• Journal of Digital Convergence
• /
• v.16 no.5
• /
• pp.399-406
• /
• 2018

Much research has been done using the KDDCup99 data set to study intrusion detection using artificial intelligence. Previous studies have shown that the performance of the SMO (SVM) algorithm is superior. However, intrusion detection studies of new intrusion types not used in training are insufficient. In this paper, a model was created using the instances of weka's SMO and KDDCup99 training data set, kddcup.data.gz. We tested existing instances(292,300) of the corrected.gz file and new intrusions(18,729). In general, intrusion labels not used in training are not tested, so new intrusion labels were changed to normal. Of the 18,729 new intrusions, 1,827 were classified as intrusions. 1,827 instances classified as new intrusions are buffer_overflow. Three, neptune. 392, portsweep. 164, ipsweep. 9, back. 511, imap. 1, satan. Dogs, 645, nmap. 102.

• Journal of Convergence for Information Technology
• /
• v.9 no.3
• /
• pp.134-139
• /
• 2019

As the development of modern society progresses rapidly, the technologies of society as a whole are progressing and becoming more advanced. Especially in the field of security, more sophisticated and intelligent attacks are being created. Meanwhile, damaging situations are becoming several times larger than before Therefore, it is necessary to re-classify and enhance the existing classification system. It is required to minimize the intrusion damage by actively responding to intelligent intrusions by applying this classification scheme to currently operating intrusion detection systems. In this paper, we analyze the intrusion type caused by intelligent attack We propose a new classification scheme for intrusion situations to guarantee the service safety, reliability, and availability of the target system, We use this classification model to lay the foundations for the design and implementation of a smart intrusion cognitive system capable of early detection of intrusion, the damages caused by intrusion, and more collections active response.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.665-674
• /
• 2003

In this paper, we propose an approach to correlate alerts using a clustering analysis of data mining techniques in order to support intrusion detection system. Intrusion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks. However, intrucsion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks or variations of known attacks without generating a large amount of false alerts. In addition, all the current intrusion detection systems focus on low-level attacks or anomalies. Consequently, the intrusion detection systems to underatand the intrusion behind the alerts and take appropriate actions. The clustering analysis groups data objects into clusters such that objects belonging to the same cluster are similar, while those belonging to different ones are dissimilar. As using clustering technique, we can analyze alert data efficiently and extract high-level knowledgy about attacks. Namely, it is possible to classify new type of alert as well as existed. And it helps to understand logical steps and strategies behind series of attacks using sequences of clusters, and can potentially be applied to predict attacks in progress.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.69-78
• /
• 2004

The change of attack techniques paradigm was begun by fast extension of the latest Internet and new attack form appearing. But, Most intrusion detection systems detect only known attack type as IDS is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, the experiments to apply various techniques of anomaly detection are appearing. In this paper, we propose an behavior profiling method using Bayesian framework based on graphics from audit data and visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate host/network audit data into BF-XML which is behavior profile of semi-structured data type for anomaly detection and to visualize BF-XML as SVG.

• Journal of National Security and Military Science
• /
• s.2
• /
• pp.285-314
• /
• 2004

The forms of current war are diversified over the pan-national industry. Among these, one kind of threats which has permeated the cyber space based on the advanced information technology causes a new type of war. C4ISR, the military IT revolution, as a integrated technology innovation of Command, Control, Communications, Computer, Intelligence, Surveillance and Reconnaissance suggests that the aspect of the future war hereafter is changing much. In this paper, we design the virtual decoy system and intrusion trace marking mechanism which can capture various attempts and evidence of intrusion by hackers in cyber space, trace the penetration path and protect a system. By the suggested technique, we can identify and traceback the traces of intrusion in cyber space, or take a legal action with the seized evidence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.111-121
• /
• 2006

As Internet lastly grows, network attack techniques are transformed and new attack types are appearing. The existing network-based intrusion detection systems detect well known attack, but the false-positive or false-negative against unknown attack is appearing high. In addition, The existing network-based intrusion detection systems is difficult to real time detection against a large network pack data in the network and to response and recognition against new attack type. Therefore, it requires method to heighten the detection rate about a various large dataset and to reduce the false-positive. In this paper, we propose method to reduce the false-positive using multi-level detection algorithm, that is combine the multidimensional Apriori algorithm and the modified Negative Selection algorithm. And we apply this algorithm in intrusion detection and, to be sure, it has a good performance.

• The Journal of the Korea Contents Association
• /
• v.3 no.1
• /
• pp.31-38
• /
• 2003

In this paper, We propose detection mood generation system using learning to generate automatically detection model. It is improved manpower, efficiency in time. Proposed detection model generator system is consisted of agent system and manager system. Model generation can do existing standardization by genetic algorithm because do model generation and apply by new detection model. according to experiment results, detection model generation using learning proposed sees more efficiently than existing intrusion detection system. When intrusion of new type occur by implemented system and decrease of the False-Positive rate, improve performance of existing intrusion detection system.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.14-21
• /
• 2005

Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.1
• /
• pp.249-256
• /
• 2024

Machine learning-based intrusion detection methodologies require a large amount of uniform learning data for each class to be classified, and have the problem of having to retrain the entire system when adding an attack type to be detected or classified. In this paper, we use feature learning and hierarchical classification methods to solve classification problems and data imbalance problems using relatively little training data, and propose an intrusion detection methodology that makes it easy to add new attack types. The feasibility of the proposed system was verified through experiments using KDD IDS data..

• Economic and Environmental Geology
• /
• v.9 no.2
• /
• pp.85-106
• /
• 1976

The Bulgugsa acidic igneous rocks of the late Cretaceous age are largely distributed in Busan area, which is located in the southeastern corner of the Korean Peninsula. These igneous rocks comprise in ascending order, felsite, dacitic-rhyolitic welded tuffs, granite porphyry and granitic rocks. The former three members represent the early phase of volcanic activities, so that they are named as Jangsan volcanic rocks. The granitic rocks consist of granodiorite, hornblende biotite granite, Kumjongsan granite, fine grained granite, and Daebyen granite, represent the late phase of igneous activities. The Kumjongsan grainte, the largest pluton of the granitic mass, emplaced between two great vertical faults trending NNE. New chemical analyses of 33 rock samples of these acidic rocks are given. Their chemical compositions are generally similar to those of the late Mesozoic acidic igneous rocks of the northern Ashio mountains, and C-Zone granite group of the Ogcheon geosyncline, with their characteristic variation trends of several oxides. Their chemical compositions also show that $Al_2O_3$ is high value, and differentiation index is high, too. Systematically developing joints in Kumjungsan granite are divisible into two types at least. One is the NS-N $20^{\circ}E$ trendirig, $85^{\circ}{\sim}90^{\circ}$ dipping type of joint system which coincides with the trends of distribution of the granite mass and the dikes intruding this granite. Joints of this type may be cooling joints generated as tension cracks. The other is the $N60^{\circ}{\sim}70^{\circ}W$ or $N40^{\circ}{\sim}60^{\circ}E$ trending type of joint systems. It is considered that. joints belonging to this type may be shear joint occurring under the state of south-north tectonic couple acting at the east and west side of the granite mass. Igneous activities of the the Bulgugsa acidic igneous rocks in Busan area was taken place as. follows, formation of the magma reservoir, eruption and intrusion of felsite, consolidation of vents. and increasing vapor pressure in magma reservoir, eruption of pyroclastic flows, caldera collapse, intrusion of granite porphyry, and intrusion of granitic rocks at the latest stage.