• 융합보안논문지
• /
• 제1권1호
• /
• pp.37-45
• /
• 2001

In this paper, separated and optimized pattern database model is proposed. In order to improve efficiency of Network-based IDS, pattern database is classified by proper basis. Classification basis is decided by the specific Intrusions validity on specific target. Using this model, IDS searches only valid patterns in pattern database on each captured packets. In result, IDS can reduce system resources for searching pattern database. So, IDS can analyze more packets on the network. In this paper, proper classification basis is proposed and pattern database classified by that basis is formed. And its performance is verified by experimental results.

• Journal of Communications and Networks
• /
• 제11권6호
• /
• pp.544-555
• /
• 2009

This work continues a trend of developments aimed at exploiting the physical layer of the open systems interconnection (OSI) model to enhance wireless network security. The goal is to augment activity occurring across other OSI layers and provide improved safeguards against unauthorized access. Relative to intrusion detection and anti-spoofing, this paper provides details for a proof-of-concept investigation involving "air monitor" applications where physical equipment constraints are not overly restrictive. In this case, RF fingerprinting is emerging as a viable security measure for providing device-specific identification (manufacturer, model, and/or serial number). RF fingerprint features can be extracted from various regions of collected bursts, the detection of which has been extensively researched. Given reliable burst detection, the near-term challenge is to find robust fingerprint features to improve device distinguishability. This is addressed here using wavelet domain (WD) RF fingerprinting based on dual-tree complex wavelet transform (DT-$\mathbb{C}WT$) features extracted from the non-transient preamble response of OFDM-based 802.11a signals. Intra-manufacturer classification performance is evaluated using four like-model Cisco devices with dissimilar serial numbers. WD fingerprinting effectiveness is demonstrated using Fisher-based multiple discriminant analysis (MDA) with maximum likelihood (ML) classification. The effects of varying channel SNR, burst detection error and dissimilar SNRs for MDA/ML training and classification are considered. Relative to time domain (TD) RF fingerprinting, WD fingerprinting with DT-$\mathbb{C}WT$ features emerged as the superior alternative for all scenarios at SNRs below 20 dB while achieving performance gains of up to 8 dB at 80% classification accuracy.

• Journal of Periodontal and Implant Science
• /
• 제49권2호
• /
• pp.127-135
• /
• 2019

Purpose: The aim of this study was to evaluate the computed tomography (CT) imaging findings and clinical symptoms of patients who complained of neurosensory disturbances after mandibular implant surgery, and to investigate the relationships of these parameters with the prognosis for recovery. Methods: CT scans were reviewed in 56 patients with nerve disturbance after mandibular implant surgery. Two oral radiologists classified the imaging findings into intrusion, contact, close, and separate groups according to the distance from the inferior border of the implant to the roof of the mandibular canal (MC). The symptoms of 56 patients were classified into 8 groups and the frequency of each group was investigated. Patients were categorized according to symptom improvement into no recovery and recovery groups, and the relationships of recovery with the CT classification and specific symptom groups were analyzed. Results: Thirty-eight of the 56 nerve disturbance cases showed improvement. The close and separate groups in the CT classification had a strong tendency for recovery (90.9% and 81.8%, respectively) (P<0.05). Although the lowest recovery rate was found in the intrusion group, it was non-negligible, at 50%. The 6 patients with a worm crawling feeling all improved, while the 8 cases with a tightening sensation showed the lowest recovery rate, at 12.5%, and the symptom of a tightening sensation occurred only in the intrusion and contact groups. Conclusions: The closer the implant fixture was to the MC on CT images, the less likely the patient was to recover. Regarding paresthesia symptoms, while a worm crawling feeling is thought to be a predictor of recovery, a tightening sensation appeared to be associated with a lower recovery rate.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권6호
• /
• pp.2895-2921
• /
• 2018

Security has become one of the major concerns in mobile adhoc networks (MANETs). Data and voice communication amongst roaming battlefield entities (such as platoon of soldiers, inter-battlefield tanks and military aircrafts) served by MANETs throw several challenges. It requires complex securing strategy to address threats such as unauthorized network access, man in the middle attacks, denial of service etc., to provide highly reliable communication amongst the nodes. Intrusion Detection and Prevention System (IDPS) undoubtedly is a crucial ingredient to address these threats. IDPS in MANET is managed by Command Control Communication and Intelligence (C3I) system. It consists of networked computers in the tactical battle area that facilitates comprehensive situation awareness by the commanders for timely and optimum decision-making. Key issue in such IDPS mechanism is lack of Smart Learning Engine. We propose a novel behavioral based "Smart Multi-Instance Multi-Label Intrusion Detection and Prevention System (MIML-IDPS)" that follows a distributed and centralized architecture to support a Robust C3I System. This protocol is deployed in a virtually clustered non-uniform network topology with dynamic election of several virtual head nodes acting as a client Intrusion Detection agent connected to a centralized server IDPS located at Command and Control Center. Distributed virtual client nodes serve as the intelligent decision processing unit and centralized IDPS server act as a Smart MIML decision making unit. Simulation and experimental analysis shows the proposed protocol exhibits computational intelligence with counter attacks, efficient memory utilization, classification accuracy and decision convergence in securing C3I System in a Tactical Battlefield environment.

