• International Journal of Computer Science & Network Security
• /
• 제24권1호
• /
• pp.107-118
• /
• 2024

With the seamless growth of the technology, network usage requirements are expanding day by day. The majority of electronic devices are capable of communication, which strongly requires a secure and reliable network. Network-based intrusion detection systems (NIDS) is a new method for preventing and alerting computers and networks from attacks. Machine Learning is an emerging field that provides a variety of ways to implement effective network intrusion detection systems (NIDS). Bagging and Boosting are two ensemble ML techniques, renowned for better performance in the learning and classification process. In this paper, the study provides a detailed literature review of the past work done and proposed a novel ensemble approach to develop a NIDS system based on the voting method using bagging and boosting ensemble techniques. The test results demonstrate that the ensemble of bagging and boosting through voting exhibits the highest classification accuracy of 99.98% and a minimum false positive rate (FPR) on both datasets. Although the model building time is average which can be a tradeoff by processor speed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권10호
• /
• pp.5159-5178
• /
• 2018

Network Intrusion detection is a rapidly growing field of information security due to its importance for modern IT infrastructure. Many supervised and unsupervised learning techniques have been devised by researchers from discipline of machine learning and data mining to achieve reliable detection of anomalies. In this paper, a deep convolutional neural network (DCNN) based intrusion detection system (IDS) is proposed, implemented and analyzed. Deep CNN core of proposed IDS is fine-tuned using Randomized search over configuration space. Proposed system is trained and tested on NSLKDD training and testing datasets using GPU. Performance comparisons of proposed DCNN model are provided with other classifiers using well-known metrics including Receiver operating characteristics (RoC) curve, Area under RoC curve (AuC), accuracy, precision-recall curve and mean average precision (mAP). The experimental results of proposed DCNN based IDS shows promising results for real world application in anomaly detection systems.

• 스마트미디어저널
• /
• 제8권3호
• /
• pp.17-22
• /
• 2019

Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires considerable knowledge of various fields. Attackers may modify previous attempts to escape intrusion detection rules. In this paper, we deal with the problem of detecting modified attacks based on previous intrusion detection rules. We show a simple method of reporting approximate occurrences of at least one of the network intrusion detection rules, based on q-grams and the longest increasing subsequences. Experimental results showed that our approach could detect modified attacks, modeled with edit operations.

• International Journal of Computer Science & Network Security
• /
• 제24권5호
• /
• pp.111-118
• /
• 2024

In general network-based intrusion detection system is designed to detect malicious behavior directed at a network or its resources. The key goal of this paper is to look at network data and identify whether it is normal traffic data or anomaly traffic data specifically for accounting information systems. In today's world, there are a variety of principles for detecting various forms of network-based intrusion. In this paper, we are using supervised machine learning techniques. Classification models are used to train and validate data. Using these algorithms we are training the system using a training dataset then we use this trained system to detect intrusion from the testing dataset. In our proposed method, we will detect whether the network data is normal or an anomaly. Using this method we can avoid unauthorized activity on the network and systems under that network. The Decision Tree and K-Nearest Neighbor are applied to the proposed model to classify abnormal to normal behaviors of network traffic data. In addition to that, Logistic Regression Classifier and Support Vector Classification algorithms are used in our model to support proposed concepts. Furthermore, a feature selection method is used to collect valuable information from the dataset to enhance the efficiency of the proposed approach. Random Forest machine learning algorithm is used, which assists the system to identify crucial aspects and focus on them rather than all the features them. The experimental findings revealed that the suggested method for network intrusion detection has a neglected false alarm rate, with the accuracy of the result expected to be between 95% and 100%. As a result of the high precision rate, this concept can be used to detect network data intrusion and prevent vulnerabilities on the network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권8호
• /
• pp.4021-4037
• /
• 2018

