• Title/Summary/Keyword: Network attack detection

Search Result 439, Processing Time 0.022 seconds

A Novel Framework for APT Attack Detection Based on Network Traffic

  • Vu Ngoc Son
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.1
    • /
    • pp.52-60
    • /
    • 2024
  • APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

A Study on Multi-level Attack Detection Technique based on Profile Table (프로파일 기반 다단계 공격 탐지 기법에 관한 연구)

  • Yang, Hwan Seok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.4
    • /
    • pp.89-96
    • /
    • 2014
  • MANET has been applied to a wide variety of areas because it has advantages which can build a network quickly in a difficult situation to build a network. However, it is become a victim of malicious nodes because of characteristics such as mobility of nodes consisting MANET, limited resources, and the wireless network. Therefore, it is required to lightweight attack detection technique which can accurately detect attack without causing a large burden to the mobile node. In this paper, we propose a multistage attack detection techniques that attack detection takes place in routing phase and data transfer phase in order to increase the accuracy of attack detection. The proposed attack detection technique is composed of four modules at each stage in order to perform accurate attack detection. Flooding attack and packet discard or modify attacks is detected in the routing phase, and whether the attack by modification of data is detected in the data transfer phase. We assume that nodes have a public key and a private key in pairs in this paper.

Intrusion Detection System for In-Vehicle Network to Improve Detection Performance Considering Attack Counts and Attack Types (공격 횟수와 공격 유형을 고려하여 탐지 성능을 개선한 차량 내 네트워크의 침입 탐지 시스템)

  • Hyunchul, Im;Donghyeon, Lee;Seongsoo, Lee
    • Journal of IKEEE
    • /
    • v.26 no.4
    • /
    • pp.622-627
    • /
    • 2022
  • This paper proposes an intrusion detection system for in-vehicle network to improve detection performance considering attack counts and attack types. In intrusion detection system, both FNR (False Negative Rate), where intrusion frame is misjudged as normal frame, and FPR (False Positive Rate), where normal frame is misjudged as intrusion frame, seriously affect vechicle safety. This paper proposes a novel intrusion detection algorithm to improve both FNR and FPR, where data frame previously detected as intrusion above certain attack counts is automatically detected as intrusion and the automatic intrusion detection method is adaptively applied according to attack types. From the simulation results, the propsoed method effectively improve both FNR and FPR in DoS(Denial of Service) attack and spoofing attack.

Fast Detection of Distributed Global Scale Network Attack Symptoms and Patterns in High-speed Backbone Networks

  • Kim, Sun-Ho;Roh, Byeong-Hee
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.2 no.3
    • /
    • pp.135-149
    • /
    • 2008
  • Traditional attack detection schemes based on packets or flows have very high computational complexity. And, network based anomaly detection schemes can reduce the complexity, but they have a limitation to figure out the pattern of the distributed global scale network attack. In this paper, we propose an efficient and fast method for detecting distributed global-scale network attack symptoms in high-speed backbone networks. The proposed method is implemented at the aggregate traffic level. So, our proposed scheme has much lower computational complexity, and is implemented in very high-speed backbone networks. In addition, the proposed method can detect attack patterns, such as attacks in which the target is a certain host or the backbone infrastructure itself, via collaboration of edge routers on the backbone network. The effectiveness of the proposed method are demonstrated via simulation.

A Study on Attack Detection using Hierarchy Architecture in Mobile Ad Hoc Network (MANET에서 계층 구조를 이용한 공격 탐지 기법 연구)

  • Yang, Hwan Seok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.2
    • /
    • pp.75-82
    • /
    • 2014
  • MANET has various types of attacks. In particular, routing attacks using characteristics of movement of nodes and wireless communication is the most threatening because all nodes which configure network perform a function of router which forwards packets. Therefore, mechanisms that detect routing attacks and defense must be applied. In this paper, we proposed hierarchical structure attack detection techniques in order to improve the detection ability against routing attacks. Black hole detection is performed using PIT for monitoring about control packets within cluster and packet information management on the cluster head. Flooding attack prevention is performed using cooperation-based distributed detection technique by member nodes. For this, member node uses NTT for information management of neighbor nodes and threshold whether attack or not receives from cluster head. The performance of attack detection could be further improved by calculating at regular intervals threshold considering the total traffic within cluster in the cluster head.

A Study on Intrusion Detection of ARP Poisoning Attack on Wireless LAN

  • Ham Young Hwan;Lee Sok Joon;Chung Byung Ho;Chung Kyoll;Chung Jin Wook
    • Proceedings of the IEEK Conference
    • /
    • 2004.08c
    • /
    • pp.540-543
    • /
    • 2004
  • Address Resolution Protocol (ARP) cache poisoning is a MAC layer attack that can only be carried out when an attacker is connected to the same local network as the target machines. ARP is not a new problem, but wireless network introduces a new attack point and more vulnerable to the attack. The attack on wireless network cannot be detected by current detection tool installed on wired network. In order to detect the ARP poisoning attack, there must be a ARP poisoning detection tool for wireless LAN environment. This paper proposes linux-based ARP poisoning detection system equipped with wireless LAN card and Host AP device driver

  • PDF

An Adaptive Probe Detection Model using Fuzzy Cognitive Maps

  • Lee, Se-Yul;Kim, Yong-Soo
    • Proceedings of the Korean Institute of Intelligent Systems Conference
    • /
    • 2003.09a
    • /
    • pp.660-663
    • /
    • 2003
  • The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

  • PDF

The Study of Hierarchical Intrusion Detection Based on Rules for MANET (MANET에서 규칙을 기반으로 한 계층형 침입 탐지에 관한 연구)

  • Jung, Hye Won
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.4
    • /
    • pp.153-160
    • /
    • 2010
  • MANET composed mobile nodes without central concentration control like base station communicate through multi-hop route among nodes. Accordingly, it is hard to maintain stability of network because topology of network change at any time owing to movement of mobile nodes. MANET has security problems because of node mobility and needs intrusion detection system that can detect attack of malicious nodes. Therefore, system is protected from malicious attack of intruder in this environment and it has to correspond to attack immediately. In this paper, we propose intrusion detection system based on rules in order to more accurate intrusion detection. Cluster head perform role of monitor node to raise monitor efficiency of packet. In order to evaluate performance of proposed method, we used jamming attack, selective forwarding attack, repetition attack.

Using Machine Learning Techniques for Accurate Attack Detection in Intrusion Detection Systems using Cyber Threat Intelligence Feeds

  • Ehtsham Irshad;Abdul Basit Siddiqui
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.4
    • /
    • pp.179-191
    • /
    • 2024
  • With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System (SNMP 기반의 실시간 트래픽 폭주 공격 탐지 시스템 설계 및 구현)

  • Park, Jun-Sang;Kim, Sung-Yun;Park, Dai-Hee;Choi, Mi-Jung;Kim, Myung-Sup
    • The KIPS Transactions:PartC
    • /
    • v.16C no.1
    • /
    • pp.13-20
    • /
    • 2009
  • Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.