• 제목/요약/키워드: Network intrusion detection systems

검색결과 227건 처리시간 0.026초

Using Machine Learning Techniques for Accurate Attack Detection in Intrusion Detection Systems using Cyber Threat Intelligence Feeds

  • Ehtsham Irshad;Abdul Basit Siddiqui
    • International Journal of Computer Science & Network Security
    • /
    • 제24권4호
    • /
    • pp.179-191
    • /
    • 2024
  • With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

블랙보드구조를 활용한 보안 모델의 연동 (Coordination among the Security Systems using the Blackboard Architecture)

  • 서희석;조대호
    • 제어로봇시스템학회논문지
    • /
    • 제9권4호
    • /
    • pp.310-319
    • /
    • 2003
  • As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.

Deep Packet Inspection for Intrusion Detection Systems: A Survey

  • AbuHmed, Tamer;Mohaisen, Abedelaziz;Nyang, Dae-Hun
    • 정보와 통신
    • /
    • 제24권11호
    • /
    • pp.25-36
    • /
    • 2007
  • Deep packet inspection is widely recognized as a powerful way which is used for intrusion detection systems for inspecting, deterring and deflecting malicious attacks over the network. Fundamentally, almost intrusion detection systems have the ability to search through packets and identify contents that match with known attach. In this paper we survey the deep packet inspection implementations techniques, research challenges and algorithm. Finally, we provide a comparison between the different applied system.

Policy-based Network Security with Multiple Agents (ICCAS 2003)

  • Seo, Hee-Suk;Lee, Won-Young;Yi, Mi-Ra
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 제어로봇시스템학회 2003년도 ICCAS
    • /
    • pp.1051-1055
    • /
    • 2003
  • Policies are collections of general principles specifying the desired behavior and state of a system. Network management is mainly carried out by following policies about the behavior of the resources in the network. Policy-based (PB) network management supports to manage distributed system in a flexible and dynamic way. This paper focuses on configuration management based on Internet Engineering Task Force (IETF) standards. Network security approaches include the usage of intrusion detection system to detect the intrusion, building firewall to protect the internal systems and network. This paper presents how the policy-based framework is collaborated among the network security systems (intrusion detection system, firewall) and intrusion detection systems are cooperated to detect the intrusions.

  • PDF

A new perspective towards the development of robust data-driven intrusion detection for industrial control systems

  • Ayodeji, Abiodun;Liu, Yong-kuo;Chao, Nan;Yang, Li-qun
    • Nuclear Engineering and Technology
    • /
    • 제52권12호
    • /
    • pp.2687-2698
    • /
    • 2020
  • Most of the machine learning-based intrusion detection tools developed for Industrial Control Systems (ICS) are trained on network packet captures, and they rely on monitoring network layer traffic alone for intrusion detection. This approach produces weak intrusion detection systems, as ICS cyber-attacks have a real and significant impact on the process variables. A limited number of researchers consider integrating process measurements. However, in complex systems, process variable changes could result from different combinations of abnormal occurrences. This paper examines recent advances in intrusion detection algorithms, their limitations, challenges and the status of their application in critical infrastructures. We also introduce the discussion on the similarities and conflicts observed in the development of machine learning tools and techniques for fault diagnosis and cybersecurity in the protection of complex systems and the need to establish a clear difference between them. As a case study, we discuss special characteristics in nuclear power control systems and the factors that constraint the direct integration of security algorithms. Moreover, we discuss data reliability issues and present references and direct URL to recent open-source data repositories to aid researchers in developing data-driven ICS intrusion detection systems.