In network intrusion detection research, two characteristics are generally considered vital to building efficient intrusion detection systems (IDSs): an optimal feature selection technique and robust classification schemes. However, the emergence of sophisticated network attacks and the advent of big data concepts in intrusion detection domains require two more significant aspects to be addressed: employing an appropriate big data computing framework and utilizing a contemporary dataset to deal with ongoing advancements. As such, we present a comprehensive approach to building an efficient IDS with the aim of strengthening academic anomaly detection research in real-world operational environments. The proposed system has the following four characteristics: (i) it performs optimal feature selection using information gain and branch-and-bound algorithms; (ii) it employs machine learning techniques for classification, namely, Logistic Regression, Naïve Bayes, and Random Forest; (iii) it introduces bulk synchronous parallel processing to handle the computational requirements of large-scale networks; and (iv) it utilizes a real-time contemporary dataset generated by the Information Security Centre of Excellence at the University of Brunswick (ISCX-UNB) to validate its efficacy. Experimental analysis shows the effectiveness of the proposed framework, which is able to achieve high accuracy, low computational cost, and reduced false alarms.

• International Journal of Computer Science & Network Security
• /
• 제22권4호
• /
• pp.374-386
• /
• 2022

Nowadays, research in deep learning leveraged automated computing and networking paradigm evidenced rapid contributions in terms of Software Defined Networking (SDN) and its diverse security applications while handling cybercrimes. SDN plays a vital role in sniffing information related to network usage in large-scale data centers that simultaneously support an improved algorithm design for automated detection of network intrusions. Despite its security protocols, SDN is considered contradictory towards DDoS attacks (Distributed Denial of Service). Several research studies developed machine learning-based network intrusion detection systems addressing detection and mitigation of DDoS attacks in SDN-based networks due to dynamic changes in various features and behavioral patterns. Addressing this problem, this research study focuses on effectively designing a multistage hybrid and intelligent deep learning classifier based on modified deep forest classification to detect DDoS attacks in SDN networks. Experimental results depict that the performance accuracy of the proposed classifier is improved when evaluated with standard parameters.

• 지능정보연구
• /
• 제18권1호
• /
• pp.125-141
• /
• 2012

본 연구는 최근 그 중요성이 한층 높아지고 있는 침입탐지시스템(IDS, Intrusion Detection System)의 침입탐지모형을 개선하기 위한 방안으로 유전자 알고리즘에 기반한 새로운 통합모형을 제시한다. 본 연구의 제안모형은 서로 상호보완적 관계에 있는 이분류 모형인 로지스틱 회귀분석(LOGIT, Logistic Regression), 의사결정나무(DT, Decision Tree), 인공신경망 (ANN, Artificial Neural Network), 그리고 SVM(Support Vector Machine)의 예측결과에 적절한 가중치를 부여해 최종 예측결과를 산출하도록 하였는데, 이 때 최적 가중치의 탐색을 위한 방법으로는 유전자 알고리즘을 사용한다. 아울러, 본 연구에서는 1차적으로 오탐지율을 최소화하는 최적의 모형을 산출한 뒤, 이어 비대칭 오류비용 개념을 반영해 오탐지로 인해 발생할 수 있는 전체 비용을 최소화할 수 있는 최적 임계치를 탐색, 최종적으로 가장 비용 효율적인 침입탐지모형을 도출하고자 하였다. 본 연구에서는 제안모형의 우수성을 확인하기 위해, 국내 한 공공기관의 보안센서로부터 수집된 로그 데이터를 바탕으로 실증 분석을 수행하였다. 그 결과, 본 연구에서 제안한 유전자 알고리즘 기반 통합모형이 인공신경망이나 SVM만으로 구성된 단일모형에 비해 학습용과 검증용 데이터셋 모두에서 더 우수한 탐지율을 보임을 확인할 수 있었다. 비대칭 오류비용을 고려한 전체 비용의 관점에서도 단일모형으로 된 비교모형에 비해 본 연구의 제안모형이 더 낮은 비용을 나타냄을 확인할 수 있었다. 이렇게 실증적으로 그 효과가 검증된 본 연구의 제안 모형은 앞으로 보다 지능화된 침입탐지시스템을 개발하는데 유용하게 활용될 수 있을 것으로 기대된다.

