• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.119-132
• /
• 2006

The network based security techniques well-known until now have week points to be passive in attacks and susceptible to roundabout attacks so that the misuse detection based intrusion prevention system which enables positive correspondence to the attacks of inline mode are used widely. But because the Misuse detection based Intrusion prevention system is proportional to the detection rules, it causes excessive false alarm and is linked to wrong correspondence which prevents the regular network flow and is insufficient to detect transformed attacks, This study suggests an Intrusion prevention system which uses Support Vector machines(hereinafter referred to as SVM) as one of rule based Intrusion prevention system and Anomaly System in order to supplement these problems, When this compared with existing intrusion prevention system, show performance result that improve about 20% and could through intrusion prevention system that propose false positive minimize and know that can detect effectively about new variant attack.

• Journal of KIISE:Information Networking
• /
• v.33 no.2
• /
• pp.113-130
• /
• 2006

Recently with the explosive growth of Internet applications, the attacks of hackers on network are increasing rapidly and becoming more seriously. Thus information security is emerging as a critical factor in designing a network system and much attention is paid to Network Intrusion Detection System (NIDS), which detects hackers' attacks on network and handles them properly However, the performance of current intrusion detection system cannot catch the increasing rate of the Internet speed because most of the NIDSs are implemented by software. In this paper, we propose a new high performance network intrusion using Network Processor. To achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added, a new high performance network intrusion detection system using Intel's network processor, IXP1200, is proposed. Unlike traditional intrusion detection engines, which have been implemented by either software or hardware so far, we design an optimized architecture and algorithms, exploiting the features of network processor. In addition, for more efficient detection engine scheduling, we proposed task allocation methods on multi-processing processors. Through implementation and performance evaluation, we show the proprieties of the proposed approach.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.35 no.3
• /
• pp.557-565
• /
• 2015

Sea level rise due to global warming causes seawater intrusion into aquifers in coastal areas. Seawater intrusion vulnerability index was developed using PSR (Pressure, State, Response) model and analysis hierarchy process (AHP). Coastal regions in Korea, Gangwon-do Sokcho-si, Incheon-si Ganghwa-gun, Chungcheongnam-do Taean-gun, Jeollanam-do Yeosu-si, Jindo-gun were chosen and 14 indicators were selected by considering the humanities, economic, social, environmental aspects. Re-scaling method was used for the standardization of indices and questionnaire survey was performed to calculate weight values for each index. The results showed that Yeosu-si was selected as the most vulnerable region to seawater intrusion. The seawater intrusion index developed in this research can be used to analyze the vulnerable regions to seawater intrusion and to establish a policy to minimize the seawater intrusion problems in coastal regions.

• Ocean Science Journal
• /
• v.42 no.2
• /
• pp.89-102
• /
• 2007

The surface circulation of northern South China Sea (hereafter SCS) for the period 1987-2005 was studied using the data of more than 500 satellite-tracked drifters and wind data from QuikSCAT. The mean flow directions in the northern SCS except the Luzon Strait (here after LS) during the periods October_March was southwestward, and $April{\sim}September$ northeastward. A strong northwestward intrusion of the Kuroshio through the LS appears during the $October{\sim}March$ period of northeasterly wind, but the intrusion became weak between April and September. When the strong intrusion occurred, the eddy kinetic energy (EKE) in the LS was $388cm^2/s^2$ which was almost 2 times higher than that during the weak-intrusion season. The volume transport of the Kuroshio in the east of the Philippines shows an inverse relationship to that of the LS. There is a six-month phase shift between the two seasonal phenomena. The volume transport in the east of the Philippines shows its peak sis-month earlier faster than that of the LS. The strong Kuroshio intrusion is found to be also related to the seasonal variation of the wind stress curl generated by the north easterly wind. The negative wind stress curl in the northern part of LS induces an anticyclonic flow, while the positive wind stress curl in the southern part of LS induces a cyclonic flow. The northwestward Kuroshio intrusion in the northern part of LS happened with larger negative wind stress curl, while the westward intrusion along $20.5^{\circ}N$ in the center of the LS occurred with weaker negative wind stress curl.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.727-738
• /
• 2003

