• 정보처리학회논문지C
• /
• 제10C권6호
• /
• pp.705-710
• /
• 2003

최근 대부분의 정보 교류가 네트워크 환경 기반에서 이루어지고 있다. 때문에 외부의 침입으로부터 시스템을 보호해 주는 네트워크 침입 탐지 기술에 대한 연구가 매우 중요한 문제로 대두되고 있다. 하지만 시스템에 대한 침입 기술은 날로 새로워지고 더욱 정교화 되고 있어 이에 대한 대비가 절실한 실정이다. 현재 대부분의 침입 탐지 시스템은 이미 알려진 외부의 침입으로부터의 경험 데이터를 이용하여 침입 유형에 효과적으로 대처하지 못하게 된다. 따라서, 본 논문에서는 통계적 학습 이론과 우도비검정 통계량을 이용하여 새로운 침입 유형까지 탐지해 낼 수 있는 변형된 통계적 학습 모형을 제안하였다. 즉, 기존의 정상적인 네트워크 사용에서 벗어나는 형태들에 대한 모형화를 통하여 시스템에 대한 침입 탐지를 수행하였다. KDD Cup-99 Task 데이터를 이용하여 정상적인 네트워크 사용을 벗어나는 새로운 침입을 제안 모형이 효과적으로 탐지함을 확인하였다.

• International Journal of Computer Science & Network Security
• /
• 제22권12호
• /
• pp.185-196
• /
• 2022

The Internet of Things (IoT) has become more and more widespread in recent years, thus attackers are placing greater emphasis on IoT environments. The IoT connects a large number of smart devices via wired and wireless networks that incorporate sensors or actuators in order to produce and share meaningful information. Attackers employed IoT devices as bots to assault the target server; however, because of their resource limitations, these devices are easily infected with IoT malware. The Distributed Denial of Service (DDoS) is one of the many security problems that might arise in an IoT context. DDOS attempt involves flooding a target server with irrelevant requests in an effort to disrupt it fully or partially. This worst practice blocks the legitimate user requests from being processed. We explored an intelligent intrusion detection system (IIDS) using a particular sort of machine learning, such as Artificial Neural Networks, (ANN) in order to handle and mitigate this type of cyber-attacks. In this research paper Feed-Forward Neural Network (FNN) is tested for detecting the DDOS attacks using a modified version of the KDD Cup 99 dataset. The aim of this paper is to determine the performance of the most effective and efficient Back-propagation algorithms among several algorithms and check the potential capability of ANN- based network model as a classifier to counteract the cyber-attacks in IoT environments. We have found that except Gradient Descent with Momentum Algorithm, the success rate obtained by the other three optimized and effective Back- Propagation algorithms is above 99.00%. The experimental findings showed that the accuracy rate of the proposed method using ANN is satisfactory.

• ETRI Journal
• /
• 제34권6호
• /
• pp.847-857
• /
• 2012

Intrusion detection systems (IDSs) have an important effect on system defense and security. Recently, most IDS methods have used transformed features, selected features, or original features. Both feature transformation and feature selection have their advantages. Neighborhood component analysis feature transformation and genetic feature selection (NCAGAFS) is proposed in this research. NCAGAFS is based on soft computing and data mining and uses the advantages of both transformation and selection. This method transforms features via neighborhood component analysis and chooses the best features with a classifier based on a genetic feature selection method. This novel approach is verified using the KDD Cup99 dataset, demonstrating higher performances than other well-known methods under various classifiers have demonstrated.

• 대한전자공학회:학술대회논문집
• /
• 대한전자공학회 2002년도 ITC-CSCC -2
• /
• pp.928-931
• /
• 2002

Network based intrusion detection system is a computer network security tool. In this paper, we present an intrusion detection system based on Self-Organizing Maps (SOM) and Resilient Propagation Neural Network (RPROP) for visualizing and classifying intrusion and normal patterns. We introduce a cluster matching equation for finding principal associated components in component planes. We apply data from The Third International Knowledge Discovery and Data Mining Tools Competition (KDD cup'99) for training and testing our prototype. From our experimental results with different network data, our scheme archives more than 90 percent detection rate, and less than 5 percent false alarm rate in one SYN flooding and two port scanning attack types.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2003년도 춘계학술발표논문집 (하)
• /
• pp.2049-2052
• /
• 2003

인터넷의 급속한 발전으로 인한 유용성 이면에는, 공공 시스템에 대한 악의적인 침입에 따른 피해가 날로 증가되고 있다. 이에 대비하기 위한 침입 탐지 시스템들이 소개되고 있으나, 공격의 형태가 다양하게 변화되고 있기 때문에 침입탐지 시스템도 이에 대비할 수 있도록 지속적인 연구 노력이 필요하다. 최근의 다양한 연구노력 중에는 데이터 마이닝 기법을 이용하여 침입자의 정보를 분석하는 연구가 활발히 진행되고 있다. 본 논문에서는 데이터 마이닝 기법을 사용하여 KDD CUP 99의 훈련 집합(Training Set)을 기반으로 효과적인 분류를 하기 위한 모델을 제시하였다. 제시된 모델에서는 휴리스틱을 적용하여 효과적으로 필요한 데이터를 생성할 수 있었으며, 또한 각 공격 유형마다 분류자를 두어 보다 정확하고 효율적인 탐지가 가능하도록 하였다.

