• Title/Summary/Keyword: Network intrusion detection systems

Search Result 227, Processing Time 0.022 seconds

Distributed Federated Learning-based Intrusion Detection System for Industrial IoT Networks (산업 IoT 전용 분산 연합 학습 기반 침입 탐지 시스템)

  • Md Mamunur Rashid;Piljoo Choi;Suk-Hwan Lee;Ki-Ryong Kwon
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2023.11a
    • /
    • pp.151-153
    • /
    • 2023
  • Federated learning (FL)-based network intrusion detection techniques have enormous potential for securing the Industrial Internet of Things (IIoT) cybersecurity. The openness and connection of systems in smart industrial facilities can be targeted and manipulated by malicious actors, which emphasizes the significance of cybersecurity. The conventional centralized technique's drawbacks, including excessive latency, a congested network, and privacy leaks, are all addressed by the FL method. In addition, the rich data enables the training of models while combining private data from numerous participants. This research aims to create an FL-based architecture to improve cybersecurity and intrusion detection in IoT networks. In order to assess the effectiveness of the suggested approach, we have utilized well-known cybersecurity datasets along with centralized and federated machine learning models.

A Development of Intrusion Detection and Protection System using Netfilter Framework (넷필터 프레임워크를 이용한 침입 탐지 및 차단 시스템 개발)

  • Baek, Seoung-Yub;Lee, Geun-Ho;Lee, Geuk
    • Convergence Security Journal
    • /
    • v.5 no.3
    • /
    • pp.33-41
    • /
    • 2005
  • Information can be leaked, changed, damaged and illegally used regardless of the intension of the information owner. Intrusion Detection Systems and Firewalls are used to protect the illegal accesses in the network. But these are the passive protection method, not the active protection method. They only react based on the predefined protection rules or only report to the administrator. In this paper, we develop the intrusion detection and protection system using Netfilter framework. The system makes the administrator's management easy and simple. Furthermore, it offers active protection mechanism against the intrusions.

  • PDF

An Architecture Design of Distributed Internet Worm Detection System for Fast Response

  • Lim, Jung-Muk;Han, Young-Ju;Chung, Tai-Myoung
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • 2005.11a
    • /
    • pp.161-164
    • /
    • 2005
  • As the power of influence of the Internet grows steadily, attacks against the Internet can cause enormous monetary damages nowadays. A worm can not only replicate itself like a virus but also propagate itself across the Internet. So it infects vulnerable hosts in the Internet and then downgrades the overall performance of the Internet or makes the Internet not to work. To response this, worm detection and prevention technologies are developed. The worm detection technologies are classified into two categories, host based detection and network based detection. Host based detection methods are a method which checks the files that worms make, a method which checks the integrity of the file systems and so on. Network based detection methods are a misuse detection method which compares traffic payloads with worm signatures and anomaly detection methods which check inbound/outbound scan rates, ICMP host/port unreachable message rates, and TCP RST packet rates. However, single detection methods like the aforementioned can't response worms' attacks effectively because worms attack the Internet in the distributed fashion. In this paper, we propose a design of distributed worm detection system to overcome the inefficiency. Existing distributed network intrusion detection systems cooperate with each other only with their own information. Unlike this, in our proposed system, a worm detection system on a network in which worms select targets and a worm detection system on a network in which worms propagate themselves cooperate with each other with the direction-aware information in terms of worm's lifecycle. The direction-aware information includes the moving direction of worms and the service port attacked by worms. In this way, we can not only reduce false positive rate of the system but also prevent worms from propagating themselves across the Internet through dispersing the confirmed worm signature.

  • PDF

IKPCA-ELM-based Intrusion Detection Method

  • Wang, Hui;Wang, Chengjie;Shen, Zihao;Lin, Dengwei
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.7
    • /
    • pp.3076-3092
    • /
    • 2020
  • An IKPCA-ELM-based intrusion detection method is developed to address the problem of the low accuracy and slow speed of intrusion detection caused by redundancies and high dimensions of data in the network. First, in order to reduce the effects of uneven sample distribution and sample attribute differences on the extraction of KPCA features, the sample attribute mean and mean square error are introduced into the Gaussian radial basis function and polynomial kernel function respectively, and the two improved kernel functions are combined to construct a hybrid kernel function. Second, an improved particle swarm optimization (IPSO) algorithm is proposed to determine the optimal hybrid kernel function for improved kernel principal component analysis (IKPCA). Finally, IKPCA is conducted to complete feature extraction, and an extreme learning machine (ELM) is applied to classify common attack type detection. The experimental results demonstrate the effectiveness of the constructed hybrid kernel function. Compared with other intrusion detection methods, IKPCA-ELM not only ensures high accuracy rates, but also reduces the detection time and false alarm rate, especially reducing the false alarm rate of small sample attacks.

Sequential Pattern Mining for Intrusion Detection System with Feature Selection on Big Data

  • Fidalcastro, A;Baburaj, E
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.10
    • /
    • pp.5023-5038
    • /
    • 2017
  • Big data is an emerging technology which deals with wide range of data sets with sizes beyond the ability to work with software tools which is commonly used for processing of data. When we consider a huge network, we have to process a large amount of network information generated, which consists of both normal and abnormal activity logs in large volume of multi-dimensional data. Intrusion Detection System (IDS) is required to monitor the network and to detect the malicious nodes and activities in the network. Massive amount of data makes it difficult to detect threats and attacks. Sequential Pattern mining may be used to identify the patterns of malicious activities which have been an emerging popular trend due to the consideration of quantities, profits and time orders of item. Here we propose a sequential pattern mining algorithm with fuzzy logic feature selection and fuzzy weighted support for huge volumes of network logs to be implemented in Apache Hadoop YARN, which solves the problem of speed and time constraints. Fuzzy logic feature selection selects important features from the feature set. Fuzzy weighted supports provide weights to the inputs and avoid multiple scans. In our simulation we use the attack log from NS-2 MANET environment and compare the proposed algorithm with the state-of-the-art sequential Pattern Mining algorithm, SPADE and Support Vector Machine with Hadoop environment.

