• Journal of Computing Science and Engineering
• /
• 제5권4호
• /
• pp.305-313
• /
• 2011

Due to the expansion of high-speed Internet access, the need for secure and reliable networks has become more critical. The sophistication of network attacks, as well as their severity, has also increased recently. As such, more and more organizations are becoming vulnerable to attack. The aim of this research is to classify network attacks using neural networks (NN), which leads to a higher detection rate and a lower false alarm rate in a shorter time. This paper focuses on two classification types: a single class (normal, or attack), and a multi class (normal, DoS, PRB, R2L, U2R), where the category of attack is also detected by the NN. Extensive analysis is conducted in order to assess the translation of symbolic data, partitioning of the training data and the complexity of the architecture. This paper investigates two engines; the first engine is the back-propagation neural network intrusion detection system (BPNNIDS) and the second engine is the radial basis function neural network intrusion detection system (BPNNIDS). The two engines proposed in this paper are tested against traditional and other machine learning algorithms using a common dataset: the DARPA 98 KDD99 benchmark dataset from International Knowledge Discovery and Data Mining Tools. BPNNIDS shows a superior response compared to the other techniques reported in literature especially in terms of response time, detection rate and false positive rate.

• Journal of Information Processing Systems
• /
• 제1권1호
• /
• pp.14-21
• /
• 2005

Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2022년도 추계학술대회
• /
• pp.131-132
• /
• 2022

삼차원 라이더 데이터를 기반으로 침입에 대한 분류 및 시나리오를 생성한다. 다양한 실제 침입 사례들을 분석하고 다양화하여 오브젝트를 인식하고 침입에 대한 데이터를 식별, 경계할 수 있는 시스템을 구축하기 위한 연구를 진행하였다. 자동차, 사람, 동물, 자연물 등에 대한 기본 시나리오를 생성하고 이를 반복적으로 테스트하여 시뮬레이션함으로써 침입에 대한 시스템을 구축하고 평가하는데 필요한 분류 체계를 만든다. 최종적으로 구성된 시나리오를 기반으로 차량 및 주변 물체에 대해서 변수를 추가하여 시나리오를 다양화하고, 향후 침입에 대해 정확하고 자동화된 경계 시스템을 구축할 수 있는 기반을 마련한다.

• International Journal of Computer Science & Network Security
• /
• 제23권10호
• /
• pp.89-96
• /
• 2023

Intrusion detection has been widely studied in both industry and academia, but cybersecurity analysts always want more accuracy and global threat analysis to secure their systems in cyberspace. Big data represent the great challenge of intrusion detection systems, making it hard to monitor and analyze this large volume of data using traditional techniques. Recently, deep learning has been emerged as a new approach which enables the use of Big Data with a low training time and high accuracy rate. In this paper, we propose an approach of an IDS based on cloud computing and the integration of big data and deep learning techniques to detect different attacks as early as possible. To demonstrate the efficacy of this system, we implement the proposed system within Microsoft Azure Cloud, as it provides both processing power and storage capabilities, using a convolutional neural network (CNN-IDS) with the distributed computing environment Apache Spark, integrated with Keras Deep Learning Library. We study the performance of the model in two categories of classification (binary and multiclass) using CSE-CIC-IDS2018 dataset. Our system showed a great performance due to the integration of deep learning technique and Apache Spark engine.

• 정보처리학회논문지C
• /
• 제14C권1호
• /
• pp.1-6
• /
• 2007

안전한 네트워크의 운영을 함에 있어 네트워크 침입 탐지에서 오탐지율을 줄이고 정탐지율을 높이는 것은 매우 중요한 일이라 할 수 있다. 최근에 얼굴 인식과 생물학 정보칩 분류 등에서 활발히 적용 연구되는 SVM을 침입탐지에 이용하면 실시간 탐지가 가능하므로 탐지율의 향상을 기대할 수 있다. 그러나 기존의 연구에서는 입력값들을 벡터공간에 나타낸 후 계산된 값을 근거로 분류하므로, 이산형의 데이터는 입력 정보로 사용할 수 없다는 단점을 가지고 있다. 따라서 이 논문에서는 의사결정트리를 SVM에 결합시킨 침입 탐지 모델을 제안하고 이에 대한 성능을 평가한 결과 기존 방식에 비해 침입 탐지율, F-P오류율, F-N오류율에 있어 각각 5.5%, 0.16%, 0.82% 향상이 있음을 보였다.

