• 제목/요약/키워드: Intrusion Detection Systems

검색결과 354건 처리시간 0.022초

데이터 마이닝의 비대칭 오류비용을 이용한 지능형 침입탐지시스템 개발 (Intelligent Intrusion Detection Systems Using the Asymmetric costs of Errors in Data Mining)

  • 홍태호;김진완
    • 한국정보시스템학회지:정보시스템연구
    • /
    • 제15권4호
    • /
    • pp.211-224
    • /
    • 2006
  • This study investigates the application of data mining techniques such as artificial neural networks, rough sets, and induction teaming to the intrusion detection systems. To maximize the effectiveness of data mining for intrusion detection systems, we introduced the asymmetric costs with false positive errors and false negative errors. And we present a method for intrusion detection systems to utilize the asymmetric costs of errors in data mining. The results of our empirical experiment show our intrusion detection model provides high accuracy in intrusion detection. In addition the approach using the asymmetric costs of errors in rough sets and neural networks is effective according to the change of threshold value. We found the threshold has most important role of intrusion detection model for decreasing the costs, which result from false negative errors.

  • PDF

Robust Real-time Intrusion Detection System

  • Kim, Byung-Joo;Kim, Il-Kon
    • Journal of Information Processing Systems
    • /
    • 제1권1호
    • /
    • pp.9-13
    • /
    • 2005
  • Computer security has become a critical issue with the rapid development of business and other transaction systems over the Internet. The application of artificial intelligence, machine learning and data mining techniques to intrusion detection systems has been increasing recently. But most research is focused on improving the classification performance of a classifier. Selecting important features from input data leads to simplification of the problem, and faster and more accurate detection rates. Thus selecting important features is an important issue in intrusion detection. Another issue in intrusion detection is that most of the intrusion detection systems are performed by off-line and it is not a suitable method for a real-time intrusion detection system. In this paper, we develop the real-time intrusion detection system, which combines an on-line feature extraction method with the Least Squares Support Vector Machine classifier. Applying the proposed system to KDD CUP 99 data, experimental results show that it has a remarkable feature extraction and classification performance compared to existing off-line intrusion detection systems.

Using Machine Learning Techniques for Accurate Attack Detection in Intrusion Detection Systems using Cyber Threat Intelligence Feeds

  • Ehtsham Irshad;Abdul Basit Siddiqui
    • International Journal of Computer Science & Network Security
    • /
    • 제24권4호
    • /
    • pp.179-191
    • /
    • 2024
  • With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

A new perspective towards the development of robust data-driven intrusion detection for industrial control systems

  • Ayodeji, Abiodun;Liu, Yong-kuo;Chao, Nan;Yang, Li-qun
    • Nuclear Engineering and Technology
    • /
    • 제52권12호
    • /
    • pp.2687-2698
    • /
    • 2020
  • Most of the machine learning-based intrusion detection tools developed for Industrial Control Systems (ICS) are trained on network packet captures, and they rely on monitoring network layer traffic alone for intrusion detection. This approach produces weak intrusion detection systems, as ICS cyber-attacks have a real and significant impact on the process variables. A limited number of researchers consider integrating process measurements. However, in complex systems, process variable changes could result from different combinations of abnormal occurrences. This paper examines recent advances in intrusion detection algorithms, their limitations, challenges and the status of their application in critical infrastructures. We also introduce the discussion on the similarities and conflicts observed in the development of machine learning tools and techniques for fault diagnosis and cybersecurity in the protection of complex systems and the need to establish a clear difference between them. As a case study, we discuss special characteristics in nuclear power control systems and the factors that constraint the direct integration of security algorithms. Moreover, we discuss data reliability issues and present references and direct URL to recent open-source data repositories to aid researchers in developing data-driven ICS intrusion detection systems.

블랙보드구조를 활용한 보안 모델의 연동 (Coordination among the Security Systems using the Blackboard Architecture)

  • 서희석;조대호
    • 제어로봇시스템학회논문지
    • /
    • 제9권4호
    • /
    • pp.310-319
    • /
    • 2003
  • As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.

