• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.727-738
• /
• 2003

Much research efforts are being exerted for the study of intrusion detection system(IDS). However little work has been for the communication medels and performance eveluation of the IDS. Here we present a communication framework for doing hybrid intrusion detection in which agents are used for local intrusion detections with a centralized data anaysis componenta for a global intrusion detection at multiple domains environment. We also assume the combination of host-based and network-based intrusion detection systems in the oberall framework. From the local domain, a set of information such as alert, and / or log data are reported to the upper level. At the root of the hierarchy, there is a global manager where data coalescing is performed. The global manager delivers a security policy to its lower levels as the result of aggregation and correlation of intrusion detection alerts. In this paper, we model the communication mechanisms for the hybrid IDS and develop a simular using OPNET modeller for the performance evaluation of transmission capabillities for the delivery of data and policy. We present and compare simulation results based on several scenarios focuding on communication delay.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2003.09a
• /
• pp.660-663
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

• Convergence Security Journal
• /
• v.1 no.1
• /
• pp.57-68
• /
• 2001

Computer security is considered important because of the side effect generated from the expansion of computer network and rapid increase of the use of computer. Intrusion Detection System(IDS) has been an active research area to reduce the risk from intruders. In this paper, the Hybrid Intrusion Detection System(HIDS) based biometric immuntiy collects and filters audit data by misuse detection is innate immune, and anomaly detection is acquirement immune in multi-hosts. Since, collect and detect audit data from one the system in molt-hosts, it is design and implement of the intrusion detection system which has the immuntiy the detection intrusion in one host possibly can detect in multi-hosts and in the method of misuses detection subsequently.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.11
• /
• pp.3445-3461
• /
• 2000

Although many different intrusion detectionsystems have been developed there have not been enough researches on the methodology for evaluating these intrusion delection systems. With this understanding,in this paper we present a methodology for evaluating infrusion detection systems from the view point of performance and robustness, both of which are considered the most important criteria Current research on evaluating the performance f intrusion detection systems mostly foduson the in issuse detection but not on the anormaly detection. Regarding evalieting robustness it is not easy to apply off -line methodologies and methods for testing robustness hae not been proposed in on -line methodolomes, In this paper we provide an systematic way of classifyin and generating anomalies and using this reult, present an methodology for evaluating the pertormance of intrusion detection systems in detecting anomaalies ans well as misuses . Moreover, ww study the factors that can damage the robustness of intrusion detection systems and suggest an methodology for assessing the robustness of intrusion detection systems.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.12
• /
• pp.141-149
• /
• 2013

This paper presents a high-speed intrusion detection process for multi-core video surveillance systems. The high-speed intrusion detection was designed to a parallel process. Based on the analysis of the conventional process, a parallel intrusion detection process was proposed so as to be accelerated by utilizing multiple processing cores in contemporary computing systems. The proposed process performs the intrusion detection in a per-frame parallel manner, considering the data dependency between frames. The proposed process was validated by implementing a multi-threaded intrusion detection program. For the system having eight processing cores, the detection speed of the proposed program is higher than that of the conventional one by up to 353.76% in terms of the frame rate.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.53-58
• /
• 2014

MANET can quickly build a network because it is configured with only the mobile node and it is very popular today due to its various application range. However, MANET should solve vulnerable security problem that dynamic topology, limited resources of each nodes, and wireless communication by the frequent movement of nodes have. In this paper, we propose a domain-based distributed cooperative intrusion detection techniques that can perform accurate intrusion detection by reducing overhead. In the proposed intrusion detection techniques, the local detection and global detection is performed after network is divided into certain size. The local detection performs on all the nodes to detect abnormal behavior of the nodes and the global detection performs signature-based attack detection on gateway node. Signature DB managed by the gateway node accomplishes periodic update by configuring neighboring gateway node and honeynet and maintains the reliability of nodes in the domain by the trust management module. The excellent performance is confirmed through comparative experiments of a multi-layer cluster technique and proposed technique in order to confirm intrusion detection performance of the proposed technique.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2002.11a
• /
• pp.59-65
• /
• 2002

Recently, lots of researchers work focused on the intrusion detection system. Pattern matching technique is commonly used to detect the intrusion in the system, However, the method requires a lot of time to match between systems rule and inputted packet data. This paper proposes a new intrusion detection system based on the pattern matching technique. Proposed system reduces the required time for pattern matching by using classified system rule. The classified rule is implemented with a general tree for efficient pattern matching. Thereby, proposed system could perform network intrusion detection efficiently.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.2
• /
• pp.59-65
• /
• 2012

Emergency medical information center performs role of medical direction about disease consult and pre-hospital emergency handling scheme work to people. Emergency medical information system plays a major role to be decreased mortality and disability of emergency patient by providing information of medical institution especially when emergency patient has appeared. But, various attacks as a hacking have been happened in Emergency medical information system recently. In this paper, we proposed security structure which can protect the system securely by detecting attacks from outside effectively. Intrusion detection was performed using rule based detection technique according to protocol for every packet to detect attack and intrusion was reported to control center if intrusion was detected also. Intrusion detection was performed again using decision tree for packet which intrusion detection was not done. We experimented effectiveness using attacks as TCP-SYN, UDP flooding and ICMP flooding for proposed security structure in this paper.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2002.11a
• /
• pp.59-65
• /
• 2002

Recently, lots of researchers work focused on the intrusion detection system. Pattern matching technique is commonly used to detect the intrusion in the system, However, the method requires a lot of time to match between systems rule and inputted packet data. This paper proposes a new intrusion detection system based on the pattern matching technique. Proposed system reduces the required time for pattern matching by using classified system rule. The classified rule is implemented with a general tree for efficient pattern matching. Thereby, proposed system could perform network intrusion detection efficiently.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.7
• /
• pp.3076-3092
• /
• 2020

An IKPCA-ELM-based intrusion detection method is developed to address the problem of the low accuracy and slow speed of intrusion detection caused by redundancies and high dimensions of data in the network. First, in order to reduce the effects of uneven sample distribution and sample attribute differences on the extraction of KPCA features, the sample attribute mean and mean square error are introduced into the Gaussian radial basis function and polynomial kernel function respectively, and the two improved kernel functions are combined to construct a hybrid kernel function. Second, an improved particle swarm optimization (IPSO) algorithm is proposed to determine the optimal hybrid kernel function for improved kernel principal component analysis (IKPCA). Finally, IKPCA is conducted to complete feature extraction, and an extreme learning machine (ELM) is applied to classify common attack type detection. The experimental results demonstrate the effectiveness of the constructed hybrid kernel function. Compared with other intrusion detection methods, IKPCA-ELM not only ensures high accuracy rates, but also reduces the detection time and false alarm rate, especially reducing the false alarm rate of small sample attacks.