• ETRI Journal
• /
• v.37 no.3
• /
• pp.502-511
• /
• 2015

Intrusion detection plays a key role in detecting attacks over networks, and due to the increasing usage of Internet services, several security threats arise. Though an intrusion detection system (IDS) detects attacks efficiently, it also generates a large number of false alerts, which makes it difficult for a system administrator to identify attacks. This paper proposes automatic fuzzy rule generation combined with a Wiener filter to identify attacks. Further, to optimize the results, simplified swarm optimization is used. After training a large dataset, various fuzzy rules are generated automatically for testing, and a Wiener filter is used to filter out attacks that act as noisy data, which improves the accuracy of the detection. By combining automatic fuzzy rule generation with a Wiener filter, an IDS can handle intrusion detection more efficiently. Experimental results, which are based on collected live network data, are discussed and show that the proposed method provides a competitively high detection rate and a reduced false alarm rate in comparison with other existing machine learning techniques.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.288-296
• /
• 2022

Side-channel attacks are a quiet mighty type of attack that targets specific physical implementations vulnerabilities. Even though several researchers have examined diverse means and methods of detecting side-channel attacks, at the present time a systematic review of these approaches does not exist. The purposes of this paper are to give an extensive analysis of literature on side-channel attack detection and offer intuitiveness from past research studies. In this study, a literature survey is conducted on articles related to side-channel attack detection between 2020 and 2022 from ACM and IEEE digital libraries. From the 10 publications included in the study, it appears they target either a single type of side-channel attacks or multiple types of side-channel attacks. Therefore, a vital review of each of the two categories is provided, as well as possible prospective research in this field of study.

• Asia pacific journal of information systems
• /
• v.31 no.3
• /
• pp.335-357
• /
• 2021

As reproduction of images can be done with ease, copy detection has increasingly become important. In the duplication process, image modifications are likely to occur and some alterations are deliberate and can be viewed as attacks. A wide range of copy detection techniques has been proposed. In our study, content-based copy detection, which basically applies DCT-based features for images, namely, pixel values, edges, texture information and frequency-domain component distribution, is employed. Experiments are carried out to evaluate robustness and sensitivity of DCT-based features from attacks. As different types of DCT-based features hold different pieces of information, how features and attacks are related can be shown in their robustness and sensitivity. Rather than searching for proper features, use of robustness and sensitivity is proposed here to realize how the attacked features have changed when an image attack occurs. The experiments show that, out of ten attacks, the neural networks are able to detect seven attacks namely, Gaussian noise, S&P noise, Gamma correction (high), blurring, resizing (big), compression and rotation with mostly related to their sensitive features.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.272-276
• /
• 2021

Presently, Online / Offline Users are facing cyber attacks every day. These cyber attacks affect user's performance, resources and various daily activities. Due to this critical situation, attention must be given to prevent such users through cyber attacks. The objective of this research paper is to improve the IDS systems by using machine learning approach to develop a hybrid model which controls the cyber attacks. This Hybrid model uses the available KDD 1999 intrusion detection dataset. In first step, Hybrid Model performs feature optimization by reducing the unimportant features of the dataset through decision tree, support vector machine, genetic algorithm, particle swarm optimization and principal component analysis techniques. In second step, Hybrid Model will find out the minimum number of features to point out accurate detection of cyber attacks. This hybrid model was developed by using machine learning algorithms like PSO, GA and ELM, which trained the system with available data to perform the predictions. The Hybrid Model had an accuracy of 99.94%, which states that it may be highly useful to prevent the users from cyber attacks.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.543-550
• /
• 2001

In this paper, an improved detection system for the network vulnerability scan attacks is proposed. The proposed system improves the methodology for detecting the network vulnerability scan attacks and provides a global detection and response capability that can counter attacks occurring across an entire network enterprize. Through the simulation, we show that the proposed system can detect vulnerable port attacks, coordinated attacks, slow scans and slow coordinated attacks. We also show our system can achieve more global and hierarchical response to attacks through the correlation between server and agents than a stand-alone system can make.