• 한국산학기술학회논문지
• /
• 제12권1호
• /
• pp.459-466
• /
• 2011

이 논문에서는 침입 탐지시스템의 체계적인 경보데이터관리 및 경보데이터 상관관계 분석을 위하여 데이터 마이닝 기법을 적용한 경보 데이터 마이닝 프레임워크를 제안한다. 적용된 마이닝 기법은 속성기반 연관규칙, 속성기반 빈발에피소드, 오경보 분류, 그리고 순서기반 클러스터링이다. 이들 구성요소들은 각각 대량의 경보 데이터들로부터 알려지지 않은 패턴을 탐사하여 공격시나리오를 유추하거나, 공격 순서를 예측하는 것이 가능하며, 데이터의 그룹화를 통해 고수준의 의미를 추출할 수 있게 해준다. 실험 및 평가를 위하여 제안된 경보데이터 마이닝 프레임워크의 프로토타입을 구축하였으며 프레임워크의 기능을 검증하였다. 이 논문에서 제안한 경보 데이터 마이닝 프레임워크는 기존의 경보데이터 상관관계분석에서는 해결하지 못했던 통합적인 경보 상관관계 분석 기능을 수행할 뿐만 아니라 대량의 경보데이터에 대한 필터링을 수행하는 장점을 가진다. 또한 추출된 규칙 및 공격시나리오는 침입탐지시스템의 실시간 대응에 활용될 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권3호
• /
• pp.1348-1375
• /
• 2018

Support Vector Machine (SVM) is a well-known machine learning classification algorithm, which has been widely applied to many data mining problems, with good accuracy. However, SVM classification speed decreases with increase in dataset size. Some applications, like video surveillance and intrusion detection, requires a classifier to be trained very quickly, and on large datasets. Hence, this paper introduces two filter-based instance selection techniques for optimizing SVM training speed. Fast classification is often achieved at the expense of classification accuracy, and some applications, such as phishing and spam email classifiers, are very sensitive to slight drop in classification accuracy. Hence, this paper also introduces two wrapper-based instance selection techniques for improving SVM predictive accuracy and training speed. The wrapper and filter based techniques are inspired by Cuckoo Search Algorithm and Bat Algorithm. The proposed techniques are validated on three popular e-fraud types: credit card fraud, spam email and phishing email. In addition, the proposed techniques are validated on 20 other datasets provided by UCI data repository. Moreover, statistical analysis is performed and experimental results reveals that the filter-based and wrapper-based techniques significantly improved SVM classification speed. Also, results reveal that the wrapper-based techniques improved SVM predictive accuracy in most cases.

• 한국컴퓨터정보학회논문지
• /
• 제12권1호
• /
• pp.127-135
• /
• 2007

인터넷의 광범위한 보급에 따라 컴퓨터를 이용한 불법적인 범죄가 증가하고 있고, 이러한 범죄를 막기 위한 정보보호 기술자체가 국가의 경쟁력이 되어 가고 있다. 본 논문에서는 퍼지 논리를 네트워크 침입탐지시스템에 적용하여 보안 전문가와 유사한 결과를 얻을 수 있는 자동화된 퍼지 논리기반의 침입탐지시스템을 제안한다. 프로토콜의 유사성과 시간적인 연속성을 통한 세션화된 패킷분류방식을 통한 퍼지 규칙을 본 시스템에 적용함으로서 다양하고 다변적인 공격패턴으로부터 신속한 침입 판정을 내릴 수 있다. 또한, 대용량의 네트워크 트래픽을 처리해야하는 현재의 네트워크 환경에서, 퍼지추론을 통한 자동화된 트래픽의 프로토콜별/세션별 분석결과를 보여 줌으로써 보안전문가들의 분석 시간과 비용을 절감할 수 있는 장점을 제공한다.

• International Journal of Computer Science & Network Security
• /
• 제23권7호
• /
• pp.131-140
• /
• 2023

Network security situational awareness systems helps in better managing the security concerns of a network, by monitoring for any anomalies in the network connections and recommending remedial actions upon detecting an attack. An Intrusion Detection System helps in identifying the security concerns of a network, by monitoring for any anomalies in the network connections. We have proposed a CRF based IDS system using genetic search feature selection algorithm for network security situational awareness to detect any anomalies in the network. The conditional random fields being discriminative models are capable of directly modeling the conditional probabilities rather than joint probabilities there by achieving better classification accuracy. The genetic search feature selection algorithm is capable of identifying the optimal subset among the features based on the best population of features associated with the target class. The proposed system, when trained and tested on the bench mark NSL-KDD dataset exhibited higher accuracy in identifying an attack and also classifying the attack category.

• 디지털산업정보학회논문지
• /
• 제6권1호
• /
• pp.1-12
• /
• 2010

Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks,from 0.62 to 0.84 about 35%.

• 디지털산업정보학회논문지
• /
• 제6권2호
• /
• pp.199-207
• /
• 2010

Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks, from 0.62 to 0.84 about 35%.