• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1489-1497
• /
• 2018

Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.705-710
• /
• 2003

Recently, most interchanges of information have been performed in the internet environments. So, the technuque, which is used as intrusion deleting tool for system protecting against attack, is very important. But, the skills of intrusion detection are newer and more delicate, we need preparations for defending from these attacks. Currently, lots of intrusion detection systemsmake the midel of intrusion detection rule using experienced data, based on this model they have the strategy of defence against attacks. This is not efficient for defense from new attack. In this paper, a new model of intrusion detection is proposed. This is hybrid statistical learning model using likelihood ratio test and statistical learning theory, then this model can detect a new attack as well as experienced attacks. This strategy performs intrusion detection according to make a model by finding abnomal attacks. Using KDD Cup-99 task data, we can know that the proposed model has a good result of intrusion detection.

• Journal of KIISE:Information Networking
• /
• v.32 no.3
• /
• pp.301-309
• /
• 2005

Learning program's behavior using machine learning techniques based on system call audit data is an effective intrusion detection method. Rule teaming, neural network, statistical technique, and hidden Markov model are representative methods for intrusion detection. Among them neural networks are known for its good performance in teaming system call sequences. In order to apply it to real world problems successfully, it is important to determine their structure. However, finding appropriate structure requires very long time because there are no formal solutions for determining the structure of networks. In this paper, a novel intrusion detection technique using evolutionary neural networks is proposed. Evolutionary neural networks have the advantage that superior neural networks can be obtained in shorter time than the conventional neural networks because it leams the structure and weights of neural network simultaneously Experimental results against 1999 DARPA IDEVAL data confirm that evolutionary neural networks are effective for intrusion detection.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.4
• /
• pp.69-75
• /
• 2000

This paper proposes a network intrusion detection model which can detect the insertion and evasion attacks. These attacks can be prevented when some kind of information are available in the network intrusion detection system. We classified these information with three categories and used each category at setup phase and executing Phase. Within the proposed model, all necessary information which are related with networks and operating systems are maintained in the database and created as a table. This table is used during intrusion detection. The overheads of database and table may be simple in this model.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2173-2176
• /
• 2003

본 논문에서는 네트워크 기반 분산 침입탐지 시스템을 위한 커널 수준 침입탐지 기법을 제안한다. 제안하는 기법은 탐지분석으로 침입탐지 과정을 분리하고 침입탐지 규칙 생성 요구에 대한 침입탐지 자료구조로의 변환을 사용자 응용 프로그램 수준에서 수행하며 생성된 자료구조의 포인터 연결을 커널 수준에서 수행한다. 침입탐지 규칙 변경은 노드를 삭제하지 않고 삭제표시만 수행하고 새로운 노드를 추가하는 삭제마크 띤 노드추가 방식 통하여 수행한다 제안하는 기법은 탐지과정의 분리를 통해 분산 네트워크 환경에 효율적으로 적용할 수 있으며 커널기반 침입탐지 방식을 사용하여 사용자 응용 프로그램으로 동작하는 에이전트기반의 침입탐지 기법에 비해 탐지속도가 빠르다. 침입탐지 규칙 변경은 삭제마크 및 노드추가 방식을 통해서 규칙변경과 침입탐지를 동시에 수행하기 위한 커널의 부하를 줄일 수 있다. 이를 통해 다양한 네트워크 공격에 대하여 신속하게 대응할 수 있다. 그러므로, 서비스거부 공격과 같이 네트워크 과부하가 발생하는 환경에서도 신속한 침입탐지와 탐지효율을 증가시킬 수 있다는 장점을 가진다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.490-493
• /
• 2020

오늘날 정보통신 기술이 급격하게 발달하면서 IT 인프라에서 보안의 중요성이 높아졌고 동시에 APT(Advanced Persistent threat)처럼 고도화되고 다양한 형태의 공격이 증가하고 있다. 점점 더 고도화되는 공격을 조기에 방어하거나 예측하는 것은 매우 중요한 문제이며, NIDS(Network-based Intrusion Detection System) 관련 데이터 분석만으로는 빠르게 변형하는 공격을 방어하지 못하는 경우가 많이 보고되고 있다. 따라서 HIDS(Host-based Intrusion Detection System) 데이터 분석을 통해서 위와 같은 공격을 방어하는데 현재는 침입탐지 시스템에서 생성된 데이터가 주로 사용된다. 하지만 데이터가 많이 부족하여 과거에 생성된 DARPA(Defense Advanced Research Projects Agency) 침입 탐지 평가 데이터 세트인 KDD(Knowledge Discovery and Data Mining) 같은 데이터로 연구를 하고 있어 현대 컴퓨터 시스템 특정을 반영한 데이터의 비정상행위 탐지에 대한 연구가 많이 부족하다. 본 논문에서는 기존에 사용되었던 데이터 세트에서 결여된 스레드 정보, 메타 데이터 및 버퍼 데이터를 포함하고 있으면서 최근에 생성된 LID-DS(Leipzig Intrusion Detection-Data Set) 데이터를 이용한 분석 비교 연구를 통해 앞으로 호스트 기반 침입 탐지 데이터 시스템의 나아갈 새로운 연구 방향을 제시한다.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 2001.01a
• /
• pp.298-309
• /
• 2001

This research aims to unravel the significant features of the human immune system, which would be successfully employed for a novel network intrusion detection model. Several salient features of the human immune system, which detects intruding pathogens, are carefully studied and the possibility and the advantages of adopting these features for network intrusion detection are reviewed and assessed.

• Journal of Digital Contents Society
• /
• v.10 no.3
• /
• pp.479-484
• /
• 2009

Security system of wireless network take on importance as use of wireless network increases. Detection and opposition about that is difficult even if attack happens because MANET is composed of only moving node. And it is difficult that existing security system is applied as it is because of migratory nodes. Therefore, system is protected from malicious attack of intruder in this environment and it has to correspond to attack immediately. In this paper, we propose intrusion detection system using cluster head in order to detect malicious attack and use resources efficiently. we used method that gathering of rules is defined and it judges whether it corresponds or not to detect intrusion more exactly. In order to evaluate performance of proposed method, we used blackhole, message negligence, jamming attack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.676-679
• /
• 2001

As network security is coning up with significant problem after the major Internet sites were hacked nowadays, IDS(Intrusion Detection System) is considered as a next generation security solution for more reliable network and system security rather than firewall. In this paper, we propose the new IDS model which tan detect intrusion in different systems as well as which ran make real-time detection of intrusion in the expanded distributed environment in host level of drawback of existing IDS. We implement its prototype and verify its validity. We use pattern extraction agent so that we can extract automatically audit file needed in distributed intrusion detection even in other platforms.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.1
• /
• pp.103-113
• /
• 2003

Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles. and detectes anomaly intrusions effectively. Anomaly detections using system calls are detected only anomaly processes. But this has a Problem that doesn't detect affected various Part by anomaly processes. To improve this problem, the relation among system calls of processes is represented by bayesian probability values. Application behavior profiling by Bayesian Network supports anomaly intrusion informations . This paper overcomes the Problems of various intrusion detection models we Propose effective intrusion detection technique using Bayesian Networks. we have profiled concisely normal behaviors using behavior context. And this method be able to detect new intrusions or modificated intrusions we had simulation by proposed normal behavior profiling technique using UNM data.