A Study on Intrusion Detection Techniques using Risk Level Analysis of Smart Home's Intrusion Traffic (스마트 홈의 위험수준별 침입 트래픽 분석을 사용한 침입대응 기법에 대한 연구)

  • Kang, Yeon-I;Kim, Hwang-Rae
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.7
    • /
    • pp.3191-3196
    • /
    • 2011
  • Smart home system are being installed in the most new construction of building for the convenience of living life. As smart home systems are becoming more common and their diffusion rates are faster, hacker's attack for the smart home system will be increased. In this paper, Risk level of smart home's to do respond to intrusion that occurred from the wired network and wireless network intrusion cases and attacks can occur in a virtual situation created scenarios to build a database. This is based on the smart home users vulnerable to security to know finding illegal intrusion traffic in real-time and attack prevent was designed the intrusion detection algorithm.

An Effective Anomaly Detection Approach based on Hybrid Unsupervised Learning Technologies in NIDS

  • Kangseok Kim
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.18 no.2
    • /
    • pp.494-510
    • /
    • 2024
  • Internet users are exposed to sophisticated cyberattacks that intrusion detection systems have difficulty detecting. Therefore, research is increasing on intrusion detection methods that use artificial intelligence technology for detecting novel cyberattacks. Unsupervised learning-based methods are being researched that learn only from normal data and detect abnormal behaviors by finding patterns. This study developed an anomaly-detection method based on unsupervised machines and deep learning for a network intrusion detection system (NIDS). We present a hybrid anomaly detection approach based on unsupervised learning techniques using the autoencoder (AE), Isolation Forest (IF), and Local Outlier Factor (LOF) algorithms. An oversampling approach that increased the detection rate was also examined. A hybrid approach that combined deep learning algorithms and traditional machine learning algorithms was highly effective in setting the thresholds for anomalies without subjective human judgment. It achieved precision and recall rates respectively of 88.2% and 92.8% when combining two AEs, IF, and LOF while using an oversampling approach to learn more unknown normal data improved the detection accuracy. This approach achieved precision and recall rates respectively of 88.2% and 94.6%, further improving the detection accuracy compared with the hybrid method. Therefore, in NIDS the proposed approach provides high reliability for detecting cyberattacks.

An Interactive Multi-Factor User Authentication Framework in Cloud Computing

  • Elsayed Mostafa;M.M. Hassan;Wael Said
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.8
    • /
    • pp.63-76
    • /
    • 2023
  • Identity and access management in cloud computing is one of the leading significant issues that require various security countermeasures to preserve user privacy. An authentication mechanism is a leading solution to authenticate and verify the identities of cloud users while accessing cloud applications. Building a secured and flexible authentication mechanism in a cloud computing platform is challenging. Authentication techniques can be combined with other security techniques such as intrusion detection systems to maintain a verifiable layer of security. In this paper, we provide an interactive, flexible, and reliable multi-factor authentication mechanisms that are primarily based on a proposed Authentication Method Selector (AMS) technique. The basic idea of AMS is to rely on the user's previous authentication information and user behavior which can be embedded with additional authentication methods according to the organization's requirements. In AMS, the administrator has the ability to add the appropriate authentication method based on the requirements of the organization. Based on these requirements, the administrator will activate and initialize the authentication method that has been added to the authentication pool. An intrusion detection component has been added to apply the users' location and users' default web browser feature. The AMS and intrusion detection components provide a security enhancement to increase the accuracy and efficiency of cloud user identity verification.

Intrusion Detection on IoT Services using Event Network Correlation (이벤트 네트워크 상관분석을 이용한 IoT 서비스에서의 침입탐지)

  • Park, Boseok;Kim, Sangwook
    • Journal of Korea Multimedia Society
    • /
    • v.23 no.1
    • /
    • pp.24-30
    • /
    • 2020
  • As the number of internet-connected appliances and the variety of IoT services are rapidly increasing, it is hard to protect IT assets with traditional network security techniques. Most traditional network log analysis systems use rule based mechanisms to reduce the raw logs. But using predefined rules can't detect new attack patterns. So, there is a need for a mechanism to reduce congested raw logs and detect new attack patterns. This paper suggests enterprise security management for IoT services using graph and network measures. We model an event network based on a graph of interconnected logs between network devices and IoT gateways. And we suggest a network clustering algorithm that estimates the attack probability of log clusters and detects new attack patterns.

PUM: Processing Unit Module Design of Intrusion Detector for Large Scale Network (대규모 네트워크를 위한 침입 탐지결정모듈 설계)

  • 최인수;차홍준
    • Journal of the Korea Society of Computer and Information
    • /
    • v.7 no.2
    • /
    • pp.53-58
    • /
    • 2002
  • the popularity of uses for internet has been needed to information security. thereforce, intrusion, information leakage and modification, change or intentional efflux to computer system aspects of information security have been resulted in requirement of intrusion detection from outer at user authentication. this problem Presents design of PUM(Processing Unit Module) which analyze both the host log generated by sever host systems that various case for intellectualized intrusion method and network_packet on networks in large scale network.

  • PDF