    • /
    • 2003
  • Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of the use of internet. Therefore, Intrusion Detection System has been an active research area to reduce the risk from intruders. Especially, The paper proposes a new Security Policy-based Intrusion Detection System Model, which consists of several computer with Intrusion Detection System, based on Intrusion Detection System and describes design of the Security Policy-based Intrusion Detection System model and prototype implementation of it. The Security Policy-based Intrusion Detection Systems are distributed and if any of distributed Security Policy- based Intrusion Detection Systems detect anomaly system call among system call sequences generated by a privilege process, the anomaly system call can be dynamically shared with Security Policy-based Intrusion Detection Systems, This makes the Security Policy - based Intrusion Detection Systems improve the ability of countermeasures for new intruders.

  • PDF

Anomaly Intrusion Detection using Fuzzy Membership Function and Neural Networks (퍼지 멤버쉽 함수와 신경망을 이용한 이상 침입 탐지)

  • Cha, Byung-Rae
    • The KIPS Transactions:PartC
    • /
    • v.11C no.5
    • /
    • pp.595-604
    • /
    • 2004
  • By the help of expansion of computer network and rapid growth of Internet, the information infrastructure is now able to provide a wide range of services. Especially open architecture - the inherent nature of Internet - has not only got in the way of offering QoS service, managing networks, but also made the users vulnerable to both the threat of backing and the issue of information leak. Thus, people recognized the importance of both taking active, prompt and real-time action against intrusion threat, and at the same time, analyzing the similar patterns of in-trusion already known. There are now many researches underway on Intrusion Detection System(IDS). The paper carries research on the in-trusion detection system which hired supervised learning algorithm and Fuzzy membership function especially with Neuro-Fuzzy model in order to improve its performance. It modifies tansigmoid transfer function of Neural Networks into fuzzy membership function, so that it can reduce the uncertainty of anomaly intrusion detection. Finally, the fuzzy logic suggested here has been applied to a network-based anomaly intrusion detection system, tested against intrusion data offered by DARPA 2000 Intrusion Data Sets, and proven that it overcomes the shortcomings that Anomaly Intrusion Detection usually has.

Threat Management System for Anomaly Intrusion Detection in Internet Environment (인터넷 환경에서의 비정상행위 공격 탐지를 위한 위협관리 시스템)

  • Kim, Hyo-Nam
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.5 s.43
    • /
    • pp.157-164
    • /
    • 2006
  • The Recently, most of Internet attacks are zero-day types of the unknown attacks by Malware. Using already known Misuse Detection Technology is hard to cope with these attacks. Also, the existing information security technology reached the limits because of various attack's patterns over the Internet, as web based service became more affordable, web service exposed to the internet becomes main target of attack. This paper classifies the traffic type over the internet and suggests the Threat Management System(TMS) including the anomaly intrusion detection technologies which can detect and analyze the anomaly sign for each traffic type.

  • PDF

An Intrusion Detection Method Based on Changes of Antibody Concentration in Immune Response

  • Zhang, Ruirui;Xiao, Xin
    • Journal of Information Processing Systems
    • /
    • v.15 no.1
    • /
    • pp.137-150
    • /
    • 2019
  • Although the research of immune-based anomaly detection technology has made some progress, there are still some defects which have not been solved, such as the loophole problem which leads to low detection rate and high false alarm rate, the exponential relationship between training cost of mature detectors and size of self-antigens. This paper proposed an intrusion detection method based on changes of antibody concentration in immune response to improve and solve existing problems of immune based anomaly detection technology. The method introduces blood relative and blood family to classify antibodies and antigens and simulate correlations between antibodies and antigens. Then, the method establishes dynamic evolution models of antigens and antibodies in intrusion detection. In addition, the method determines concentration changes of antibodies in the immune system drawing the experience of cloud model, and divides the risk levels to guide immune responses. Experimental results show that the method has better detection performance and adaptability than traditional methods.