• 정보처리학회논문지:소프트웨어 및 데이터공학
• /
• 제10권2호
• /
• pp.65-72
• /
• 2021

최근 네트워크 환경에 대한 공격이 급속도로 고도화 및 지능화 되고 있기에, 기존의 시그니처 기반 침입탐지 시스템은 한계점이 명확해지고 있다. 이러한 문제를 해결하기 위해서 기계학습 기반의 침입 탐지 시스템에 대한 연구가 활발히 진행되고 있다. 하지만 기계학습을 침입 탐지에 이용하기 위해서는 두 가지 문제에 직면한다. 첫 번째는 실시간 탐지를 위한 학습과 연관된 중요 특징들을 선별하는 문제이며, 두 번째는 학습에 사용되는 데이터의 불균형 문제로, 기계학습 알고리즘들은 데이터에 의존적이기에 이러한 문제는 치명적이다. 본 논문에서는 위 제시된 문제들을 해결하기 위해서 Hybrid Feature Selection과 Data Balancing을 통한 심층 신경망 기반의 네트워크 침입 탐지 모델인 HFS-DNN을 제안한다. NSL-KDD 데이터 셋을 통해 학습을 진행하였으며, 기존 분류 모델들과 성능 비교를 수행한다. 본 연구에서 제안된 Hybrid Feature Selection 알고리즘이 학습 모델의 성능을 왜곡 시키지 않는 것을 확인하였으며, 불균형을 해소한 학습 모델들간 실험에서 본 논문에서 제안한 학습 모델이 가장 좋은 성능을 보였다.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 2002년도 종합학술발표회논문집
• /
• pp.524-527
• /
• 2002

본 연구에서는 Support Vector Machine(SVM)을 이용한 호스트 기반 침임 탐지 방법을 제안한다. 침입 탐지는 침입과 정상을 판단하는 이진분류 문제이므로 이진분류에 뛰어난 성능을 발휘하는 SVM을 이용하여 침입 탐지 시스템을 구현하였다. 먼저 감사자료를 system call level에서 분석한 후, sliding window기법에 의해 패턴 feature를 추출하고 training set을 구성하였다. 여기에 SVM을 적용하여 decision model을 생성하였고, 이에 대한 판정 테스트 결과 90% 이상의 높은 침입탐지 적중률을 보였다.

• 융합보안논문지
• /
• 제1권1호
• /
• pp.37-45
• /
• 2001

In this paper, separated and optimized pattern database model is proposed. In order to improve efficiency of Network-based IDS, pattern database is classified by proper basis. Classification basis is decided by the specific Intrusions validity on specific target. Using this model, IDS searches only valid patterns in pattern database on each captured packets. In result, IDS can reduce system resources for searching pattern database. So, IDS can analyze more packets on the network. In this paper, proper classification basis is proposed and pattern database classified by that basis is formed. And its performance is verified by experimental results.

• Journal of Communications and Networks
• /
• 제11권6호
• /
• pp.544-555
• /
• 2009

This work continues a trend of developments aimed at exploiting the physical layer of the open systems interconnection (OSI) model to enhance wireless network security. The goal is to augment activity occurring across other OSI layers and provide improved safeguards against unauthorized access. Relative to intrusion detection and anti-spoofing, this paper provides details for a proof-of-concept investigation involving "air monitor" applications where physical equipment constraints are not overly restrictive. In this case, RF fingerprinting is emerging as a viable security measure for providing device-specific identification (manufacturer, model, and/or serial number). RF fingerprint features can be extracted from various regions of collected bursts, the detection of which has been extensively researched. Given reliable burst detection, the near-term challenge is to find robust fingerprint features to improve device distinguishability. This is addressed here using wavelet domain (WD) RF fingerprinting based on dual-tree complex wavelet transform (DT-$\mathbb{C}WT$) features extracted from the non-transient preamble response of OFDM-based 802.11a signals. Intra-manufacturer classification performance is evaluated using four like-model Cisco devices with dissimilar serial numbers. WD fingerprinting effectiveness is demonstrated using Fisher-based multiple discriminant analysis (MDA) with maximum likelihood (ML) classification. The effects of varying channel SNR, burst detection error and dissimilar SNRs for MDA/ML training and classification are considered. Relative to time domain (TD) RF fingerprinting, WD fingerprinting with DT-$\mathbb{C}WT$ features emerged as the superior alternative for all scenarios at SNRs below 20 dB while achieving performance gains of up to 8 dB at 80% classification accuracy.

• Journal of Periodontal and Implant Science
• /
• 제49권2호
• /
• pp.127-135
• /
• 2019

Purpose: The aim of this study was to evaluate the computed tomography (CT) imaging findings and clinical symptoms of patients who complained of neurosensory disturbances after mandibular implant surgery, and to investigate the relationships of these parameters with the prognosis for recovery. Methods: CT scans were reviewed in 56 patients with nerve disturbance after mandibular implant surgery. Two oral radiologists classified the imaging findings into intrusion, contact, close, and separate groups according to the distance from the inferior border of the implant to the roof of the mandibular canal (MC). The symptoms of 56 patients were classified into 8 groups and the frequency of each group was investigated. Patients were categorized according to symptom improvement into no recovery and recovery groups, and the relationships of recovery with the CT classification and specific symptom groups were analyzed. Results: Thirty-eight of the 56 nerve disturbance cases showed improvement. The close and separate groups in the CT classification had a strong tendency for recovery (90.9% and 81.8%, respectively) (P<0.05). Although the lowest recovery rate was found in the intrusion group, it was non-negligible, at 50%. The 6 patients with a worm crawling feeling all improved, while the 8 cases with a tightening sensation showed the lowest recovery rate, at 12.5%, and the symptom of a tightening sensation occurred only in the intrusion and contact groups. Conclusions: The closer the implant fixture was to the MC on CT images, the less likely the patient was to recover. Regarding paresthesia symptoms, while a worm crawling feeling is thought to be a predictor of recovery, a tightening sensation appeared to be associated with a lower recovery rate.