• Title/Summary/Keyword: IDS(Intrusion Detection System

Search Result 279, Processing Time 0.026 seconds

Security Structure for Protection of Emergency Medical Information System (응급의료정보시스템의 보호를 위한 보안 구조)

  • Shin, Sang Yeol;Yang, Hwan Seok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.8 no.2
    • /
    • pp.59-65
    • /
    • 2012
  • Emergency medical information center performs role of medical direction about disease consult and pre-hospital emergency handling scheme work to people. Emergency medical information system plays a major role to be decreased mortality and disability of emergency patient by providing information of medical institution especially when emergency patient has appeared. But, various attacks as a hacking have been happened in Emergency medical information system recently. In this paper, we proposed security structure which can protect the system securely by detecting attacks from outside effectively. Intrusion detection was performed using rule based detection technique according to protocol for every packet to detect attack and intrusion was reported to control center if intrusion was detected also. Intrusion detection was performed again using decision tree for packet which intrusion detection was not done. We experimented effectiveness using attacks as TCP-SYN, UDP flooding and ICMP flooding for proposed security structure in this paper.

Design of Intrusion Detection System Using the Circuit Patrol to protect against information leakage through Mobile access (모바일 접근에 의한 정보 누출을 막기 위한 Circuit Patrol 침입탐지 시스템 설계)

  • 장덕성
    • Journal of the Korea Society of Computer and Information
    • /
    • v.7 no.2
    • /
    • pp.46-52
    • /
    • 2002
  • Trend of wire internet has been transferred to wireless internet gradually due to the spread of mobile phone which made Possible Mobility and portability which wire internet could not afford. Not only front line of business part can access business information but also people can use government information for their daily life without limit of place. The frequent report of larceny and misuse of information has been issued to social sector that the need for IDS considering wire wireless internet. In this paper to design IDS to protect information first, searched wire internet intrusion type, intrusion detection method, and wireless intrusion type. In this paper, first, separate abnormal access at the point of system landing and detect intrusion attack with disguise through mobile wireless internet. Due to the intruder can access system normally with disguise, Circuit Patrol model has been suggested to monitor from intrusion attack.

  • PDF

An Improved Detection Performance for the Intrusion Detection System based on Windows Kernel (윈도우즈 커널 기반 침입탐지시스템의 탐지 성능 개선)

  • Kim, Eui-Tak;Ryu, Keun Ho
    • Journal of Digital Contents Society
    • /
    • v.19 no.4
    • /
    • pp.711-717
    • /
    • 2018
  • The breakthrough in computer and network has facilitated a variety of information exchange. However, at the same time, malicious users and groups are attacking vulnerable systems. Intrusion Detection System(IDS) detects malicious behaviors through network packet analysis. However, it has a burden of processing a large amount of packets in a short time. Therefore, in order to solve these problem, we propose a network intrusion detection system that operates at kernel level to improve detection performance at user level. In fact, we confirmed that the network intrusion detection system implemented at kernel level improves packet analysis and detection performance.

Performance Comparison of Security System with Various Collaboration Architecture (다양한 연동 구조를 통한 보안 시스템의 성능 비교)

  • 김희완;서희석
    • Journal of the Korea Computer Industry Society
    • /
    • v.5 no.2
    • /
    • pp.235-242
    • /
    • 2004
  • As e-business being rapidly developed the importance of security is on the rise in network. Intrusion detection systems which are a core security system detect the network intrusion trial. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network and the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. Each agent cooperates through the BBA (Black Board Architecture) and CNP (Contract Net Protocol) for detecting intrusions. In this paper, we propose the effective method comparing the blackboard architecture to contract net protocol.

  • PDF

A Study on performance improvement of network security system applying fuzzy logic (퍼지로직을 적용한 네트워크 보안 시스템의 성능향상에 관한 연구)

  • Seo, Hee-Suk
    • Journal of the Korea Society for Simulation
    • /
    • v.17 no.3
    • /
    • pp.9-18
    • /
    • 2008
  • Unlike conventional researches, we are able to i) compare the fuzzy logic based BBA with non-fuzzy BBA for verifying the effective performance of the proposed fuzzy logic application ii) dynamically respond to the intrusion using BBA whereas the previous IDS was responding statically and iii) expect that this would be a cornerstone for more practical application researches (analyzing vulnerability and examining countermeasures, etc.) of security simulation. Several simulation tests performed on the targer network will illustrate our techniques. And this paper applies fuzzy logic to reduce the false negative that is one of the main problems of IDS. Intrusion detection is complicated decision-making process, which generally involves enormous factors about the monitored system. Fuzzy evaluation component model, which is a decision agent in the distributed IDS, can consider various factors based on fuzzy logic when an intrusion behavior is detected. The performance obtained from the coordination of intrusion detection agent with fuzzy logic is compared against the corresponding non fuzzy type intrusion detection agent. The results of these comparisons allow us to evaluate a relevant improvement on the fuzzy logic based BBA.