• Journal of Communications and Networks
• /
• v.14 no.4
• /
• pp.396-409
• /
• 2012

With the proliferation of diverse wireless devices, there is an increasing concern about the security of location information which can be spoofed or disrupted by adversaries. This paper investigates the characterization and detection of location spoofing attacks, specifically those which are attempting to falsify (degrade) the position estimate through signal strength based attacks. Since the physical-layer approach identifies and assesses the security risk of position information based solely on using received signal strength (RSS), it is applicable to nearly any practical wireless network. In this paper, we characterize the impact of signal strength and beamforming attacks on range estimates and the resulting position estimate. It is shown that such attacks can be characterized by a scaling factor that biases the individual range estimators either uniformly or selectively. We then identify the more severe types of attacks, and develop an attack detection approach which does not rely on a priori knowledge (either statistical or environmental). The resulting approach, which exploits the dissimilar behavior of two RSS-based estimators when under attack, is shown to be effective at detecting both types of attacks with the detection rate increasing with the severity of the induced location error.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.665-674
• /
• 2003

In this paper, we propose an approach to correlate alerts using a clustering analysis of data mining techniques in order to support intrusion detection system. Intrusion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks. However, intrucsion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks or variations of known attacks without generating a large amount of false alerts. In addition, all the current intrusion detection systems focus on low-level attacks or anomalies. Consequently, the intrusion detection systems to underatand the intrusion behind the alerts and take appropriate actions. The clustering analysis groups data objects into clusters such that objects belonging to the same cluster are similar, while those belonging to different ones are dissimilar. As using clustering technique, we can analyze alert data efficiently and extract high-level knowledgy about attacks. Namely, it is possible to classify new type of alert as well as existed. And it helps to understand logical steps and strategies behind series of attacks using sequences of clusters, and can potentially be applied to predict attacks in progress.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.2
• /
• pp.75-82
• /
• 2014

MANET has various types of attacks. In particular, routing attacks using characteristics of movement of nodes and wireless communication is the most threatening because all nodes which configure network perform a function of router which forwards packets. Therefore, mechanisms that detect routing attacks and defense must be applied. In this paper, we proposed hierarchical structure attack detection techniques in order to improve the detection ability against routing attacks. Black hole detection is performed using PIT for monitoring about control packets within cluster and packet information management on the cluster head. Flooding attack prevention is performed using cooperation-based distributed detection technique by member nodes. For this, member node uses NTT for information management of neighbor nodes and threshold whether attack or not receives from cluster head. The performance of attack detection could be further improved by calculating at regular intervals threshold considering the total traffic within cluster in the cluster head.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.5 no.3
• /
• pp.158-163
• /
• 2012

This paper proposes an FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) design that detects anomaly and misuse attacks by using a Naive Bayesian algorithm, Data Mining, and Fuzzy Logic. The NB-AAD(Naive Bayesian based Anomaly Attack Detection) technique using a Naive Bayesian algorithm within the FHIDS detects anomaly attacks. The DM-MAD(Data Mining based Misuse Attack Detection) technique using Data Mining within it analyzes the correlation rules among packets and detects new attacks or transformed attacks by generating the new rule-based patterns or by extracting the transformed rule-based patterns. The FLD(Fuzzy Logic based Decision) technique within it judges the attacks by using the result of the NB-AAD and DM-MAD. Therefore, the FHIDS is the hybrid attack detection system that improves a transformed attack detection ratio, and reduces False Positive ratio by making it possible to detect anomaly and misuse attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.168-182
• /
• 2020

Spoofing attacks, especially replay attacks, pose great security challenges to automatic speaker verification (ASV) systems. Current works on replay attacks detection primarily focused on either developing new features or improving classifier performance, ignoring the effects of feature variability, e.g., the channel variability. In this paper, we first establish a mathematical model for replay speech and introduce a method for eliminating the negative interference of the channel. Then a novel feature is proposed to detect the replay attacks. To further boost the detection performance, four post-processing methods using normalization techniques are investigated. We evaluate our proposed method on the ASVspoof 2017 dataset. The experimental results show that our approach outperforms the competing methods in terms of detection accuracy. More interestingly, we find that the proposed normalization strategy could also improve the performance of the existing algorithms.