• 한국정보과학회논문지:데이타베이스
• /
• 제34권6호
• /
• pp.473-482
• /
• 2007

네트워크 기반의 침입탐지시스템에서는 수집된 패킷데이타의 분석을 통해 침입인지 정상행위 인지를 판단하여 경보를 발생 시키며 이런 경보데이타의 양은 기하급수적으로 증가하고 있다. 보안관리자는 이러한 대량의 경보데이타들을 분석하고 통합 관리하여 네트워크 보안레벨을 진단하거나 시간에 따른 적절한 대응을 하는데 유용하게 사용하여야 한다. 그러나 오경보의 비율이 너무 높아 경보 데이터들간의 상관관계 분석이나 고수준의 의미 분석에 어려움이 많으므로 분석결과에 대한 신뢰성이나 분석의 효율성이 낮아지는 문제점을 가진다. 이 논문에서는 데이타 마이닝의 분류 기법을 적용하여 오경보율을 최소화하는 방법을 제안한다. 결정트리기반의 분류 기법을 오경보 분류 모델로 적용하여 오경보들 중 실제는 공격이 아님에도 불구하고 공격이라 판단된 오경보를 정상으로 분류할 수 있는 경보 데이타 분류 모델을 설계하고 구현한다. 구현된 경보데이타 분류 모델은 오경보율을 최소화하므로 경보데이타의 분석 및 통합을 통해 경보메시지의 축약 및 침입탐지시스템의 탐지율을 높이는데 활용될 수 있다.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2005년도 ICCAS
• /
• pp.1577-1580
• /
• 2005

With remarkable growth of using Internet, attempts to try intrusions on network are now increasing. Intrusion Detection System is a security system which detects and copes illegal intrusions. Especially with increasing dispersive attacks through network, concerns for this Distributed Intrusion Detection are also rising. The previous Intrusion Detection System has difficulty in coping cause it detects intrusions only on particular network and only same segment. About same attacks, system lacks capacity of combining information and related data. Also it lacks cooperations against intrusions. Systematic and general security controls can make it possible to detect intrusions and deal with intrusions and predict. This paper considers Distributed Intrusion Detection preventing attacks and suggests the way sending active packets between nodes safely and performing in corresponding active node certainly. This study suggested improved E-IDS system which prevents service attacks and also studied sending messages safely by encoding. Encoding decreases security attacks in active network. Also described effective ways of dealing intrusions when misuses happens thorough case study. Previous network nodes can't deal with hacking and misuses happened in the middle nodes at all, cause it just encodes ends. With above suggested ideas, problems caused by security services can be improved.

• 디지털콘텐츠학회 논문지
• /
• 제19권4호
• /
• pp.711-717
• /
• 2018

컴퓨터와 네트워크의 비약적인 발전은 다양한 정보 교환을 쉽게 하였다. 하지만, 그와 동시에 다양한 위험 요소를 발생시켜 악의적 목적을 가진 사용자와 그룹은 취약한 시스템을 대상으로 공격을 하고 있다. 침입탐지시스템은 네트워크 패킷 분석을 통해 악의적인 행위를 탐지한다. 하지만, 많은 양의 패킷을 짧은 시간 내에 처리해야 하는 부담이 있다. 따라서, 이 문제를 해결하기 위하여 우리는 User Level에서 동작하는 네트워크 침입탐지시스템의 탐지 성능 향상을 위해 Kernel Level에서 동작하는 시스템을 제안한다. 실제로, kernel level에서 동작하는 네트워크 침입탐지시스템을 구현함으로써 패킷 분석 및 탐지 성능을 향상함을 확인하였다.