• The Journal of the Korea institute of electronic communication sciences
• /
• v.16 no.2
• /
• pp.363-370
• /
• 2021

The perimeter intrusion detection system is very important in physical security. In this study, a micro smart device (module) using MEMS sensor was developed in IoT environment for external intrusion detection. The outer intrusion detection system applying the smart device developed in this study is installed in various installation environments, such as barbed wire of various materials and shapes, the city center, the beach, and the mountain, so that it can detect external intrusion and its location as well as false alarms. As a smart sensor that can minimize the false alarm rate and economical construction cost, it is expected that it can be used for the safe operation of major facilities and prevention of disasters and crimes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.71-84
• /
• 1999

The most of intrusion detection methods do not detect intrusion when it happens. To solve the problem, we are studying a real-time intrusion detection. Because a previous intrusion detection system(IDS) is running on the host level, it difficult to port and to extend to other system on the network level that distributed environment. Also IDS provides the confidentiality of messages when it sends each other. This paper proposes a model of real-time intrusion detection using agents. It applies to distributed environment using an extensibility and communication mechanism among agents, supports a portability, an extensibility and a confidentiality of IDS.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.251-257
• /
• 2015

Intrusion protection system is a security system that stop abnormal traffics through automatic activity by finding out attack signatures in network. Unlike firewall or intrusion detection system that defends passively, it is a solution that stop the intrusion before intrusion warning. The security performance of intrusion protection system is influenced by security auditability, user data protection, security athentication, etc., and performance is influenced by detection time, throughput, attack prevention performance, etc. In this paper, we constructed a convergence performance evaluation model about software product evaluation to construct the model for security performance evaluation of intrusion protection system based on CC(Common Criteria : ISO/IEC 15408) and ISO international standard about software product evaluation.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.15 no.3
• /
• pp.282-288
• /
• 2005

In this paper, we propose a new intrusion detection model, which keeps advantages of existing misuse detection model and anomaly detection model and resolves their problems. This new intrusion detection system, named to MMIDS, was designed to satisfy all the following requirements : 1) Fast detection of new types of attack unknown to the system; 2) Provision of detail information about the detected types of attack; 3) cost-effective maintenance due to fast and efficient learning and update; 4) incrementality and scalability of system. The fast and efficient training and updating faculties of proposed novel multi-class SVM which is a core component of MMIDS provide cost-effective maintenance of intrusion detection system. According to the experimental results, our method can provide superior performance in separating similar patterns and detailed separation capability of MMIDS is relatively good.

• Journal of the Korea Society for Simulation
• /
• v.10 no.1
• /
• pp.83-92
• /
• 2001

For the prevention of the network intrusion from damaging the system, both IDS (Intrusion Detection System) and Firewall are frequently applied. The collaboration of IDS and Firewall efficiently protects the network because of making up for the weak points in the each demerit. A model has been constructed based on the DEVS (Discrete Event system Specification) formalism for the simulation of the system that consists of IDS and Firewall. With this model we can simulation whether the intrusion detection, which is a core function of IDS, is effectively done under various different conditions. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network where the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. If an agent detects intrusions, it transfers attacker's information to a Firewall. Using this mechanism attacker's packets detected by IDS can be prevented from damaging the network.

• Journal of Fisheries and Marine Sciences Education
• /
• v.17 no.2
• /
• pp.270-280
• /
• 2005

Many researchers have proposed the various methods to detect illegal intrusion in order to improve internet environment. Among these researches, IDS(Intrusion Detection System) is classified the most common model to protect network security. In this paper, we propose new log format instead of Apache log format for SSL integrity verification. We translate file-DB log format into R-DB log format. Using these methods we can manage Web server's integrity, and log data is transmitted verification system to be able to perform both primary function of IDS and Web server's integrity management at the same time. The proposed system in this paper is also able to use for wire and wireless environment based on PDA.

• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.43-53
• /
• 2007

Intrusion detection system(IDS) has recently evolved while combining signature-based detection approach with anomaly detection approach. Although signature-based IDS tools have been commonly used by utilizing machine learning algorithms, they only detect network intrusions with already known patterns, Ideal IDS tools should always keep the signature database of your detection system up-to-date. The system needs to generate the signatures to detect new possible attacks while monitoring and analyzing incoming network data. In this paper, we propose a new outlier cluster detection algorithm with density (or influence) function, Our method assumes that an outlier is a kind of cluster with similar instances instead of a single object in the context of network intrusion, Through extensive experiments using KDD 1999 Cup Intrusion Detection dataset. we show that the proposed method outperform the conventional outlier detection method using Euclidean distance function, specially when attacks occurs frequently.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1707-1721
• /
• 2004

In this paper, we propose a distributed communication model of intrusion detection system(IDS) in which integrated security management at networks level is possible, model it at a security node and distributed system levels, design and implement a simulator. At the node level, we evaluate the transfer capability of alert message based on the analysis of giga-bit security node architecture which performs hardware-based intrusion detection. At the distributed system level, we perform the evaluation of transfer capability of detection and alert informations between components of distributed IDS. In the proposed model, we carry out the performance evaluation considering decision factors of communication mechanism and present the results in order to gain some quantitative understanding of the system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.658-661
• /
• 2008

As network security is coming up with significant problem after the major Internet sites were hacked nowadays, IDS(Intrusion Detection System) is considered as a next generation security solution for more trusted network and system security. We propose the new IDS model which can detect intrusion in the expanded distribute environment in host level, drawback of existing IDS, and implement prototype. We used pattern extraction agent so that we extract automatically audit file needed in intrusion detection even in other platforms.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.11
• /
• pp.164-168
• /
• 2015

As Internet use is widespread advertising through the Web, shopping, banking, etc. As the various services offered by the network, the need for Web security is increasing. A security system for the protection of information assets and systems against various types of external hacking threats and unlawful intrusion will require. Intrusion Detection Tool of the paper web will have is to increase the security level, to prevent the loss of resources and labor spent by the individual monitoring of the web. Security intrusion detection system analyzes the cause of the problem of the security vulnerability and exposure of the information on the Web. Using a monitor to determine a fast support of security is to design a security system for the purpose of protecting the information security vulnerability and exposure information.