An Effective Anomaly Detection Approach based on Hybrid Unsupervised Learning Technologies in NIDS

  • Kangseok Kim
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.18 no.2
    • /
    • pp.494-510
    • /
    • 2024
  • Internet users are exposed to sophisticated cyberattacks that intrusion detection systems have difficulty detecting. Therefore, research is increasing on intrusion detection methods that use artificial intelligence technology for detecting novel cyberattacks. Unsupervised learning-based methods are being researched that learn only from normal data and detect abnormal behaviors by finding patterns. This study developed an anomaly-detection method based on unsupervised machines and deep learning for a network intrusion detection system (NIDS). We present a hybrid anomaly detection approach based on unsupervised learning techniques using the autoencoder (AE), Isolation Forest (IF), and Local Outlier Factor (LOF) algorithms. An oversampling approach that increased the detection rate was also examined. A hybrid approach that combined deep learning algorithms and traditional machine learning algorithms was highly effective in setting the thresholds for anomalies without subjective human judgment. It achieved precision and recall rates respectively of 88.2% and 92.8% when combining two AEs, IF, and LOF while using an oversampling approach to learn more unknown normal data improved the detection accuracy. This approach achieved precision and recall rates respectively of 88.2% and 94.6%, further improving the detection accuracy compared with the hybrid method. Therefore, in NIDS the proposed approach provides high reliability for detecting cyberattacks.

Real-time Intrusion-Detection Parallel System for the Prevention of Anomalous Computer Behaviours (비정상적인 컴퓨터 행위 방지를 위한 실시간 침입 탐지 병렬 시스템에 관한 연구)

  • 유은진;전문석
    • Review of KIISC
    • /
    • v.5 no.2
    • /
    • pp.32-48
    • /
    • 1995
  • Our paper describes an Intrusion Detection Parallel System(IDPS) which detects an anomaly activity corresponding to the actions that interaction between near detection events. IDES uses parallel inductive approaches regarding the problem of real-time anomaly behavior detection on rule-based system. This approach uses sequential rule that describes user's behavior and characteristics dependent on time. and that audits user's activities by using rule base as data base to store user's behavior pattern. When user's activity deviates significantly from expected behavior described in rule base. anomaly behaviors are recorded. Observed behavior is flagged as a potential intrusion if it deviates significantly from the expected behavior or if it triggers a rule in the parallel inductive system.

  • PDF

Anomaly-Based Network Intrusion Detection: An Approach Using Ensemble-Based Machine Learning Algorithm

  • Kashif Gul Chachar;Syed Nadeem Ahsan
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.1
    • /
    • pp.107-118
    • /
    • 2024
  • With the seamless growth of the technology, network usage requirements are expanding day by day. The majority of electronic devices are capable of communication, which strongly requires a secure and reliable network. Network-based intrusion detection systems (NIDS) is a new method for preventing and alerting computers and networks from attacks. Machine Learning is an emerging field that provides a variety of ways to implement effective network intrusion detection systems (NIDS). Bagging and Boosting are two ensemble ML techniques, renowned for better performance in the learning and classification process. In this paper, the study provides a detailed literature review of the past work done and proposed a novel ensemble approach to develop a NIDS system based on the voting method using bagging and boosting ensemble techniques. The test results demonstrate that the ensemble of bagging and boosting through voting exhibits the highest classification accuracy of 99.98% and a minimum false positive rate (FPR) on both datasets. Although the model building time is average which can be a tradeoff by processor speed.

Effective Dimensionality Reduction of Payload-Based Anomaly Detection in TMAD Model for HTTP Payload

  • Kakavand, Mohsen;Mustapha, Norwati;Mustapha, Aida;Abdullah, Mohd Taufik
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.8
    • /
    • pp.3884-3910
    • /
    • 2016
  • Intrusion Detection System (IDS) in general considers a big amount of data that are highly redundant and irrelevant. This trait causes slow instruction, assessment procedures, high resource consumption and poor detection rate. Due to their expensive computational requirements during both training and detection, IDSs are mostly ineffective for real-time anomaly detection. This paper proposes a dimensionality reduction technique that is able to enhance the performance of IDSs up to constant time O(1) based on the Principle Component Analysis (PCA). Furthermore, the present study offers a feature selection approach for identifying major components in real time. The PCA algorithm transforms high-dimensional feature vectors into a low-dimensional feature space, which is used to determine the optimum volume of factors. The proposed approach was assessed using HTTP packet payload of ISCX 2012 IDS and DARPA 1999 dataset. The experimental outcome demonstrated that our proposed anomaly detection achieved promising results with 97% detection rate with 1.2% false positive rate for ISCX 2012 dataset and 100% detection rate with 0.06% false positive rate for DARPA 1999 dataset. Our proposed anomaly detection also achieved comparable performance in terms of computational complexity when compared to three state-of-the-art anomaly detection systems.