• Title/Summary/Keyword: Network intrusion detection systems

Search Result 227, Processing Time 0.023 seconds

An Intelligent Intrusion Detection Model Based on Support Vector Machines and the Classification Threshold Optimization for Considering the Asymmetric Error Cost (비대칭 오류비용을 고려한 분류기준값 최적화와 SVM에 기반한 지능형 침입탐지모형)

  • Lee, Hyeon-Uk;Ahn, Hyun-Chul
    • Journal of Intelligence and Information Systems
    • /
    • v.17 no.4
    • /
    • pp.157-173
    • /
    • 2011
  • As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. This means the fatal damage can be caused by these intrusions in the government agency, public office, and company operating various systems. For such reasons, there are growing interests and demand about the intrusion detection systems (IDS)-the security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. The intrusion detection models that have been applied in conventional IDS are generally designed by modeling the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. These kinds of intrusion detection models perform well under the normal situations. However, they show poor performance when they meet a new or unknown pattern of the network attacks. For this reason, several recent studies try to adopt various artificial intelligence techniques, which can proactively respond to the unknown threats. Especially, artificial neural networks (ANNs) have popularly been applied in the prior studies because of its superior prediction accuracy. However, ANNs have some intrinsic limitations such as the risk of overfitting, the requirement of the large sample size, and the lack of understanding the prediction process (i.e. black box theory). As a result, the most recent studies on IDS have started to adopt support vector machine (SVM), the classification technique that is more stable and powerful compared to ANNs. SVM is known as a relatively high predictive power and generalization capability. Under this background, this study proposes a novel intelligent intrusion detection model that uses SVM as the classification model in order to improve the predictive ability of IDS. Also, our model is designed to consider the asymmetric error cost by optimizing the classification threshold. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, when considering total cost of misclassification in IDS, it is more reasonable to assign heavier weights on FNE rather than FPE. Therefore, we designed our proposed intrusion detection model to optimize the classification threshold in order to minimize the total misclassification cost. In this case, conventional SVM cannot be applied because it is designed to generate discrete output (i.e. a class). To resolve this problem, we used the revised SVM technique proposed by Platt(2000), which is able to generate the probability estimate. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 1,000 samples from them by using random sampling method. In addition, the SVM model was compared with the logistic regression (LOGIT), decision trees (DT), and ANN to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell 4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on SVM outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that our model reduced the total misclassification cost compared to the ANN-based intrusion detection model. As a result, it is expected that the intrusion detection model proposed in this paper would not only enhance the performance of IDS, but also lead to better management of FNE.

Role of Machine Learning in Intrusion Detection System: A Systematic Review

  • Alhasani, Areej;Al omrani, Faten;Alzahrani, Taghreed;alFahhad, Rehab;Alotaibi, Mohamed
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.3
    • /
    • pp.155-162
    • /
    • 2022
  • Over the last 10 years, there has been rapid growth in the use of Machine Learning (ML) techniques to automate the process of intrusion threat detection at a scale never imagined before. This has prompted researchers, software engineers, and network specialists to rethink the applications of machine ML techniques particularly in the area of cybersecurity. As a result there exists numerous research documentations on the use ML techniques to detect and block cyber-attacks. This article is a systematic review involving the identification of published scholarly articles as found on IEEE Explore and Scopus databases. The articles exclusively related to the use of machine learning in Intrusion Detection Systems (IDS). Methods, concepts, results, and conclusions as found in the texts are analyzed. A description on the process taken in the identification of the research articles included: First, an introduction to the topic which is followed by a methodology section. A table is used to list identified research articles in the form of title, authors, methodology, and key findings.

Evaluating Unsupervised Deep Learning Models for Network Intrusion Detection Using Real Security Event Data

  • Jang, Jiho;Lim, Dongjun;Seong, Changmin;Lee, JongHun;Park, Jong-Geun;Cheong, Yun-Gyung
    • International journal of advanced smart convergence
    • /
    • v.11 no.4
    • /
    • pp.10-19
    • /
    • 2022
  • AI-based Network Intrusion Detection Systems (AI-NIDS) detect network attacks using machine learning and deep learning models. Recently, unsupervised AI-NIDS methods are getting more attention since there is no need for labeling, which is crucial for building practical NIDS systems. This paper aims to test the impact of designing autoencoder models that can be applied to unsupervised an AI-NIDS in real network systems. We collected security events of legacy network security system and carried out an experiment. We report the results and discuss the findings.

A Detection Method for Network Intrusion using the NFR (NFR을 이용한 네트워크 침입 탐지)

  • 최선철;차현철
    • Proceedings of the Korea Society for Industrial Systems Conference
    • /
    • 2001.05a
    • /
    • pp.261-267
    • /
    • 2001
  • In this paper, we have illustrated implementations and there results of network attacks and detections. We consider two attacks, smurf attach and network mapping attack, which are one of the typical intrusions using the ICMP The NFR/sup TM/ is used to capture all of our interesting packets within the network traffic. We implement the smurf and network mapping attacks with the UNIX raw socket, and build the NFR's backend for it's detection. The N-Code programming is used to build the backend. The implementing results show the possibility of preventing illegal intruding to network systems.

