• Title/Summary/Keyword: Intrusion Detection Systems

Search Result 354, Processing Time 0.024 seconds

Intelligent Intrusion Detection Systems Using the Asymmetric costs of Errors in Data Mining (데이터 마이닝의 비대칭 오류비용을 이용한 지능형 침입탐지시스템 개발)

  • Hong, Tae-Ho;Kim, Jin-Wan
    • The Journal of Information Systems
    • /
    • v.15 no.4
    • /
    • pp.211-224
    • /
    • 2006
  • This study investigates the application of data mining techniques such as artificial neural networks, rough sets, and induction teaming to the intrusion detection systems. To maximize the effectiveness of data mining for intrusion detection systems, we introduced the asymmetric costs with false positive errors and false negative errors. And we present a method for intrusion detection systems to utilize the asymmetric costs of errors in data mining. The results of our empirical experiment show our intrusion detection model provides high accuracy in intrusion detection. In addition the approach using the asymmetric costs of errors in rough sets and neural networks is effective according to the change of threshold value. We found the threshold has most important role of intrusion detection model for decreasing the costs, which result from false negative errors.

  • PDF

Robust Real-time Intrusion Detection System

  • Kim, Byung-Joo;Kim, Il-Kon
    • Journal of Information Processing Systems
    • /
    • v.1 no.1 s.1
    • /
    • pp.9-13
    • /
    • 2005
  • Computer security has become a critical issue with the rapid development of business and other transaction systems over the Internet. The application of artificial intelligence, machine learning and data mining techniques to intrusion detection systems has been increasing recently. But most research is focused on improving the classification performance of a classifier. Selecting important features from input data leads to simplification of the problem, and faster and more accurate detection rates. Thus selecting important features is an important issue in intrusion detection. Another issue in intrusion detection is that most of the intrusion detection systems are performed by off-line and it is not a suitable method for a real-time intrusion detection system. In this paper, we develop the real-time intrusion detection system, which combines an on-line feature extraction method with the Least Squares Support Vector Machine classifier. Applying the proposed system to KDD CUP 99 data, experimental results show that it has a remarkable feature extraction and classification performance compared to existing off-line intrusion detection systems.

Using Machine Learning Techniques for Accurate Attack Detection in Intrusion Detection Systems using Cyber Threat Intelligence Feeds

  • Ehtsham Irshad;Abdul Basit Siddiqui
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.4
    • /
    • pp.179-191
    • /
    • 2024
  • With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

A new perspective towards the development of robust data-driven intrusion detection for industrial control systems

  • Ayodeji, Abiodun;Liu, Yong-kuo;Chao, Nan;Yang, Li-qun
    • Nuclear Engineering and Technology
    • /
    • v.52 no.12
    • /
    • pp.2687-2698
    • /
    • 2020
  • Most of the machine learning-based intrusion detection tools developed for Industrial Control Systems (ICS) are trained on network packet captures, and they rely on monitoring network layer traffic alone for intrusion detection. This approach produces weak intrusion detection systems, as ICS cyber-attacks have a real and significant impact on the process variables. A limited number of researchers consider integrating process measurements. However, in complex systems, process variable changes could result from different combinations of abnormal occurrences. This paper examines recent advances in intrusion detection algorithms, their limitations, challenges and the status of their application in critical infrastructures. We also introduce the discussion on the similarities and conflicts observed in the development of machine learning tools and techniques for fault diagnosis and cybersecurity in the protection of complex systems and the need to establish a clear difference between them. As a case study, we discuss special characteristics in nuclear power control systems and the factors that constraint the direct integration of security algorithms. Moreover, we discuss data reliability issues and present references and direct URL to recent open-source data repositories to aid researchers in developing data-driven ICS intrusion detection systems.

Coordination among the Security Systems using the Blackboard Architecture (블랙보드구조를 활용한 보안 모델의 연동)

  • 서희석;조대호
    • Journal of Institute of Control, Robotics and Systems
    • /
    • v.9 no.4
    • /
    • pp.310-319
    • /
    • 2003
  • As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.

