• Journal of Information Processing Systems
• /
• v.13 no.5
• /
• pp.1203-1212
• /
• 2017

Intrusion detection systems (IDSs) are crucial in this overwhelming increase of attacks on the computing infrastructure. It intelligently detects malicious and predicts future attack patterns based on the classification analysis using machine learning and data mining techniques. This paper is devoted to thoroughly evaluate classifier ensembles for IDSs in IEEE 802.11 wireless network. Two ensemble techniques, i.e. voting and stacking are employed to combine the three base classifiers, i.e. decision tree (DT), random forest (RF), and support vector machine (SVM). We use area under ROC curve (AUC) value as a performance metric. Finally, we conduct two statistical significance tests to evaluate the performance differences among classifiers.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.57-69
• /
• 2011

Many heterogeneous Intrusion Detection Systems(IDSs) based in misuse detection technique including the self-developed IDS are now operating in Defense-ESM(Enterprise Security Management System). IDS based on misuse detection may have different capability in the intrusion detection process according to the frequency and quality of its signature update. This makes the integration and collaboration with other IDSs more difficult. In this paper, with the purpose of creating the proper foundation for integration and collaboration between heterogeneous IDSs being operated in Defense-ESM, we propose an effective mechanism that can enable one IDS to propagate its new detection rules to other IDSs and receive updated rules from others. We also prove the performance of rule exchange and application possibility to defense environment through the implementation and experiment.

• The KIPS Transactions:PartC
• /
• v.12C no.1 s.97
• /
• pp.45-52
• /
• 2005

A damage scale of information property has been increasing rapidly by various illegal actions of information systems, which result from dysfunction of a knowledge society. Reinforcement in criminal investigation requests of network security has accelerated research and development of Intrusion Detection Systems(IDSs), which report intrusion-detection about these illegal actions. Due to limited designs of early IDSs, it is hard for the IDSs to cope with tricks to go around IDS as well as false-positive and false-negative trials in various network environments. In this paper, we showed that this kind of problems can be solved by using a Virtual Protocol Stack(VPS) that possesses automatic learning ability through an optimum-adaptive mobile code. Therefore, the enhanced IDS adapts dynamically to various network environments in consideration of monitored and self-learned network status. Moreover, it is shown that Insertion/Evasion attacks can be actively detected. Finally, we discussed that this method can be expanded to an intrusion detection technique that possesses adaptability in the various mixed network environments.

• Journal of applied mathematics & informatics
• /
• v.30 no.5_6
• /
• pp.847-864
• /
• 2012

In recent years, using computer networks (wired and wireless networks) has been widespread in many applications. As computer networks become increasingly complex, the accompanied potential threats also grow to be more sophisticated and as such security has become one of the major concerns in them. Prevention methods alone are not sufficient to make them secure; therefore, detection should be added as another defense before an attacker can breach the system. Intrusion Detection Systems (IDSs) have become a key component in ensuring systems and networks security. An IDS monitors network activities in order to detect malicious actions performed by intruders and then initiate the appropriate countermeasures. In this paper, we present a survey and taxonomy of intrusion detection systems and then evaluate and compare them.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3884-3910
• /
• 2016

Intrusion Detection System (IDS) in general considers a big amount of data that are highly redundant and irrelevant. This trait causes slow instruction, assessment procedures, high resource consumption and poor detection rate. Due to their expensive computational requirements during both training and detection, IDSs are mostly ineffective for real-time anomaly detection. This paper proposes a dimensionality reduction technique that is able to enhance the performance of IDSs up to constant time O(1) based on the Principle Component Analysis (PCA). Furthermore, the present study offers a feature selection approach for identifying major components in real time. The PCA algorithm transforms high-dimensional feature vectors into a low-dimensional feature space, which is used to determine the optimum volume of factors. The proposed approach was assessed using HTTP packet payload of ISCX 2012 IDS and DARPA 1999 dataset. The experimental outcome demonstrated that our proposed anomaly detection achieved promising results with 97% detection rate with 1.2% false positive rate for ISCX 2012 dataset and 100% detection rate with 0.06% false positive rate for DARPA 1999 dataset. Our proposed anomaly detection also achieved comparable performance in terms of computational complexity when compared to three state-of-the-art anomaly detection systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.8
• /
• pp.4021-4037
• /
• 2018

