• Journal of the Korea Society of Computer and Information
• /
• v.8 no.3
• /
• pp.156-162
• /
• 2003

With the network environment and user's application service increasing information protection and private information protection fields are very important fields. But it is necessary detection methodology to unspecified unknown signal, information increasing and various information media. Therefore in this thesis, we design NIDS that classify others information for detection of the unknown signal as the unauthenticated signal or illegal outer access, etc. proposed NIDS design used Synopsys Ver. 1999 and VHDL. The proposed NIDS system is practical in the system performance and cost for the individually existed NIDS, and utilized a part of system resources.

• International journal of advanced smart convergence
• /
• v.12 no.2
• /
• pp.67-75
• /
• 2023

Recently, many studies have been conducted on ways to utilize AI technology in NIDS (Network Intrusion Detection System). In particular, CNN-based NIDS generally shows excellent performance. CNN is basically a method of using correlation between pixels existing in an image. Therefore, the method of generating an image is very important in CNN. In this paper, the performance comparison of CNN-based NIDS according to the image generation method was performed. The image generation methods used in the experiment are a direct conversion method and a one-hot encoding based method. As a result of the experiment, the performance of NIDS was different depending on the image generation method. In particular, it was confirmed that the method combining the direct conversion method and the one-hot encoding based method proposed in this paper showed the best performance.

• IEIE Transactions on Smart Processing and Computing
• /
• v.5 no.3
• /
• pp.169-177
• /
• 2016

To realize high-speed intrusion detection by accommodating many regular expression (regex)-based signatures and growing network link capacities, we propose the Service TimE-Aware Load-balancing (STEAL) algorithm. This work is motivated from the observation that utilization of a many-core network intrusion detection system (NIDS) is influenced by unfair computational distribution among many-core NIDS nodes. To avoid such unfair computational distribution, STEAL is designed to dynamically distribute a large volume of traffic among many-core NIDS nodes based on packet service time, which is represented by the deep packet time in many-core NIDS nodes. From experiments, we show that compared to the commonly used load-balancing algorithm based on arrival rate, STEAL increases the number of received packets (i.e., decreases the number of dropped packets) in many-core NIDS. Specifically, by integrating an open source NIDS (i.e. Bro) with STEAL, we show that even under attack-dominant traffic and with many signatures, STEAL can rapidly improve the performance of many-core NIDS to realize high-speed intrusion detection.

• Journal of Information Processing Systems
• /
• v.19 no.5
• /
• pp.688-701
• /
• 2023

The conventional methods of network intrusion detection system (NIDS) cannot measure the trend of intrusiondetection targets effectively, which lead to low detection accuracy. In this study, a NIDS method which based on a deep neural network in a big-data environment is proposed. Firstly, the entire framework of the NIDS model is constructed in two stages. Feature reduction and anomaly probability output are used at the core of the two stages. Subsequently, a convolutional neural network, which encompasses a down sampling layer and a characteristic extractor consist of a convolution layer, the correlation of inputs is realized by introducing bidirectional long short-term memory. Finally, after the convolution layer, a pooling layer is added to sample the required features according to different sampling rules, which promotes the overall performance of the NIDS model. The proposed NIDS method and three other methods are compared, and it is broken down under the conditions of the two databases through simulation experiments. The results demonstrate that the proposed model is superior to the other three methods of NIDS in two databases, in terms of precision, accuracy, F1- score, and recall, which are 91.64%, 93.35%, 92.25%, and 91.87%, respectively. The proposed algorithm is significant for improving the accuracy of NIDS.

• Journal of Korean Library and Information Science Society
• /
• v.44 no.4
• /
• pp.443-463
• /
• 2013

Korea Institute of Science and Technology Information(KISTI) provides domestic researchers with science and technology information through NDSL Information Document Service(NIDS) network to improve research productivity in Korea. University libraries and information centers of research institutes are playing a major role in the NIDS collaboration network. In this study, we examined the relationship among the participating organizations for document delivery service using the social network analysis(SNA) method. Centrality of each organization in the NIDS network was analyzed with the indexes such as degree centrality, closeness centrality, betweenness centrality, and eigenvector centrality. The research results show that KISTI, KAIST, POSTECH, and FRIC are located at the center of the NIDS network. Based on the research results, this paper suggests several directions for improvement of document delivery service.

