• Title/Summary/Keyword: Network intrusion detection systems

Search Result 227, Processing Time 0.022 seconds

Design of a Coordinator-based Intrusion Detection System in Ubiquitous Sensor Network Environment (USN환경에서 코디네이터 기반의 침입탐지시스템 설계)

  • Kim, Hwang-Rae;Kang, Yeon-I
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.11 no.3
    • /
    • pp.984-990
    • /
    • 2010
  • Zigbee sensor network technology to build a ubiquitous environment has an important role. However, Zigbee technology, sensing environmental information within the local area to deliver the information because it was designed for the purpose of simple tasks, Attack by a variety of technologies that could potentially compromise the network is very high. To solve this problems, many defense mechanisms are presented in a lot of papers. But, to attack the existing Zigbee various response measures for the implementation of the functionality of the sensor nodes very heavy and high expensive problem. To resolve this problems, with superior computing power Zigbee network coordinator to install, based coordinator to intrusion detection systems is proposed. Coordinator-based IDS(Intrusion Detection System) of the Zigbee network is detected attack, and present a new approach to resolve, possible applications in various fields, so in real life Zigbee technology is expected to contribute to graft.

A New Association Rule Mining based on Coverage and Exclusion for Network Intrusion Detection (네트워크 침입 탐지를 위한 Coverage와 Exclusion 기반의 새로운 연관 규칙 마이닝)

  • Tae Yeon Kim;KyungHyun Han;Seong Oun Hwang
    • Journal of Internet of Things and Convergence
    • /
    • v.9 no.1
    • /
    • pp.77-87
    • /
    • 2023
  • Applying various association rule mining algorithms to the network intrusion detection task involves two critical issues: too large size of generated rule set which is hard to be utilized for IoT systems and hardness of control of false negative/positive rates. In this research, we propose an association rule mining algorithm based on the newly defined measures called coverage and exclusion. Coverage shows how frequently a pattern is discovered among the transactions of a class and exclusion does how frequently a pattern is not discovered in the transactions of the other classes. We compare our algorithm experimentally with the Apriori algorithm which is the most famous algorithm using the public dataset called KDDcup99. Compared to Apriori, the proposed algorithm reduces the resulting rule set size by up to 93.2 percent while keeping accuracy completely. The proposed algorithm also controls perfectly the false negative/positive rates of the generated rules by parameters. Therefore, network analysts can effectively apply the proposed association rule mining to the network intrusion detection task by solving two issues.

An Efficient Intrusion Detection System (IDS) Node Selection for Congested Systems in Wireless Mesh Networks

  • Choe, Jae-Un;Kim, Gi-Seong;Kim, Se-Heon
    • Proceedings of the Korean Operations and Management Science Society Conference
    • /
    • 2008.10a
    • /
    • pp.525-528
    • /
    • 2008
  • We propose a IDS node selection scheme for intrusion detection in wireless mesh networks. The proposed scheme considers network survivability and energy consumption. To utilize wireless resources efficiently, we apply a set covering problem (SCP) to IDS nodes selection problem. Our proposed scheme also considers congested networks.

  • PDF

Integrated Security Management Framework for Secure Networking

  • Jo, Su-Hyung;Kim, Jeong-Nyeo;Sohn, Sung-Won
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2003.10a
    • /
    • pp.2174-2177
    • /
    • 2003
  • Internet is exposed to network attacks as Internet has a security weakness. Network attacks which are virus, system intrusion, and deny of service, put Internet in the risk of hacking, so the damage of public organization and banking facilities are more increased. So, it is necessary that the security technologies about intrusion detection and controlling attacks minimize the damage of hacking. Router is the network device of managing traffic between Internets or Intranets. The damage of router attack causes the problem of the entire network. The security technology about router is necessary to defend Internet against network attacks. Router has the need of access control and security skills that prevent from illegal attacks. We developed integrated security management framework for secure networking and kernel-level security engine that filters the network packets, detects the network intrusion, and reports the network intrusion. The security engine on the router protects router or gateway from the network attacks and provides secure networking environments. It manages the network with security policy and handles the network attacks dynamically.

  • PDF

DIntrusion Detection in WSN with an Improved NSA Based on the DE-CMOP

  • Guo, Weipeng;Chen, Yonghong;Cai, Yiqiao;Wang, Tian;Tian, Hui
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.11
    • /
    • pp.5574-5591
    • /
    • 2017
  • Inspired by the idea of Artificial Immune System, many researches of wireless sensor network (WSN) intrusion detection is based on the artificial intelligent system (AIS). However, a large number of generated detectors, black hole, overlap problem of NSA have impeded further used in WSN. In order to improve the anomaly detection performance for WSN, detector generation mechanism need to be improved. Therefore, in this paper, a Differential Evolution Constraint Multi-objective Optimization Problem based Negative Selection Algorithm (DE-CMOP based NSA) is proposed to optimize the distribution and effectiveness of the detector. By combining the constraint handling and multi-objective optimization technique, the algorithm is able to generate the detector set with maximized coverage of non-self space and minimized overlap among detectors. By employing differential evolution, the algorithm can reduce the black hole effectively. The experiment results show that our proposed scheme provides improved NSA algorithm in-terms, the detectors generated by the DE-CMOP based NSA more uniform with less overlap and minimum black hole, thus effectively improves the intrusion detection performance. At the same time, the new algorithm reduces the number of detectors which reduces the complexity of detection phase. Thus, this makes it suitable for intrusion detection in WSN.