In network intrusion detection research, two characteristics are generally considered vital to building efficient intrusion detection systems (IDSs): an optimal feature selection technique and robust classification schemes. However, the emergence of sophisticated network attacks and the advent of big data concepts in intrusion detection domains require two more significant aspects to be addressed: employing an appropriate big data computing framework and utilizing a contemporary dataset to deal with ongoing advancements. As such, we present a comprehensive approach to building an efficient IDS with the aim of strengthening academic anomaly detection research in real-world operational environments. The proposed system has the following four characteristics: (i) it performs optimal feature selection using information gain and branch-and-bound algorithms; (ii) it employs machine learning techniques for classification, namely, Logistic Regression, Naïve Bayes, and Random Forest; (iii) it introduces bulk synchronous parallel processing to handle the computational requirements of large-scale networks; and (iv) it utilizes a real-time contemporary dataset generated by the Information Security Centre of Excellence at the University of Brunswick (ISCX-UNB) to validate its efficacy. Experimental analysis shows the effectiveness of the proposed framework, which is able to achieve high accuracy, low computational cost, and reduced false alarms.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.4 no.1
• /
• pp.267-282
• /
• 2000

With the development of computer&network technology and the growth of its dependance, computer failures not only lose human and material resources but also make organization's competition weak as a side-effect of information society. Therefore, people consider computer security as important factor. Intrusion Detection Systems (IDS) detect intrusions and take an appropriate action against them in order to protect a computer from system failure due to illegal intrusion. A variety of methods and models for IDS have been developed until now, but the existing methods or models aren't enough to detect intrusions because of the complexity of computer network the vulnerability of the object system, insufficient understanding for information security and the appearance of new illegal intrusion method. We propose a new IDS model to be suitable at the information system organized by homogeneous hosts and design for the IDS model and implement the prototype of it for feasibility study. The IDS model consist of many distributed unit sensor IDSs at homogeneous hosts and if any of distributed unit sensor IDSs detect anomaly system call among system call sequences generated by a process, the anomaly system call can be dynamically shared with other unit sensor IDSs. This makes the IDS model can effectively detect new intruders about whole information system.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.297-300
• /
• 2005

Especially, system security is very important in the ubiquitous environment. This paper proposes a protecting scheme for security policies in Firewall and intrusion detection system (IDS). The one-way hash function and the symmetric cryptosystem are used to make the protected rules for Firewalls and IDSs. The proposed scheme could be applied in diverse kind of defense systems which use rules.

• ETRI Journal
• /
• v.34 no.6
• /
• pp.847-857
• /
• 2012

Intrusion detection systems (IDSs) have an important effect on system defense and security. Recently, most IDS methods have used transformed features, selected features, or original features. Both feature transformation and feature selection have their advantages. Neighborhood component analysis feature transformation and genetic feature selection (NCAGAFS) is proposed in this research. NCAGAFS is based on soft computing and data mining and uses the advantages of both transformation and selection. This method transforms features via neighborhood component analysis and chooses the best features with a classifier based on a genetic feature selection method. This novel approach is verified using the KDD Cup99 dataset, demonstrating higher performances than other well-known methods under various classifiers have demonstrated.

• Journal of the Speleological Society of Korea
• /
• no.80
• /
• pp.11-19
• /
• 2007

Most studies in the past in testing and benchmarking on Intrusion Detection System (IDS) were conducted as comparisons, rather than evaluation, on different IDSs. This paper presents the evaluation of the performance of one of the open source IDS, snort, in an inexpensive high availability system configuration. Redundancy and fault tolerance technology are used in deploying such IDS, because of the possible attacks that can make snort exhaust resources, degrade in performance and even crash. Several test data are used in such environment and yielded different results. CPU speed, Disk usage, memory utilization and other resources of the IDS host are also monitored. Test results with the proposed system configuration environment shows much better system availability and reliability, especially on security systems.