• Journal of Internet Computing and Services
• /
• v.5 no.2
• /
• pp.57-67
• /
• 2004

In this paper we present the architecture of intrusion detection system that enhances the performance of system and the correctness of intrusion detection. A network intrusion is usually composed of several steps of action taken by the attackers. Each action in the steps can be characterized by its signature. But normal and non-intrusive action can also include the same signature, It can result in incorrect detection. The presented system uses the correlation of series of signatures that consist of an intrusion. So Its decision on an intrusion is highly reliable. And variations of known intrusions can easily be detected without any knowledge of the variations.

• Journal of Institute of Control, Robotics and Systems
• /
• v.9 no.4
• /
• pp.310-319
• /
• 2003

As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.

• Smart Media Journal
• /
• v.8 no.3
• /
• pp.17-22
• /
• 2019

Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires considerable knowledge of various fields. Attackers may modify previous attempts to escape intrusion detection rules. In this paper, we deal with the problem of detecting modified attacks based on previous intrusion detection rules. We show a simple method of reporting approximate occurrences of at least one of the network intrusion detection rules, based on q-grams and the longest increasing subsequences. Experimental results showed that our approach could detect modified attacks, modeled with edit operations.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.87-95
• /
• 2006

An intrusion can be defined as any set of actors that attempt to compromise the integrity, confidentiality and availability of computer resource and destroy the security policy of computer system. The Intrusion Detection System that detects the intrusion consists of data collection, data reduction, analysis and detection, and report and response. It is important for feature selection to detect the intrusion efficiently after collecting the large set of data of Intrusion Detection System. In this paper, the feature selection method using Genetic Algorithm and Decision Tree is proposed. Also the method is verified by the simulation with KDD data.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.4
• /
• pp.153-160
• /
• 2010

MANET composed mobile nodes without central concentration control like base station communicate through multi-hop route among nodes. Accordingly, it is hard to maintain stability of network because topology of network change at any time owing to movement of mobile nodes. MANET has security problems because of node mobility and needs intrusion detection system that can detect attack of malicious nodes. Therefore, system is protected from malicious attack of intruder in this environment and it has to correspond to attack immediately. In this paper, we propose intrusion detection system based on rules in order to more accurate intrusion detection. Cluster head perform role of monitor node to raise monitor efficiency of packet. In order to evaluate performance of proposed method, we used jamming attack, selective forwarding attack, repetition attack.

• Journal of Digital Contents Society
• /
• v.19 no.4
• /
• pp.711-717
• /
• 2018

The breakthrough in computer and network has facilitated a variety of information exchange. However, at the same time, malicious users and groups are attacking vulnerable systems. Intrusion Detection System(IDS) detects malicious behaviors through network packet analysis. However, it has a burden of processing a large amount of packets in a short time. Therefore, in order to solve these problem, we propose a network intrusion detection system that operates at kernel level to improve detection performance at user level. In fact, we confirmed that the network intrusion detection system implemented at kernel level improves packet analysis and detection performance.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.5
• /
• pp.1332-1341
• /
• 1999

Rapid expansion of network and increment of computer system access cause computer security to be an important issue. Hence, the researches in intrusion detection system(IDS)are active to reduce the risk from hackers. Considering IDS, we propose a new IDS model(DABIDS : Distributed Agent Based Intelligent intrusion Detection System) based on distributed intrusion detecting agents. The DABIDS dynamically collects intrusion behavior knowledge from each agents when some doubtable behaviors of users are detected and make new agents codes using intrusion scenario data base, and broadcast the detector codes to the distributed intrusion detecting agent of all node. This DABIDS can efficiently solve the problem to reduce the overhead for training detecting agent for intrusion behavior patterns.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.1
• /
• pp.40-44
• /
• 2005

Applying artificial intelligence, machine learning and data mining techniques to intrusion detection system are increasing. But most of researches are focused on improving the performance of classifier. These classifiers are performed by batch way and it is not proper method for realtime intrusion detection system. We propose an incremental feature extraction and classification technique for realtime intrusion detection system. Applying proposed system to KDD CUP 99 data, experimental result shows that it has similar capability compared to batch way intrusion detection system.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.67-70
• /
• 2003

Since IT industries grew, The information security of both individual and company has come to the front. But, nowadays, It is very hard to satisfy the diversity of security Protection Profile with simple Intrusion Detection System, because of highly developed Intrusion Skills. The Intrusion Detection System is the system that detects, reports and copes with of every kind of Intrusion actions immediately. In this paper, we compare the concept of IDS PPs and analyze the threat of PP.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.717-726
• /
• 2003

In this paper, we analyze the associated rule based deductive algorithm which creates the rules automatically for intrusion detection from the vast packet data. Based on the result, we also suggest the deductive algorithm which creates the rules of intrusion pattern fast in order to apply the intrusion detection systems. The deductive algorithm proposed is designed suitable to the concept of clustering which classifies and deletes the large data. This algorithm has direct relation with the method of pattern generation and analyzing module of the intrusion detection system. This can also extend the appication range and increase the detection speed of exiting intrusion detection system as the rule database is constructed for the pattern management of the intrusion detection system. The proposed pattern generation technique of the deductive algorithm is used to the algorithm is used to the algorithm which can be changed by the supporting rate of the data created from the intrusion detection system. Fanally, we analyze the possibility of the speed improvement of the rule generation with the algorithm simulation.