• International journal of advanced smart convergence
• /
• v.11 no.4
• /
• pp.10-19
• /
• 2022

AI-based Network Intrusion Detection Systems (AI-NIDS) detect network attacks using machine learning and deep learning models. Recently, unsupervised AI-NIDS methods are getting more attention since there is no need for labeling, which is crucial for building practical NIDS systems. This paper aims to test the impact of designing autoencoder models that can be applied to unsupervised an AI-NIDS in real network systems. We collected security events of legacy network security system and carried out an experiment. We report the results and discuss the findings.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.2
• /
• pp.494-510
• /
• 2024

Internet users are exposed to sophisticated cyberattacks that intrusion detection systems have difficulty detecting. Therefore, research is increasing on intrusion detection methods that use artificial intelligence technology for detecting novel cyberattacks. Unsupervised learning-based methods are being researched that learn only from normal data and detect abnormal behaviors by finding patterns. This study developed an anomaly-detection method based on unsupervised machines and deep learning for a network intrusion detection system (NIDS). We present a hybrid anomaly detection approach based on unsupervised learning techniques using the autoencoder (AE), Isolation Forest (IF), and Local Outlier Factor (LOF) algorithms. An oversampling approach that increased the detection rate was also examined. A hybrid approach that combined deep learning algorithms and traditional machine learning algorithms was highly effective in setting the thresholds for anomalies without subjective human judgment. It achieved precision and recall rates respectively of 88.2% and 92.8% when combining two AEs, IF, and LOF while using an oversampling approach to learn more unknown normal data improved the detection accuracy. This approach achieved precision and recall rates respectively of 88.2% and 94.6%, further improving the detection accuracy compared with the hybrid method. Therefore, in NIDS the proposed approach provides high reliability for detecting cyberattacks.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.583-588
• /
• 2009

Network intrusion detection system (NIDS) monitors all incoming packets in the network and detects packets that are malicious to internal system. The NIDS should also have ability to update detection rules because new attack patterns are unpredictable. Incorporating FPGAs into the NIDS is one of the best solutions that can provide both high performance and high flexibility comparing with other approaches such as software solutions. In this paper we propose and design a novel approach, prefix sharing parallel pattern matcher, that can not only minimize additional resources but also maximize the processing performance. Experimental results showed that the throughput for 16-bit input is twice larger than for 8-bit input but the used LEs/Char in FPGA increases only 1.07 times.

• Journal of Korea Society of Industrial Information Systems
• /
• v.8 no.1
• /
• pp.75-82
• /
• 2003

Computer and network security has recently become a popular subject due to the explosive growth of the Internet Especially, attacks based on malformed packet are difficult to detect because these attacks use the skill of bypassing the intrusion detection system and Firewall. This paper designs and implements a network-based intrusion detection system (NIDS) which detects intrusions with malformed-packets in real-time. First, signatures, rules in NIDS like Snouts rule files, are classified using similar properties between signatures NIDS creates a rule tree applying hashing technique based on the classification. As a result the system can efficiently perform intrusion detection.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.53-59
• /
• 2003

정보통신 인프라의 발달과 인터넷을 통한 멀티미디어 서비스 및 대용량 데이터의 처리 증가는 조직의 네트워크 환경의 고속화를 가져왔다. 이러한 네트워크 환경의 변화는 조직으로 유입되는 비정상적인 행위/사건을 감시하는 네트워크 기반 침입탐지시스템(Network-based intrusion detection system, NIDS)의 필요조건의 변화를 동반한다. 즉, 기존 NIDS 연구는 비정상적인 행위/사건의 정확한 판단과 이에 대한 대응기술에 초점이 맞추어졌으나, 최근에는 이와 더불어 고속 네트워크 환경에서의 NIDS 성능저하를 최소화하기 위한 가용성 화보 기술에 대해 연구가 활발히 진행되고 있다. 따라서 본 논문에서는 고속 네트워크 환경에서 NIDS의 정상적인 운영을 위해 성능에 절대적인 영향을 미치는 요소를 결정하고, 각 요소별 효율적인 설계 원리를 제시한다.