• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.45-52
• /
• 2021

Although many studies have been conducted to identify unknown attacks in cyber security intrusion detection systems, studies based on outliers are attracting attention. Accordingly, we identify outliers by defining categories for unknown attacks. The unknown attacks were investigated in two categories: first, there are factors that generate variant attacks, and second, studies that classify them into new types. We have conducted outlier studies that can identify similar data, such as variants, in the category of studies that generate variant attacks. The big problem of identifying anomalies in the intrusion detection system is that normal and aggressive behavior share the same space. For this, we applied a technique that can be divided into clear types for normal and attack by discrete wavelet transformation and detected anomalies. As a result, we confirmed that the outliers can be identified through One-Class SVM in the data reconstructed by discrete wavelet transform.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.705-710
• /
• 2003

Recently, most interchanges of information have been performed in the internet environments. So, the technuque, which is used as intrusion deleting tool for system protecting against attack, is very important. But, the skills of intrusion detection are newer and more delicate, we need preparations for defending from these attacks. Currently, lots of intrusion detection systemsmake the midel of intrusion detection rule using experienced data, based on this model they have the strategy of defence against attacks. This is not efficient for defense from new attack. In this paper, a new model of intrusion detection is proposed. This is hybrid statistical learning model using likelihood ratio test and statistical learning theory, then this model can detect a new attack as well as experienced attacks. This strategy performs intrusion detection according to make a model by finding abnomal attacks. Using KDD Cup-99 task data, we can know that the proposed model has a good result of intrusion detection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.997-1008
• /
• 2022

Today, AI(Artificial Intelligence) technology is being extensively researched in various fields, including the field of malware detection. To introduce AI systems into roles that protect important decisions and resources, it must be a reliable AI model. AI model that dependent on training dataset should be verified to be robust against new attacks. Rather than generating new malware detection, attackers find malware detection that succeed in attacking by mass-producing strains of previously detected malware detection. Most of the attacks, such as adversarial attacks, that lead to misclassification of AI models, are made by slightly modifying past attacks. Robust models that can be defended against these variants is needed, and the Robustness level of the model cannot be evaluated with accuracy and recall, which are widely used as AI evaluation indicators. In this paper, we experiment a framework to evaluate robustness level by generating an adversarial sample based on one of the adversarial attacks, C&W attack, and to improve robustness level through adversarial training. Through experiments based on malware dataset in this study, the limitations and possibilities of the proposed method in the field of malware detection were confirmed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.217-228
• /
• 2024

LiDAR(Light Detection And Ranging) sensors, which play a pivotal role among cameras, RADAR(RAdio Detection And Ranging), and ultrasonic sensors for the safe operation of autonomous vehicles, can recognize and detect objects in 360 degrees. However, since LiDAR sensors use lasers to measure distance, they are vulnerable to attackers and face various security threats. In this paper, we examine several security threats against LiDAR sensors: relay, spoofing, and replay attacks, analyze the possibility and impact of physical jamming attacks, and analyze the risk these attacks pose to the reliability of autonomous driving systems. Through experiments, we show that jamming attacks can cause errors in the ranging ability of LiDAR sensors. With vehicle-to-vehicle (V2V) communication, multi-sensor fusion under development and LiDAR anomaly data detection, this work aims to provide a basic direction for countermeasures against these threats enhancing the security of autonomous vehicles, and verify the practical applicability and effectiveness of the proposed countermeasures in future research.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.11-17
• /
• 2018

IDS/IPS and networked computer systems are playing an increasingly important role in our society. They have been the targets of a malicious attacks that actually turn into intrusions. That is why computer security has become an important concern for network administrators. Recently, various Detection/Prevention System schemes have been proposed based on various technologies. However, the techniques, which have been applied in many systems is useful for existing intrusion patterns on standard-only systems. Therefore, probe detection of private clouds using BlockChain has become a major security protection technology to detection potential attacks. In addition, BlockChain and Probe detection need to take into account the relationship between the various factors. We should develop a new probe detection technology that uses BlockChain to fine new pattern detection probes in cloud service security in the end. In this paper, we propose a probe detection using Fuzzy Cognitive Map(FCM) and Self Adaptive Module(SAM) based on service security using BlockChain technology.

• Journal of information and communication convergence engineering
• /
• v.7 no.1
• /
• pp.7-12
• /
• 2009

The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.33-45
• /
• 2015

Currently, Internet is used an essential tool in the business area. Despite this importance, there is a risk of network attacks attempting collection of fraudulence, private information, and cyber terrorism. Firewalls and IDS(Intrusion Detection System) are tools against those attacks. IDS is used to determine whether a network data is a network attack. IDS analyzes the network data using various techniques including expert system, data mining, and state transition analysis. This paper tries to compare the performance of two data mining models in detecting network attacks. They are decision tree (C4.5), and neural network (FANN model). I trained and tested these models with data and measured the effectiveness in terms of detection accuracy, detection rate, and false alarm rate. This paper tries to find out which model is effective in intrusion detection. In the analysis, I used KDD Cup 99 data which is a benchmark data in intrusion detection research. I used an open source Weka software for C4.5 model, and C++ code available for FANN model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1033-1042
• /
• 2023

This paper proposes a network intrusion detection system that identifies abnormal flows within the network. The majority of datasets commonly used in research lack time-series information, making it challenging to improve detection rates for attacks with fewer instances due to a scarcity of sample data. However, there is insufficient research regarding detection approaches. In this study, we build upon previous research by using the Artificial neural network(ANN) model and a stack ensemble technique in our approach. To address the aforementioned issues, we incorporate temporal information by leveraging adjacent flows and enhance the learning of samples from sparse attacks, thereby improving both the overall detection rate and the detection rate for sparse attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.527-545
• /
• 2022

In order to effectively detect APT attacks performed by well-organized adversaries, we implemented a system to detect attacks by reconstructing attack chains of APT attacks. Our attack chain-based APT attack detection system consists of 'events collection and indexing' part which collects various events generated from hosts and network monitoring tools, 'unit attack detection' part which detects unit-level attacks defined in MITRE ATT&CK^® techniques, and 'attack chain reconstruction' part which reconstructs attack chains by performing causality analysis based on provenance graphs. To evaluate our system, we implemented a test-bed and conducted several simulated attack scenarios provided by MITRE ATT&CK Evaluation program. As a result of the experiment, we were able to confirm that our system effectively reconstructed the attack chains for the simulated attack scenarios. Using the system implemented in this study, rather than to understand attacks as fragmentary parts, it will be possible to understand and respond to attacks from the perspective of progress of attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2C
• /
• pp.208-218
• /
• 2006

In this paper, we introduce the creation methods of attack detection model using data mining technologies that can classify the latest attack types, and can detect the modification of existing attacks as well as the novel attacks. Also, we evaluate comparatively these attack detection models in the view of detection accuracy and detection time. As the important factors for creating detection models, there are data, attribute, and detection algorithm. Thus, we used NetFlow data gathered at the real network, and KDD Cup 1999 data for the experiment in large quantities. And for attribute selection, we used a heuristic method and a theoretical method using decision tree algorithm. We evaluate comparatively detection models using a single supervised/unsupervised data mining approach and a combined supervised data mining approach. As a result, although a combined supervised data mining approach required more modeling time, it had better detection rate. All models using data mining techniques could detect the attacks within 1 second, thus these approaches could prove the real-time detection. Also, our experimental results for anomaly detection showed that our approaches provided the detection possibility for novel attack, and especially SOM model provided the additional information about existing attack that is similar to novel attack.