Mining Regular Expression Rules based on q-grams

  • Lee, Inbok
    • Smart Media Journal
    • /
    • v.8 no.3
    • /
    • pp.17-22
    • /
    • 2019
  • Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires considerable knowledge of various fields. Attackers may modify previous attempts to escape intrusion detection rules. In this paper, we deal with the problem of detecting modified attacks based on previous intrusion detection rules. We show a simple method of reporting approximate occurrences of at least one of the network intrusion detection rules, based on q-grams and the longest increasing subsequences. Experimental results showed that our approach could detect modified attacks, modeled with edit operations.

Deep Packet Inspection for Intrusion Detection Systems: A Survey

  • AbuHmed, Tamer;Mohaisen, Abedelaziz;Nyang, Dae-Hun
    • Information and Communications Magazine
    • /
    • v.24 no.11
    • /
    • pp.25-36
    • /
    • 2007
  • Deep packet inspection is widely recognized as a powerful way which is used for intrusion detection systems for inspecting, deterring and deflecting malicious attacks over the network. Fundamentally, almost intrusion detection systems have the ability to search through packets and identify contents that match with known attach. In this paper we survey the deep packet inspection implementations techniques, research challenges and algorithm. Finally, we provide a comparison between the different applied system.

Design of Security Policy-based Intrusion Detection System Model (보안정책 기반 침입탐지 시스템 모델 설계)

  • Kim, Kang;Jeon, Jong-Sik
    • Journal of the Korea Society of Computer and Information
    • /
    • v.8 no.4
    • /
    • pp.81-86
    • /
    • 2003
  • Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of the use of internet. Therefore, Intrusion Detection System has been an active research area to reduce the risk from intruders. Especially, The paper proposes a new Security Policy-based Intrusion Detection System Model, which consists of several computer with Intrusion Detection System, based on Intrusion Detection System and describes design of the Security Policy-based Intrusion Detection System model and prototype implementation of it. The Security Policy-based Intrusion Detection Systems are distributed and if any of distributed Security Policy- based Intrusion Detection Systems detect anomaly system call among system call sequences generated by a privilege process, the anomaly system call can be dynamically shared with Security Policy-based Intrusion Detection Systems, This makes the Security Policy - based Intrusion Detection Systems improve the ability of countermeasures for new intruders.

  • PDF

A SURVEY ON INTRUSION DETECTION SYSTEMS IN COMPUTER NETWORKS

  • Zarringhalami, Zohreh;Rafsanjani, Marjan Kuchaki
    • Journal of applied mathematics & informatics
    • /
    • v.30 no.5_6
    • /
    • pp.847-864
    • /
    • 2012
  • In recent years, using computer networks (wired and wireless networks) has been widespread in many applications. As computer networks become increasingly complex, the accompanied potential threats also grow to be more sophisticated and as such security has become one of the major concerns in them. Prevention methods alone are not sufficient to make them secure; therefore, detection should be added as another defense before an attacker can breach the system. Intrusion Detection Systems (IDSs) have become a key component in ensuring systems and networks security. An IDS monitors network activities in order to detect malicious actions performed by intruders and then initiate the appropriate countermeasures. In this paper, we present a survey and taxonomy of intrusion detection systems and then evaluate and compare them.

An Application of Blackboard Architecture for the Coordination among the Security Systems (보안 모델의 연동을 위한 블랙보드구조의 적용)

  • 서희석;조대호
    • Journal of the Korea Society for Simulation
    • /
    • v.11 no.4
    • /
    • pp.91-105
    • /
    • 2002
  • The attackers on Internet-connected systems we are seeing today are more serious and technically complex than those in the past. So it is beyond the scope of amy one system to deal with the intrusions. That the multiple IDSes (Intrusion Detection System) coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (BlackBoard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (BlackBoard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete EVent system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses these detection information.

  • PDF