Much research efforts are being exerted for the study of intrusion detection system(IDS). However little work has been for the communication medels and performance eveluation of the IDS. Here we present a communication framework for doing hybrid intrusion detection in which agents are used for local intrusion detections with a centralized data anaysis componenta for a global intrusion detection at multiple domains environment. We also assume the combination of host-based and network-based intrusion detection systems in the oberall framework. From the local domain, a set of information such as alert, and / or log data are reported to the upper level. At the root of the hierarchy, there is a global manager where data coalescing is performed. The global manager delivers a security policy to its lower levels as the result of aggregation and correlation of intrusion detection alerts. In this paper, we model the communication mechanisms for the hybrid IDS and develop a simular using OPNET modeller for the performance evaluation of transmission capabillities for the delivery of data and policy. We present and compare simulation results based on several scenarios focuding on communication delay.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.665-674
• /
• 2003

In this paper, we propose an approach to correlate alerts using a clustering analysis of data mining techniques in order to support intrusion detection system. Intrusion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks. However, intrucsion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks or variations of known attacks without generating a large amount of false alerts. In addition, all the current intrusion detection systems focus on low-level attacks or anomalies. Consequently, the intrusion detection systems to underatand the intrusion behind the alerts and take appropriate actions. The clustering analysis groups data objects into clusters such that objects belonging to the same cluster are similar, while those belonging to different ones are dissimilar. As using clustering technique, we can analyze alert data efficiently and extract high-level knowledgy about attacks. Namely, it is possible to classify new type of alert as well as existed. And it helps to understand logical steps and strategies behind series of attacks using sequences of clusters, and can potentially be applied to predict attacks in progress.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.12
• /
• pp.2287-2297
• /
• 2007

The proposed ANIDS(Advanced Network Intrusion Detection System) which is network-based IDS using Association Rule Mining, collects the packets on the network, analyze the associations of the packets, generates the pattern graph by using the highly associated packets using Association Rule Mining, and detects the intrusion by using the generated pattern graph. ANIDS consists of PMM(Packet Management Module) collecting and managing packets, PGGM(Pattern Graph Generate Module) generating pattern graphs, and IDM(Intrusion Detection Module) detecting intrusions. Specially, PGGM finds the candidate packets of Association Rule large than $Sup_{min}$ using Apriori algorithm, measures the Confidence of Association Rule, and generates pattern graph of association rules large than $Conf_{min}$. ANIDS reduces the false positive by using pattern graph even before finalizing the new pattern graph, the pattern graph which is being generated is compared with the existing one stored in DB. If they are the same, we can estimate it is an intrusion. Therefore, this paper can reduce the speed of intrusion detection and the false positive and increase the detection ratio of intrusion.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.115-122
• /
• 2006

The most methods for intrusion detection are based on the misuse detection which accumulates hewn intrusion information and makes a decision of an attack against any behavior data. However it is very difficult to detect a new or modified aoack with only the collected patterns of attack behaviors. Therefore, if considering that the method of anomaly behavior detection actually has a high false detection rate, a new approach is required for very huge intrusion patterns based on sequence. The approach can improve a possibility for intrusion detection of known attacks as well as modified and unknown attacks in addition to the similarity measurement of intrusion patterns. This paper proposes a method which applies the multiple sequence alignments technique to the similarity matching of the sequence based intrusion patterns. It enables the statistical analysis of sequence patterns and can be implemented easily. Also, the method reduces the number of detection alerts and false detection for attacks according to the changes of a sequence size.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.3
• /
• pp.13-26
• /
• 1999

Widespread use of Internet despite numerous positive aspects resulted in increased number of system intrusions and the need for enhanced security mechanisms is urgent. Systematic collection and analysis of log data are essential in intrusion investigation. Unfortunately existing logs are stored in diverse and incompatible format thus making an automated intrusion investigation practically impossible. We examined the types of log data essential in intrusion investigation and implemented a tool to enable systematic collection and efficient analysis of voluminous log data. Our tool based on RBDMS and SQL provides graphical and user-friendly interface. We describe our experience of using the tool in actual intrusion investigation and explain how our tool can be further enhanced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.4
• /
• pp.11-21
• /
• 1997

This paper introduces a statistical approach of intrusion detection and tunes an intrusion detection model using fuzzy ste. We describel the method of applying fuzzy set for NIDES intensity measure. By using fuzzy set, we improve the algorithm for evaluating score value of NIDES, and present a possibility of intrusion detection system.