인간 면역 체계를 이용한 네트워크 탐지기술 연구 (A Study on Network detection technique using Human Immune System)

  • 김정원;;정길호;최종욱
    • 한국데이타베이스학회:학술대회논문집
    • /
    • 한국데이타베이스학회 1999년도 춘계공동학술대회: 지식경영과 지식공학
    • /
    • pp.307-313
    • /
    • 1999
  • This paper reviews and assesses the analogy between the human immune system and network intrusion detection systems. The promising results from a growing number of proposed computer immune models for intrusion detection motivate this work. The paper begins by briefly introducing existing intrusion detection systems (IDS's). A set of general requirements for network-based IDS's and the design goals to satisfy these requirements are identified by a careful examination of the literature. An overview of the human immune system is presented and its salient features that can contribute to the design of competent network-based IDS's are analysed. The analysis shows that the coordinated actions of several sophisticated mechanisms of the human immune system satisfy all the identified design goals. Consequently, the paper concludes that the design of a novel network-based IDS based on the human immune system is promising for future network-based IDS's

  • PDF

인간 면역 체계를 이용한 네트워크 탐지기술 연구 (A Study on Network detection technique using Human Immune System)

  • 김정원;;정길호;최종욱
    • 한국지능정보시스템학회:학술대회논문집
    • /
    • 한국지능정보시스템학회 1999년도 춘계공동학술대회-지식경영과 지식공학
    • /
    • pp.307-313
    • /
    • 1999
  • This paper reviews and assesses the analogy between the human immune system and network intrusion detection systems. The promising results from a growing number of proposed computer immune models for intrusion detection motivate this work. The paper begins by briefly introducing existing intrusion detection systems (IDS's). A set of general requirements for network-based IDS's and the design goals to satisfy these requirements are identified by a careful examination of the literature. An overview of the human immune system is presented and its salient features that can contribute to the design of competent network-based IDS's are analysed. The analysis shows that the coordinated actions of several sophisticated mechanisms of the human immune system satisfy all the identified design goals. Consequently, the paper concludes that the design of a network-based IDS based on the human immune system is promising for future network-based IDS's

  • PDF

An Adaptive Probe Detection Model using Fuzzy Cognitive Maps

  • Lee, Se-Yul;Kim, Yong-Soo
    • 한국지능시스템학회:학술대회논문집
    • /
    • 한국퍼지및지능시스템학회 2003년도 ISIS 2003
    • /
    • pp.660-663
    • /
    • 2003
  • The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

  • PDF

하드웨어 기반의 침입탑지 시스템의 설계에 대한 분석 (Analyses of Design for Intrusion Detection System based on Hardware Architecture)

  • 김정태
    • 한국정보통신학회:학술대회논문집
    • /
    • 한국해양정보통신학회 2008년도 춘계종합학술대회 A
    • /
    • pp.666-669
    • /
    • 2008
  • A number of intrusion detection systems have been developed to detect intrusive activity on individual hosts and networks. The systems developed rely almost exclusively on a software approach to intrusion detection analysis and response. In addition, the network systems developed apply a centralized approach to the detection of intrusive activity. The problems introduced by this approach are twofold. First the centralization of these functions becomes untenable as the size of the network increases.

  • PDF

대규모 네트워크를 위한 통합 침입탐지시스템 설계 (The Design of Integrated Intrusion Detection System in Large Networks)

  • 정연서
    • 한국컴퓨터산업학회논문지
    • /
    • 제3권7호
    • /
    • pp.953-956
    • /
    • 2002
  • 인터넷 사용 증가로 인한 통신망에 대한 위협은 갈수록 증대되고 있다. 이에 대한 방안으로 많은 보안장비들이 개발되어 설치되고 있으며, 침입차단시스템에 이어 근래에는 침입탐지시스템에 대한 연구와 개발이 활성화되고 있다. 그러나, 네트워크의 규모가 커지고, 관리 대상 시스템의 수가 방대해짐에 따라 현재의 단일 네트워크 단위의 관리로는 해결이 어렵다. 본 논문에서는 IETF에서 진행되고 있는 PBNM(Policy-Based Network Management) 기술을 도입하여 대규모의 네트워크의 보안을 관리하기 위한 통합 침입탐지시스템(Integrated Intrusion Detection System:IIDS)을 설계한다. 통합 침입탐지시스템은 다수의 침입탐지 에이전트로 구성되어 있으며, 시스템의 요구사항과 기능별 요소들에 대하여 기술하고 있다.

  • PDF