• 한국지능정보시스템학회:학술대회논문집
• /
• 한국지능정보시스템학회 1999년도 춘계공동학술대회-지식경영과 지식공학
• /
• pp.307-313
• /
• 1999

This paper reviews and assesses the analogy between the human immune system and network intrusion detection systems. The promising results from a growing number of proposed computer immune models for intrusion detection motivate this work. The paper begins by briefly introducing existing intrusion detection systems (IDS's). A set of general requirements for network-based IDS's and the design goals to satisfy these requirements are identified by a careful examination of the literature. An overview of the human immune system is presented and its salient features that can contribute to the design of competent network-based IDS's are analysed. The analysis shows that the coordinated actions of several sophisticated mechanisms of the human immune system satisfy all the identified design goals. Consequently, the paper concludes that the design of a network-based IDS based on the human immune system is promising for future network-based IDS's

• 한국정보통신학회논문지
• /
• 제7권5호
• /
• pp.978-985
• /
• 2003

시스템에서 사용 패턴의 다양화 때문에 비정상 행위 탐지 IDS를 구현하는 것은 오용탐지 IDS를 구현하는 것보다 많은 어려움이 있다. 따라서 상용화되어 있는 대부분의 IDS는 오용 탐지 방법에 의한 것이다. 그러나 이러한 오용 탐지 방법에 의한 IDS는 변형된 침입 패턴이 발생할 경우 탐지해내 지 못한다는 단점을 가지고 있다. 본 논문에서는 감사데이터간의 침입 관계를 가지고 침입을 탐지하기 위해 데이터 마이닝 기법을 적용한다. 분산되어 있는 IDS에서의 에이전트는 시스템을 감시할뿐만 아니라 로그데이터까지 수집할 수 있다. 침입탐지시스템의 핵심인 탐지정확도를 높이기 위해 긍정적 결함이 최소화 되어야 한다. 따라서 감사데이터 학습단계에서 변형된 침입 패턴을 예측하기 위해서 데이터 마이닝 알고리즘을 적용한다.

• 한국데이타베이스학회:학술대회논문집
• /
• 한국데이타베이스학회 1999년도 춘계공동학술대회: 지식경영과 지식공학
• /
• pp.307-313
• /
• 1999

This paper reviews and assesses the analogy between the human immune system and network intrusion detection systems. The promising results from a growing number of proposed computer immune models for intrusion detection motivate this work. The paper begins by briefly introducing existing intrusion detection systems (IDS's). A set of general requirements for network-based IDS's and the design goals to satisfy these requirements are identified by a careful examination of the literature. An overview of the human immune system is presented and its salient features that can contribute to the design of competent network-based IDS's are analysed. The analysis shows that the coordinated actions of several sophisticated mechanisms of the human immune system satisfy all the identified design goals. Consequently, the paper concludes that the design of a novel network-based IDS based on the human immune system is promising for future network-based IDS's

• 한국시뮬레이션학회논문지
• /
• 제10권1호
• /
• pp.83-92
• /
• 2001

For the prevention of the network intrusion from damaging the system, both IDS (Intrusion Detection System) and Firewall are frequently applied. The collaboration of IDS and Firewall efficiently protects the network because of making up for the weak points in the each demerit. A model has been constructed based on the DEVS (Discrete Event system Specification) formalism for the simulation of the system that consists of IDS and Firewall. With this model we can simulation whether the intrusion detection, which is a core function of IDS, is effectively done under various different conditions. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network where the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. If an agent detects intrusions, it transfers attacker's information to a Firewall. Using this mechanism attacker's packets detected by IDS can be prevented from damaging the network.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2001년도 춘계종합학술대회
• /
• pp.680-683
• /
• 2001