• Journal of Information Processing Systems
• /
• 제1권1호
• /
• pp.9-13
• /
• 2005

Computer security has become a critical issue with the rapid development of business and other transaction systems over the Internet. The application of artificial intelligence, machine learning and data mining techniques to intrusion detection systems has been increasing recently. But most research is focused on improving the classification performance of a classifier. Selecting important features from input data leads to simplification of the problem, and faster and more accurate detection rates. Thus selecting important features is an important issue in intrusion detection. Another issue in intrusion detection is that most of the intrusion detection systems are performed by off-line and it is not a suitable method for a real-time intrusion detection system. In this paper, we develop the real-time intrusion detection system, which combines an on-line feature extraction method with the Least Squares Support Vector Machine classifier. Applying the proposed system to KDD CUP 99 data, experimental results show that it has a remarkable feature extraction and classification performance compared to existing off-line intrusion detection systems.

• 한국산학기술학회논문지
• /
• 제17권2호
• /
• pp.703-711
• /
• 2016

침입탐지시스템은 네트워크 데이터 분석을 통해 네트워크 침입을 탐지하는 역할을 수행하고 침입탐지를 위해 높은 수치의 정확도와 탐지율, 그리고 낮은 수치의 오경보율이 요구된다. 또한 네트워크 데이터 분석을 위해서는 전문가 시스템, 데이터 마이닝, 상태전이 분석(state transition analysis) 등 다양한 기법이 이용된다. 본 연구의 목적은 데이터 마이닝을 이용한 네트워크 침입탐지기법인 두 기법의 탐지효과를 비교하는데 있다. 첫번째 기법은 기계학습 알고리즘인 SVM이고 두번째 알고리즘은 인공 신경망 모형 중의 하나인 FANN이다. 두 기법의 탐지효과를 비교하기 위해 침입 탐지에 많이 쓰이는 KDD Cup 99 훈련 및 테스트 데이터를 이용하여 탐지의 정확도, 탐지율, 오경보율을 계산하고 비교하였다. 정상적인 데이터를 침입으로 간주하는 오경보율의 경우 SVM보다 FANN이 약간 많은 오경보율을 보이나, 탐지의 정확도 및 침입을 찾아내는 탐지율에서 FANN은 SVM보다 월등한 탐지효과를 보여준다. 정상적인 데이터를 침입으로 간주했을 때의 위험보다는 실제 침입을 정상적인 데이터로 인식할 때의 위험도가 훨씬 큰 것을 감안하면 FANN이 SVM보다 침입탐지에 훨씬 효과적임을 보이고 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권8호
• /
• pp.4021-4037
• /
• 2018

In network intrusion detection research, two characteristics are generally considered vital to building efficient intrusion detection systems (IDSs): an optimal feature selection technique and robust classification schemes. However, the emergence of sophisticated network attacks and the advent of big data concepts in intrusion detection domains require two more significant aspects to be addressed: employing an appropriate big data computing framework and utilizing a contemporary dataset to deal with ongoing advancements. As such, we present a comprehensive approach to building an efficient IDS with the aim of strengthening academic anomaly detection research in real-world operational environments. The proposed system has the following four characteristics: (i) it performs optimal feature selection using information gain and branch-and-bound algorithms; (ii) it employs machine learning techniques for classification, namely, Logistic Regression, Naïve Bayes, and Random Forest; (iii) it introduces bulk synchronous parallel processing to handle the computational requirements of large-scale networks; and (iv) it utilizes a real-time contemporary dataset generated by the Information Security Centre of Excellence at the University of Brunswick (ISCX-UNB) to validate its efficacy. Experimental analysis shows the effectiveness of the proposed framework, which is able to achieve high accuracy, low computational cost, and reduced false alarms.

• 디지털산업정보학회논문지
• /
• 제11권4호
• /
• pp.33-45
• /
• 2015

Currently, Internet is used an essential tool in the business area. Despite this importance, there is a risk of network attacks attempting collection of fraudulence, private information, and cyber terrorism. Firewalls and IDS(Intrusion Detection System) are tools against those attacks. IDS is used to determine whether a network data is a network attack. IDS analyzes the network data using various techniques including expert system, data mining, and state transition analysis. This paper tries to compare the performance of two data mining models in detecting network attacks. They are decision tree (C4.5), and neural network (FANN model). I trained and tested these models with data and measured the effectiveness in terms of detection accuracy, detection rate, and false alarm rate. This paper tries to find out which model is effective in intrusion detection. In the analysis, I used KDD Cup 99 data which is a benchmark data in intrusion detection research. I used an open source Weka software for C4.5 model, and C++ code available for FANN model.

• 한국인공지능학회지
• /
• 제11권2호
• /
• pp.19-27
• /
• 2023

In recent times, an exponential increase in Internet traffic has been observed as a result of advancing development of the Internet of Things, mobile networks with sensors, and communication functions within various devices. Further, the COVID-19 pandemic has inevitably led to an explosion of social network traffic. Within this context, considerable attention has been drawn to research on network traffic analysis based on machine learning. In this paper, we design and develop a new machine learning framework for network traffic analysis whereby normal and abnormal traffic is distinguished from one another. To achieve this, we combine together well-known machine learning algorithms and network traffic analysis techniques. Using one of the most widely used datasets KDD CUP'99 in the Weka and Apache Spark environments, we compare and investigate results obtained from time series type analysis of various aspects including malicious codes, feature extraction, data formalization, network traffic measurement tool implementation. Experimental analysis showed that while both the logistic regression and the support vector machine algorithm were excellent for performance evaluation, among these, the logistic regression algorithm performs better. The quantitative analysis results of our proposed machine learning framework show that this approach is reliable and practical, and the performance of the proposed system and another paper is compared and analyzed. In addition, we determined that the framework developed in the Apache Spark environment exhibits a much faster processing speed in the Spark environment than in Weka as there are more datasets used to create and classify machine learning models.