  • PDF

A Method for Quantifying the Risk of Network Port Scan (네트워크 포트스캔의 위험에 대한 정량화 방법)

  • Park, Seongchul;Kim, Juntae
    • Journal of the Korea Society for Simulation
    • /
    • v.21 no.4
    • /
    • pp.91-102
    • /
    • 2012
  • Network port scan attack is the method for finding ports opening in a local network. Most existing IDSs(intrusion detection system) record the number of packets sent to a system per unit time. If port scan count from a source IP address is higher than certain threshold, it is regarded as a port scan attack. The degree of risk about source IP address performing network port scan attack depends on attack count recorded by IDS. However, the measurement of risk based on the attack count may reduce port scan detection rates due to the increased false negative for slow port scan. This paper proposes a method of summarizing 4 types of information to differentiate network port scan attack more precisely and comprehensively. To integrate the riskiness, we present a risk index that quantifies the risk of port scan attack by using PCA. The proposed detection method using risk index shows superior performance than Snort for the detection of network port scan.

The Study on the Automated Detection Algorithm for Penetration Scenarios using Association Mining Technique (연관마이닝 기법을 이용한 침입 시나리오 자동 탐지 알고리즘 연구)

  • 김창수;황현숙
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.5 no.2
    • /
    • pp.371-384
    • /
    • 2001
  • In these days, it is continuously increased to the intrusion of system in internet environment. The methods of intrusion detection can be largely classified into anomaly detection and misuse detection. The former uses statistical methods, features selection method in order to detect intrusion, the latter uses conditional probability, expert system, state transition analysis, pattern matching. The existing studies for IDS(intrusion detection system) use combined methods. In this paper, we propose a new intrusion detection algorithm combined both state transition analysis and association mining techniques. For the intrusion detection, the first step is generated state table for transmitted commands through the network. This method is similar to the existing state transition analysis. The next step is decided yes or no for intrusion using the association mining technique. According to this processing steps, we present the automated generation algorithm of the penetration scenarios.

  • PDF

Machine Learning Based Intrusion Detection Systems for Class Imbalanced Datasets (클래스 불균형 데이터에 적합한 기계 학습 기반 침입 탐지 시스템)

  • Cheong, Yun-Gyung;Park, Kinam;Kim, Hyunjoo;Kim, Jonghyun;Hyun, Sangwon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.6
    • /
    • pp.1385-1395
    • /
    • 2017
  • This paper aims to develop an IDS (Intrusion Detection System) that takes into account class imbalanced datasets. For this, we first built a set of training data sets from the Kyoto 2006+ dataset in which the amounts of normal data and abnormal (intrusion) data are not balanced. Then, we have run a number of tests to evaluate the effectiveness of machine learning techniques for detecting intrusions. Our evaluation results demonstrated that the Random Forest algorithm achieved the best performances.

(Effective Intrusion Detection Integrating Multiple Measure Models) (다중척도 모델의 결합을 이용한 효과적 인 침입탐지)

  • 한상준;조성배
    • Journal of KIISE:Information Networking
    • /
    • v.30 no.3
    • /
    • pp.397-406
    • /
    • 2003
  • As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, has been raised. In the field of anomaly-based IDS several artificial intelligence techniques such as hidden Markov model (HMM), artificial neural network, statistical techniques and expert systems are used to model network rackets, system call audit data, etc. However, there are undetectable intrusion types for each measure and modeling method because each intrusion type makes anomalies at individual measure. To overcome this drawback of single-measure anomaly detector, this paper proposes a multiple-measure intrusion detection method. We measure normal behavior by systems calls, resource usage and file access events and build up profiles for normal behavior with hidden Markov model, statistical method and rule-base method, which are integrated with a rule-based approach. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.

Simulation of Detecting the Distributed Denial of Service by Multi-Agent

  • Seo, Hee-Suk;Lee, Young-Won
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2001.10a
    • /
    • pp.59.1-59
    • /
    • 2001
  • The attackers on Internet-connected systems we are seeing today are more serious and more technically complex than those in the past. Computer security incidents are different from many other types of crimes because detection is unusually difficult. So, network security managers need a IDS and Firewall. IDS (Intrusion Detection System) monitors system activities to identify unauthorized use, misuse or abuse of computer and network system. It accomplishes these by collecting information from a variety of systems and network resources and then analyzing the information for symptoms of security problems. A Firewall is a way to restrict access between the Internet and internal network. Usually, the input ...

  • PDF