• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.6
• /
• pp.1294-1301
• /
• 2005

In this paper, we investigate the problems of existing solutions for intrusion detection and propose an agent network based on stationary and mobile agents on agent system to solve them. The proposed agent network can detect intrusions, collect their information and execute active responses against intruders by introducing various stationary and mobile agents. It will show a new approach of active responses against more intelligent and distributed intrusions.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10c
• /
• pp.111-113
• /
• 1998

최근의 업무 환경은 네트워크를 이용한 다자간의 통신을 바탕으로 하고 있다. 조직의 주요한 정보 자산들은 다양한 내부 통제(Internal Control)와 각종 보안 시스템을 통해 보호 받고 있으며, 이들에 대한 침입(Intrusion)을 탐지해내고 자산을 보호할 수 있는 방안에 대한 계속적인 연구가 이루어지고 있다. 이러한 침입 탐지(Intrusion Detection)를 위한 소프트웨어 기술의 한 방안으로써 Agent에 대한 논의가 이루어지고 있으나, 이들 Agent간의 통신과 시스템 전체적인 측면에서의 조율(Coordinate) 및 관리에 대한 연구 성과는 아직 까지는 미약하다고 할 수 있다. 따라서 본 연구에서는 이러한 Intrusion Detection Agent들간의 조율을 담당할 수 있는 구조(Architecture)로서 Blackboard 시스템을 제안하며, 소규모 프로그램을 작성하여 침입 시나리오에 대한 탐지 과정의 시뮬레이션을 통해 본 모델을 평가해보도록 한다.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.69-75
• /
• 2012

MANET(Mobile Ad-hoc Network) is target of many attacks because of dynamic topology and hop-by-hop data transmission method. In MANET, location setting of intrusion detection system is difficult and attack detection using information collected locally is more difficult. The amount of traffic grow, intrusion detection performance will be decreased. In this paper, MANET is composed of zone form and we used random projection technique which reduces dimension without loss of information in order to perform stable intrusion detection in even massive traffic. Global detection node is used to detect attacks which are difficult to detect using only local information. In the global detection node, attack detection is performed using received information from IDS agent and pattern of nodes. k-NN and ZBIDS were experimented to evaluate performance of the proposed technique in this paper. The superiority of performance was confirmed through the experience.

• Journal of KIISE:Software and Applications
• /
• v.28 no.10
• /
• pp.732-742
• /
• 2001

The concept of an agent has become important in computer science and has been applied to the number of application domains such electronic commerce and information retrieval. But, no one has proposed yet in software test. The test agent system applied the concept of an agent to software test is new test tool. It consists of the User Interface Agent. the Test Case Selection & Testing Agent and the Regression Test Agent. Each of these agents, with their intelligent rules, carry out the tests autonomously by empolying the object-oriented test processes. This system has 2 advantages. Firstly since the tests are carried our autonomously, it minimizes tester interference and secondly, since redundant-free and consistent effective test cases are intellectually selected, the testing time is reduced while the fault detection effectiveness improves. In this paper, by actually showing the testing process being carried out autonomously by the 3 agents that form the TAS, we show that the TAS minimizes tester interference. By also carrying out the 4 different types of experiments on the RE-Rule, CTS-Rule, overall TAS experiment, and the fault-detection effectiveness experiment on the RE-Rule, we show the cut-down on the testing time and improvement in the fault detection effectivity.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.59-70
• /
• 2013

Along with the rapid development of the wireless network (Wireless Network) technology for secure wireless communications, security problems have emerged as an important issue. In order to operate the wireless network intrusion detection system detects the agent installed on each wireless node should be. Ad-hoc network structures scattered in the AP over a wireless network without the node is a structure that makes it possible to communicate to connect. Intrusion detection agent to be installed on the node, and the corresponding energy consumption occurs when the survival time is reduced. On a node that can monitor a lot of traffic in order to increase the effect of intrusion detection, an intrusion detection agent should be placed. Therefore, in this paper, by taking advantage of the structure of Ad-hoc wireless network, considering the maximum living time of the network, while at the same time, the effectiveness of intrusion detection and intrusion detection by proposing a plan for installing the agent. Also improve the system performance by reducing the network load on each network, a system designed for data aggregation to reduce data redundancy, network energy consumption by reducing.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.8
• /
• pp.781-790
• /
• 2004

This paper describes intrusion detection rule mangement using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed appraoch, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2(Network Simulator) with respect to time.

• Journal of Internet Computing and Services
• /
• v.2 no.4
• /
• pp.41-53
• /
• 2001

Multi-distributed web cluster model built for high availability E-Business model exposes internal system nodes on its structural characteristics and has a potential that normal job performance is impossible due to the intentional prevention and attack by an illegal third party. Therefore, the security system which protects the structured system nodes and can correspond to the outflow of information from illegal users and unfair service requirements effectively is needed. Therefore the suggested distributed invasion detection system is the technology which detects the illegal requirement or resource access of system node distributed on open network through organic control between SC-Agents based on the shared memory of SC-Server. Distributed invasion detection system performs the examination of job requirement packet using Detection Agent primarily for detecting illegal invasion, observes the job process through monitoring agent when job is progressed and then judges the invasion through close cooperative works with other system nodes when there is access or demand of resource not permitted.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.8
• /
• pp.1346-1351
• /
• 2002

It is very complex to construct Intrusion Detection System in distributed network environment than simple ones. Especially, In the collecting and analysis of logdata from out different operating system break out much problem. So In this paper, We present a Intrusion Detection System model applying agent teaming system to solve these problem. We apply the data Mining algorithm for agent learning.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.5
• /
• pp.1332-1341
• /
• 1999

Rapid expansion of network and increment of computer system access cause computer security to be an important issue. Hence, the researches in intrusion detection system(IDS)are active to reduce the risk from hackers. Considering IDS, we propose a new IDS model(DABIDS : Distributed Agent Based Intelligent intrusion Detection System) based on distributed intrusion detecting agents. The DABIDS dynamically collects intrusion behavior knowledge from each agents when some doubtable behaviors of users are detected and make new agents codes using intrusion scenario data base, and broadcast the detector codes to the distributed intrusion detecting agent of all node. This DABIDS can efficiently solve the problem to reduce the overhead for training detecting agent for intrusion behavior patterns.

• Journal of Korean Society of Transportation
• /
• v.36 no.1
• /
• pp.51-65
• /
• 2018

Intentional aggressive driving (IAD) is defined as a hazardous driving event that the aggressive driver intentionally threatens neighbor drivers with abrupt longitudinal and lateral maneuvering. This study developed a methodology for detecting IAD events based on the analysis of interactions between aggressive driver and normal driver. Three major aggressive events including rear-close following, side-close driving, and sudden deceleration were analyzed to develop the algorithm. Then, driving simulation experiments were conducted using a multi-agent driving simulator to obtain data to be used for the development of the detection algorithm. In order to detect the driver's intention to attack, a relative evaluation index (Erratic Driving Index, EDI) reflecting the driving pattern was derived. The derived IAD event detection algorithm utilizes both the existing absolute detection method and the relative detection method. It is expected that the proposed methodology can be effectively used for detecting IAD events in support of in-vehicle data recorder technology in practice.