• Journal of the Korea Society of Computer and Information
• /
• v.24 no.5
• /
• pp.149-156
• /
• 2019

The existing subtract image based intrusion detection system for CCTV digital images has a problem that it can not distinguish intruders from moving backgrounds that exist in the natural environment. In this paper, we tried to solve the problems of existing system by designing real - time intrusion detection system for CCTV digital image by combining subtract image based intrusion detection method and background learning artificial neural network technology. Our proposed system consists of three steps: subtract image based intrusion detection, background artificial neural network learning stage, and background artificial neural network evaluation stage. The final intrusion detection result is a combination of result of the subtract image based intrusion detection and the final intrusion detection result of the background artificial neural network. The step of subtract image based intrusion detection is a step of determining the occurrence of intrusion by obtaining a difference image between the background cumulative average image and the current frame image. In the background artificial neural network learning, the background is learned in a situation in which no intrusion occurs, and it is learned by dividing into a detection window unit set by the user. In the background artificial neural network evaluation, the learned background artificial neural network is used to produce background recognition or intrusion detection in the detection window unit. The proposed background learning intrusion detection system is able to detect intrusion more precisely than existing subtract image based intrusion detection system and adaptively execute machine learning on the background so that it can be operated as highly practical intrusion detection system.

• Smart Media Journal
• /
• v.8 no.3
• /
• pp.17-22
• /
• 2019

Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires considerable knowledge of various fields. Attackers may modify previous attempts to escape intrusion detection rules. In this paper, we deal with the problem of detecting modified attacks based on previous intrusion detection rules. We show a simple method of reporting approximate occurrences of at least one of the network intrusion detection rules, based on q-grams and the longest increasing subsequences. Experimental results showed that our approach could detect modified attacks, modeled with edit operations.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.1
• /
• pp.81-87
• /
• 2012

Intrusion Detection System that protects system safely is necessary as network technology is developed rapidly and application division is wide. Intrusion Detection System among others can construct system without participation of other severs. But it has weakness that big load in system happens and it has low efficient because every traffics are inspected in case that mass traffic happen. In this study, Distributed Intrusion Detection System based on protocol is proposed to reduce traffic of intrusion detection system and provide stabilized intrusion detection technique even though mass traffic happen. It also copes to attack actively by providing automatic update of using rules to detect intrusion in sub Intrusion Detection System.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.9-13
• /
• 2005

Computer security has become a critical issue with the rapid development of business and other transaction systems over the Internet. The application of artificial intelligence, machine learning and data mining techniques to intrusion detection systems has been increasing recently. But most research is focused on improving the classification performance of a classifier. Selecting important features from input data leads to simplification of the problem, and faster and more accurate detection rates. Thus selecting important features is an important issue in intrusion detection. Another issue in intrusion detection is that most of the intrusion detection systems are performed by off-line and it is not a suitable method for a real-time intrusion detection system. In this paper, we develop the real-time intrusion detection system, which combines an on-line feature extraction method with the Least Squares Support Vector Machine classifier. Applying the proposed system to KDD CUP 99 data, experimental results show that it has a remarkable feature extraction and classification performance compared to existing off-line intrusion detection systems.

• The Journal of Information Systems
• /
• v.15 no.4
• /
• pp.211-224
• /
• 2006

This study investigates the application of data mining techniques such as artificial neural networks, rough sets, and induction teaming to the intrusion detection systems. To maximize the effectiveness of data mining for intrusion detection systems, we introduced the asymmetric costs with false positive errors and false negative errors. And we present a method for intrusion detection systems to utilize the asymmetric costs of errors in data mining. The results of our empirical experiment show our intrusion detection model provides high accuracy in intrusion detection. In addition the approach using the asymmetric costs of errors in rough sets and neural networks is effective according to the change of threshold value. We found the threshold has most important role of intrusion detection model for decreasing the costs, which result from false negative errors.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.1
• /
• pp.138-140
• /
• 2020

As the IoT is applied to home and industrial networks, data generated by the IoT is being processed at the cloud edge. Intrusion detection function is very important because it can be operated by invading IoT devices through the cloud edge. Data delivered to the edge network in the cloud environment is traffic at the application layer. In order to determine the intrusion of the packet transmitted to the IoT, the intrusion should be detected at the application layer. This paper proposes the intrusion detection function at the application layer excluding normal traffic from IoT intrusion detection function. As the proposed method, we obtained the intrusion detection result by decision tree method and explained the detection result for each feature.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.42-49
• /
• 2021

As cyber attacks become more intelligent, there is difficulty in detecting advanced attacks in various fields such as industry, defense, and medical care. IPS (Intrusion Prevention System), etc., but the need for centralized integrated management of each security system is increasing. In this paper, we collect big data for intrusion detection and build an intrusion detection platform using deep learning and CNN (Convolutional Neural Networks). In this paper, we design an intelligent big data platform that collects data by observing and analyzing user visit logs and linking with big data. We want to collect big data for intrusion detection and build an intrusion detection platform based on CNN model. In this study, we evaluated the performance of the Intrusion Detection System (IDS) using the KDD99 dataset developed by DARPA in 1998, and the actual attack categories were tested with KDD99's DoS, U2R, and R2L using four probing methods.

• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.622-627
• /
• 2022

This paper proposes an intrusion detection system for in-vehicle network to improve detection performance considering attack counts and attack types. In intrusion detection system, both FNR (False Negative Rate), where intrusion frame is misjudged as normal frame, and FPR (False Positive Rate), where normal frame is misjudged as intrusion frame, seriously affect vechicle safety. This paper proposes a novel intrusion detection algorithm to improve both FNR and FPR, where data frame previously detected as intrusion above certain attack counts is automatically detected as intrusion and the automatic intrusion detection method is adaptively applied according to attack types. From the simulation results, the propsoed method effectively improve both FNR and FPR in DoS(Denial of Service) attack and spoofing attack.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.11 no.6
• /
• pp.619-626
• /
• 2016

Intrusion detection model detects a intrusion when intrusion behaviour occurred. The model analyzes a variety of intrusion pattern and supports a modeling method to represent for a intrusion pattern efficiently. Particularly, the model defines classes of intrusion pattern and supports modeling method that detects a network level intrusion through multiple hosts for multiple intrusions. In this paper, proposes a multiple intrusion detection model that support a verification method for intrusion detection systems and verifies a safeness of proposed model and compares with other models.

• Journal of Digital Convergence
• /
• v.12 no.6
• /
• pp.289-295
• /
• 2014

Intrusion detection system is a means of security that detects abnormal use and illegal intension in advance in real time and reenforce the security of enterprises. Performance of intrusion detection system is judged by information collection, intrusion analysis, intrusion response, review and protection of intrusion detection result, reaction, loss protection that belong to the area of intrusion detection. In this paper, we developed a evaluation model based on the requirements of intrusion detection system and ISO international standard about software product evaluation.