Mining Regular Expression Rules based on q-grams

  • Lee, Inbok
    • 스마트미디어저널
    • /
    • 제8권3호
    • /
    • pp.17-22
    • /
    • 2019
  • Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires considerable knowledge of various fields. Attackers may modify previous attempts to escape intrusion detection rules. In this paper, we deal with the problem of detecting modified attacks based on previous intrusion detection rules. We show a simple method of reporting approximate occurrences of at least one of the network intrusion detection rules, based on q-grams and the longest increasing subsequences. Experimental results showed that our approach could detect modified attacks, modeled with edit operations.

Deep Packet Inspection for Intrusion Detection Systems: A Survey

  • AbuHmed, Tamer;Mohaisen, Abedelaziz;Nyang, Dae-Hun
    • 정보와 통신
    • /
    • 제24권11호
    • /
    • pp.25-36
    • /
    • 2007
  • Deep packet inspection is widely recognized as a powerful way which is used for intrusion detection systems for inspecting, deterring and deflecting malicious attacks over the network. Fundamentally, almost intrusion detection systems have the ability to search through packets and identify contents that match with known attach. In this paper we survey the deep packet inspection implementations techniques, research challenges and algorithm. Finally, we provide a comparison between the different applied system.

보안정책 기반 침입탐지 시스템 모델 설계 (Design of Security Policy-based Intrusion Detection System Model)

  • 김강;전종식
    • 한국컴퓨터정보학회논문지
    • /
    • 제8권4호
    • /
    • pp.81-86
    • /
    • 2003
  • 컴퓨터네트워크의 확대 및 인터넷 이용의 급격한 증가에 따른 부작용으로 컴퓨터 보안문제가 중요하게 대두되고 있다. 따라서. 침입자들로부터 위험을 줄이기 위해 침입탐지시스템에 관한 연구가 활발하다. 특히, 본 논문은 침입탐지시스템을 바탕으로 한 새로운 보안정책 기반 침입탐지 시스템 모델을 제안하고, 이를 설계 및 프로토타입을 구현하여 그 타당성을 보인다. 제안한 모델에서 보안정책 기반 침입탐지시스템들은 여러 컴퓨터에 분산되고, 분산된 보안정책 기반 침입탐지시스템들 중에서 어느 하나가 특정 프로세스에 의해 발생된 시스템 호출 순서 중 비정상적인 시스템 호출을 탐지한 경우에 이를 다른 보안정책 기반 탐지시스템들과 서로 동적으로 공유하여 새로운 침입에 대하여 대응책을 향상시킨다.

  • PDF

A SURVEY ON INTRUSION DETECTION SYSTEMS IN COMPUTER NETWORKS

  • Zarringhalami, Zohreh;Rafsanjani, Marjan Kuchaki
    • Journal of applied mathematics & informatics
    • /
    • 제30권5_6호
    • /
    • pp.847-864
    • /
    • 2012
  • In recent years, using computer networks (wired and wireless networks) has been widespread in many applications. As computer networks become increasingly complex, the accompanied potential threats also grow to be more sophisticated and as such security has become one of the major concerns in them. Prevention methods alone are not sufficient to make them secure; therefore, detection should be added as another defense before an attacker can breach the system. Intrusion Detection Systems (IDSs) have become a key component in ensuring systems and networks security. An IDS monitors network activities in order to detect malicious actions performed by intruders and then initiate the appropriate countermeasures. In this paper, we present a survey and taxonomy of intrusion detection systems and then evaluate and compare them.

보안 모델의 연동을 위한 블랙보드구조의 적용 (An Application of Blackboard Architecture for the Coordination among the Security Systems)

  • 서희석;조대호
    • 한국시뮬레이션학회논문지
    • /
    • 제11권4호
    • /
    • pp.91-105
    • /
    • 2002
  • The attackers on Internet-connected systems we are seeing today are more serious and technically complex than those in the past. So it is beyond the scope of amy one system to deal with the intrusions. That the multiple IDSes (Intrusion Detection System) coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (BlackBoard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (BlackBoard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete EVent system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses these detection information.

  • PDF