  • PDF

A Comparative Study of Machine Learning Algorithms Using LID-DS DataSet (LID-DS 데이터 세트를 사용한 기계학습 알고리즘 비교 연구)

  • Park, DaeKyeong;Ryu, KyungJoon;Shin, DongIl;Shin, DongKyoo;Park, JeongChan;Kim, JinGoog
    • KIPS Transactions on Software and Data Engineering
    • /
    • v.10 no.3
    • /
    • pp.91-98
    • /
    • 2021
  • Today's information and communication technology is rapidly developing, the security of IT infrastructure is becoming more important, and at the same time, cyber attacks of various forms are becoming more advanced and sophisticated like intelligent persistent attacks (Advanced Persistent Threat). Early defense or prediction of increasingly sophisticated cyber attacks is extremely important, and in many cases, the analysis of network-based intrusion detection systems (NIDS) related data alone cannot prevent rapidly changing cyber attacks. Therefore, we are currently using data generated by intrusion detection systems to protect against cyber attacks described above through Host-based Intrusion Detection System (HIDS) data analysis. In this paper, we conducted a comparative study on machine learning algorithms using LID-DS (Leipzig Intrusion Detection-Data Set) host-based intrusion detection data including thread information, metadata, and buffer data missing from previously used data sets. The algorithms used were Decision Tree, Naive Bayes, MLP (Multi-Layer Perceptron), Logistic Regression, LSTM (Long Short-Term Memory model), and RNN (Recurrent Neural Network). Accuracy, accuracy, recall, F1-Score indicators and error rates were measured for evaluation. As a result, the LSTM algorithm had the highest accuracy.

Security Policy Model for the Intrusion Detection and Response on Enterprise Security Management System (통합보안관리 시스템에서의 침입탐지 및 대응을 위한 보안 정책 모델에 관한 연구)

  • Kim, Seok-Hun;Kim, Eun-Soo;Song, Jung-Gil
    • Convergence Security Journal
    • /
    • v.5 no.2
    • /
    • pp.9-17
    • /
    • 2005
  • Recently It's difficult to deal with about variety of attack. And Simple Security management have a problem. It is that they don't develop system measuring their system envoirment and have efficient attack detector, countermeasure organization about large network. Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

  • PDF

Network intrusion detection method based on matrix factorization of their time and frequency representations

  • Chountasis, Spiros;Pappas, Dimitrios;Sklavounos, Dimitris
    • ETRI Journal
    • /
    • v.43 no.1
    • /
    • pp.152-162
    • /
    • 2021
  • In the last few years, detection has become a powerful methodology for network protection and security. This paper presents a new detection scheme for data recorded over a computer network. This approach is applicable to the broad scientific field of information security, including intrusion detection and prevention. The proposed method employs bidimensional (time-frequency) data representations of the forms of the short-time Fourier transform, as well as the Wigner distribution. Moreover, the method applies matrix factorization using singular value decomposition and principal component analysis of the two-dimensional data representation matrices to detect intrusions. The current scheme was evaluated using numerous tests on network activities, which were recorded and presented in the KDD-NSL and UNSW-NB15 datasets. The efficiency and robustness of the technique have been experimentally proved.

Anomaly Detection Mechanism based on the Session Patterns and Fuzzy Cognitive Maps (퍼지인식도와 세션패턴 기반의 비정상 탐지 메커니즘)

  • Ryu Dae-Hee;Lee Se-Yul;Kim Hyeock-Jin;Song Young-Deog
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.6 s.38
    • /
    • pp.9-16
    • /
    • 2005
  • Recently, since the number of internet users is increasing rapidly and, by using the Public hacking tools, general network users can intrude computer systems easily, the hacking problem is setting more serious. In order to prevent the intrusion. it is needed to detect the sign in advance of intrusion in a Positive Prevention by detecting the various forms of hackers intrusion trials to know the vulnerability of systems. The existing network-based anomaly detection algorithms that cope with port-scanning and the network vulnerability scans have some weakness in intrusion detection. they can not detect slow scans and coordinated scans. therefore, the new concept of algorithm is needed to detect effectively the various. In this Paper, we propose a detection algorithm for session patterns and FCM.

  • PDF

A New Method to Detect Anomalous State of Network using Information of Clusters (클러스터 정보를 이용한 네트워크 이상상태 탐지방법)

  • Lee, Ho-Sub;Park, Eung-Ki;Seo, Jung-Taek
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.545-552
    • /
    • 2012
  • The rapid development of information technology is making large changes in our lives today. Also the infrastructure and services are combinding with information technology which predicts another huge change in our environment. However, the development of information technology brings various types of side effects and these side effects not only cause financial loss but also can develop into a nationwide crisis. Therefore, the detection and quick reaction towards these side effects is critical and much research is being done. Intrusion detection systems can be an example of such research. However, intrusion detection systems mostly tend to focus on judging whether particular traffic or files are malicious or not. Also it is difficult for intrusion detection systems to detect newly developed malicious codes. Therefore, this paper proposes a method which determines whether the present network model is normal or abnormal by comparing it with past network situations.

An Intrusion Detection System Using Pattern Classification (패턴 분류를 이용한 침입탐지 시스템 모델)

  • 윤은준;김현성;부기동
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • 2002.11a
    • /
    • pp.59-65
    • /
    • 2002
  • Recently, lots of researchers work focused on the intrusion detection system. Pattern matching technique is commonly used to detect the intrusion in the system, However, the method requires a lot of time to match between systems rule and inputted packet data. This paper proposes a new intrusion detection system based on the pattern matching technique. Proposed system reduces the required time for pattern matching by using classified system rule. The classified rule is implemented with a general tree for efficient pattern matching. Thereby, proposed system could perform network intrusion detection efficiently.

  • PDF