• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.7
• /
• pp.773-778
• /
• 2014

IDS(Intrusion Detection System) can be used as a countermeasure for blackhole attacks which cause degrade of transmission performance by causing of malicious intrusion to routing function of networks. In this paper, effects of IDS for transmission performance based on mobility patterns is analyzed for MANET(Mobile Ad-hoc Networks), a suggestion for effective countermeasure is considered. Computer simulation based on NS-2 is used in performance analysis, VoIP(Voice over Internet Protocol) as an application service is chosen for performance measure. MOS(Mean Opinion Score), call connection ratio and end-to-end delay is used as performance parameter.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.1-7
• /
• 2020

With the increase in cyber attacks, automated IDS using machine learning is being studied. According to recent research, the IDS using the recursive learning model shows high detection performance. However, the simple application of the recursive model may be difficult to reflect the associated session characteristics, as the overlapping session environment may degrade the performance. In this paper, we designed the session management module and applied it to LSTM (Long Short-Term Memory) recursive model. For the experiment, the CSE-CIC-IDS 2018 dataset is used and increased the normal session ratio to reduce the association of mal-session. The results show that the proposed model is able to maintain high detection performance even in the environment where session relevance is difficult to find.

• Journal of the Korea Society for Simulation
• /
• v.21 no.4
• /
• pp.91-102
• /
• 2012

Network port scan attack is the method for finding ports opening in a local network. Most existing IDSs(intrusion detection system) record the number of packets sent to a system per unit time. If port scan count from a source IP address is higher than certain threshold, it is regarded as a port scan attack. The degree of risk about source IP address performing network port scan attack depends on attack count recorded by IDS. However, the measurement of risk based on the attack count may reduce port scan detection rates due to the increased false negative for slow port scan. This paper proposes a method of summarizing 4 types of information to differentiate network port scan attack more precisely and comprehensively. To integrate the riskiness, we present a risk index that quantifies the risk of port scan attack by using PCA. The proposed detection method using risk index shows superior performance than Snort for the detection of network port scan.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.8C
• /
• pp.748-757
• /
• 2002

Cyber-terror trials are increased in nowadays and these attacks are commonly using security vulnerability and information gathering method by variable services grew by the continuous development of Internet Technology. IDS's application environment is affected by this increasing Cyber Terror. General Network based IDS detects intrusion by signature based Intrusion Detection module about inflowing packet through network devices. Up to now security in network is commonly secure host, an regional issue adopted in special security system but these system is vulnerable intrusion about the attack in globally connected Internet systems. Security mechanism should be produced to expand the security in whole networks. In this paper, we analyzer the DARPA's program and study Infusion Detection related Technology. We design policy security framework for policy enforcing in whole network and look at the modules's function. Enforcement of security policy is acted by Intrusion Detection system on gateway system which is located in network packet's inflow point. Additional security policy is operated on-line. We can design and execute central security policy in managed domain in this method.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.12
• /
• pp.2287-2297
• /
• 2007

The proposed ANIDS(Advanced Network Intrusion Detection System) which is network-based IDS using Association Rule Mining, collects the packets on the network, analyze the associations of the packets, generates the pattern graph by using the highly associated packets using Association Rule Mining, and detects the intrusion by using the generated pattern graph. ANIDS consists of PMM(Packet Management Module) collecting and managing packets, PGGM(Pattern Graph Generate Module) generating pattern graphs, and IDM(Intrusion Detection Module) detecting intrusions. Specially, PGGM finds the candidate packets of Association Rule large than $Sup_{min}$ using Apriori algorithm, measures the Confidence of Association Rule, and generates pattern graph of association rules large than $Conf_{min}$. ANIDS reduces the false positive by using pattern graph even before finalizing the new pattern graph, the pattern graph which is being generated is compared with the existing one stored in DB. If they are the same, we can estimate it is an intrusion. Therefore, this paper can reduce the speed of intrusion detection and the false positive and increase the detection ratio of intrusion.

• Journal of Institute of Control, Robotics and Systems
• /
• v.9 no.4
• /
• pp.310-319
• /
• 2003

As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.2
• /
• pp.41-47
• /
• 2012

MANET has vulnerable structure on security owing to structural characteristics as follows. MANET consisted of moving nodes is that every nodes have to perform function of router. Every node has to provide reliable routing service in cooperation each other. These properties are caused by expose to various attacks. But, it is difficult that position of environment intrusion detection system is established, information is collected, and particularly attack is detected because of moving of nodes in MANET environment. It is not easy that important profile is constructed also. In this paper, conformal predictor - support vector machine(CP-SVM) based intrusion detection technique was proposed in order to do more accurate and efficient intrusion detection. In this study, IDS-agents calculate p value from collected packet and transmit to cluster head, and then other all cluster head have same value and detect abnormal behavior using the value. Cluster form of hierarchical structure was used to reduce consumption of nodes also. Effectiveness of proposed method was confirmed through experiment.

• International Journal of Contents
• /
• v.1 no.2
• /
• pp.22-25
• /
• 2005

Enterprise security management system: Enterprise Security Management (EMS) is centralized integrated management of other kind of security solutions such as intrusion cutoff system, intrusion detection system and virtual private network. With the system, it is possible to establish security policies for entire IT system through interlocking of solutions. A security system of company network is progressing as a ESM(Enterprise Security Management) in existing security solution foundation. The establishment of the security policy is occupying very important area in ESM of the security system. We tried to analyze existing ESM system for this and designed security solution structure for enhancing the inside security. We applied implementing directly IDS system and tested. This test set the focus about inside security

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1577-1580
• /
• 2005

With remarkable growth of using Internet, attempts to try intrusions on network are now increasing. Intrusion Detection System is a security system which detects and copes illegal intrusions. Especially with increasing dispersive attacks through network, concerns for this Distributed Intrusion Detection are also rising. The previous Intrusion Detection System has difficulty in coping cause it detects intrusions only on particular network and only same segment. About same attacks, system lacks capacity of combining information and related data. Also it lacks cooperations against intrusions. Systematic and general security controls can make it possible to detect intrusions and deal with intrusions and predict. This paper considers Distributed Intrusion Detection preventing attacks and suggests the way sending active packets between nodes safely and performing in corresponding active node certainly. This study suggested improved E-IDS system which prevents service attacks and also studied sending messages safely by encoding. Encoding decreases security attacks in active network. Also described effective ways of dealing intrusions when misuses happens thorough case study. Previous network nodes can't deal with hacking and misuses happened in the middle nodes at all, cause it just encodes ends. With above suggested ideas, problems caused by security services can be improved.

• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.43-53
• /
• 2007

Intrusion detection system(IDS) has recently evolved while combining signature-based detection approach with anomaly detection approach. Although signature-based IDS tools have been commonly used by utilizing machine learning algorithms, they only detect network intrusions with already known patterns, Ideal IDS tools should always keep the signature database of your detection system up-to-date. The system needs to generate the signatures to detect new possible attacks while monitoring and analyzing incoming network data. In this paper, we propose a new outlier cluster detection algorithm with density (or influence) function, Our method assumes that an outlier is a kind of cluster with similar instances instead of a single object in the context of network intrusion, Through extensive experiments using KDD 1999 Cup Intrusion Detection dataset. we show that the proposed method outperform the conventional outlier detection method using Euclidean distance function, specially when attacks occurs frequently.