Communication Models and Performance Evaluation for the Delivery of Data and Policy in a Hybrid-Type Intrusion Detection System (혼합형 침입 탐지 시스템에서 데이터 및 정책 전달 통신 모델과 성능 평가)

  • Jang, Jung-Sook;Jeon, Yong-Hee;Jang, Jong-Soo;Sohn, Seung-Won
    • The KIPS Transactions:PartC
    • /
    • v.10C no.6
    • /
    • pp.727-738
    • /
    • 2003
  • Much research efforts are being exerted for the study of intrusion detection system(IDS). However little work has been for the communication medels and performance eveluation of the IDS. Here we present a communication framework for doing hybrid intrusion detection in which agents are used for local intrusion detections with a centralized data anaysis componenta for a global intrusion detection at multiple domains environment. We also assume the combination of host-based and network-based intrusion detection systems in the oberall framework. From the local domain, a set of information such as alert, and / or log data are reported to the upper level. At the root of the hierarchy, there is a global manager where data coalescing is performed. The global manager delivers a security policy to its lower levels as the result of aggregation and correlation of intrusion detection alerts. In this paper, we model the communication mechanisms for the hybrid IDS and develop a simular using OPNET modeller for the performance evaluation of transmission capabillities for the delivery of data and policy. We present and compare simulation results based on several scenarios focuding on communication delay.

A Solution for Timing Gap Problems on Network Intrusion Detection Systems (네트워크 침입 탐지 시스템에서의 시차 문제 해결 방안)

  • 차현철
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.6 no.1
    • /
    • pp.1-6
    • /
    • 2001
  • This paper proposes a method to reduce the timing gap which causes a type of attack to a network-based intrusion detection system. For this, an intrusion defection system is used in order to measure the round trip tin to the destination system, and the measured round trip time is used for estimation of packet's real arrival time to destination. Socket programings are used on the LAN environments to evaluate the performance of the proposed method. The test results show that an estimation method which uses the latest round trip time has the best performance, and the timing gap can be significantly reduced with small overheads.

  • PDF

A Hybrid PSO-BPSO Based Kernel Extreme Learning Machine Model for Intrusion Detection

  • Shen, Yanping;Zheng, Kangfeng;Wu, Chunhua
    • Journal of Information Processing Systems
    • /
    • v.18 no.1
    • /
    • pp.146-158
    • /
    • 2022
  • With the success of the digital economy and the rapid development of its technology, network security has received increasing attention. Intrusion detection technology has always been a focus and hotspot of research. A hybrid model that combines particle swarm optimization (PSO) and kernel extreme learning machine (KELM) is presented in this work. Continuous-valued PSO and binary PSO (BPSO) are adopted together to determine the parameter combination and the feature subset. A fitness function based on the detection rate and the number of selected features is proposed. The results show that the method can simultaneously determine the parameter values and select features. Furthermore, competitive or better accuracy can be obtained using approximately one quarter of the raw input features. Experiments proved that our method is slightly better than the genetic algorithm-based KELM model.

A Policy-based Secure Framework for Constructing Secure Networking (안전한 네트워크 구성을 위한 정책기반 보안 프레임워크)

  • 박상길;장종수;손승원;노봉남
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.27 no.8C
    • /
    • pp.748-757
    • /
    • 2002
  • Cyber-terror trials are increased in nowadays and these attacks are commonly using security vulnerability and information gathering method by variable services grew by the continuous development of Internet Technology. IDS's application environment is affected by this increasing Cyber Terror. General Network based IDS detects intrusion by signature based Intrusion Detection module about inflowing packet through network devices. Up to now security in network is commonly secure host, an regional issue adopted in special security system but these system is vulnerable intrusion about the attack in globally connected Internet systems. Security mechanism should be produced to expand the security in whole networks. In this paper, we analyzer the DARPA's program and study Infusion Detection related Technology. We design policy security framework for policy enforcing in whole network and look at the modules's function. Enforcement of security policy is acted by Intrusion Detection system on gateway system which is located in network packet's inflow point. Additional security policy is operated on-line. We can design and execute central security policy in managed domain in this method.

Intelligent Intrusion Detection and Prevention System using Smart Multi-instance Multi-label Learning Protocol for Tactical Mobile Adhoc Networks

  • Roopa, M.;Raja, S. Selvakumar
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.6
    • /
    • pp.2895-2921
    • /
    • 2018
  • Security has become one of the major concerns in mobile adhoc networks (MANETs). Data and voice communication amongst roaming battlefield entities (such as platoon of soldiers, inter-battlefield tanks and military aircrafts) served by MANETs throw several challenges. It requires complex securing strategy to address threats such as unauthorized network access, man in the middle attacks, denial of service etc., to provide highly reliable communication amongst the nodes. Intrusion Detection and Prevention System (IDPS) undoubtedly is a crucial ingredient to address these threats. IDPS in MANET is managed by Command Control Communication and Intelligence (C3I) system. It consists of networked computers in the tactical battle area that facilitates comprehensive situation awareness by the commanders for timely and optimum decision-making. Key issue in such IDPS mechanism is lack of Smart Learning Engine. We propose a novel behavioral based "Smart Multi-Instance Multi-Label Intrusion Detection and Prevention System (MIML-IDPS)" that follows a distributed and centralized architecture to support a Robust C3I System. This protocol is deployed in a virtually clustered non-uniform network topology with dynamic election of several virtual head nodes acting as a client Intrusion Detection agent connected to a centralized server IDPS located at Command and Control Center. Distributed virtual client nodes serve as the intelligent decision processing unit and centralized IDPS server act as a Smart MIML decision making unit. Simulation and experimental analysis shows the proposed protocol exhibits computational intelligence with counter attacks, efficient memory utilization, classification accuracy and decision convergence in securing C3I System in a Tactical Battlefield environment.