정보 통신 기술의 발달로 인터넷 사용자의 수는 매우 증가하였으나, 컴퓨터 시스템 침입에 대한 역기능으로 엄청난 피해가 속출하고 있다. 이러한 피해를 줄이기 위해 네트워크 및 시스템 보안 메카니즘들이 다양하게 개발되어 있으며, 침입 탐지 시스템(IDS : Intrusion Detection System)이 이들 중 하나의 보안 기법으로 상용화되어 있다. 본 논문에서는 네트워크 기반으로 하는 침입탐지에 대해 기술하고, 침입 모델을 기반으로 하는 분류 중 오용(Misuse) 탐지 모델을 이용하여 불법적인 침입을 탐지하는 침입 탐지 시스템을 설계 및 구현하였다. 구현된 침입 탐지 시스템은 다양한 침입 유형을 탐지할 수 있으며, 침입 발견시 관리자에게 경고메시지와 메일을 전송하는 메카니즘들을 제공함으로써 원격지에서 관리, 감독이 가능하도록 구현하였다.

• Journal of information and communication convergence engineering
• /
• 제2권2호
• /
• pp.84-88
• /
• 2004

Firewall is not perfectly prevent hacker, Intrusion Detection System(IDS) is considered a next generation security solution for more trusted network i and system security. We propose a agent IDS model in the different platforms that can detect intrusions in the expanded distributed host environment, since that is a drawback of existing IDS. Then we implement a prototype and verify validity. We use a pattern extraction agent so that we extract audit files needed in intrusion detection automatically even in other platforms.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권10호
• /
• pp.5079-5099
• /
• 2018

Regarding to the huge number of connections and the large flow of data on the Internet, Intrusion Detection System (IDS) has a difficulty to detect attacks. Moreover, irrelevant and redundant features influence on the quality of IDS precisely on the detection rate and processing cost. Feature Selection (FS) is the important technique, which gives the issue for enhancing the performance of detection. There are different works have been proposed, but a map for understanding and constructing a state of the FS in IDS is still need more investigation. In this paper, we introduce a survey of feature selection algorithms for intrusion detection system. We describe the well-known approaches that have been proposed in FS for IDS. Furthermore, we provide a classification with a comparative study between different contribution according to their techniques and results. We identify a new taxonomy for future trends and existing challenges.

• 한국정보처리학회논문지
• /
• 제6권5호
• /
• pp.1332-1341
• /
• 1999

Rapid expansion of network and increment of computer system access cause computer security to be an important issue. Hence, the researches in intrusion detection system(IDS)are active to reduce the risk from hackers. Considering IDS, we propose a new IDS model(DABIDS : Distributed Agent Based Intelligent intrusion Detection System) based on distributed intrusion detecting agents. The DABIDS dynamically collects intrusion behavior knowledge from each agents when some doubtable behaviors of users are detected and make new agents codes using intrusion scenario data base, and broadcast the detector codes to the distributed intrusion detecting agent of all node. This DABIDS can efficiently solve the problem to reduce the overhead for training detecting agent for intrusion behavior patterns.

• 융합보안논문지
• /
• 제3권2호
• /
• pp.67-70
• /
• 2003

IT 산업이 발달하면서 개인 정보 및 회사 기밀 등과 같은 정보의 보안 문제 중요성이 대두되고 있다. 하지만 최근 들어 침입의 기술이 고도로 발달되면서 단순한 침입탐지 시스템으로는 다양한 보안사양을 만족하기 힘들다. 침입탐지 시스템은 침입을 즉각적으로 탐지하며 보고, 대처하는 기술들을 포함하는 시스템이다. 본 논문에서는 NSA(National Security Agency)의 IDS PP(Intrusion Detection System Protection Profile)와 국가기관용 IDS PP의 개념을 비교하고 TOE의 위협부분을 비교, 분석하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권10호
• /
• pp.5159-5178
• /
• 2018

Network Intrusion detection is a rapidly growing field of information security due to its importance for modern IT infrastructure. Many supervised and unsupervised learning techniques have been devised by researchers from discipline of machine learning and data mining to achieve reliable detection of anomalies. In this paper, a deep convolutional neural network (DCNN) based intrusion detection system (IDS) is proposed, implemented and analyzed. Deep CNN core of proposed IDS is fine-tuned using Randomized search over configuration space. Proposed system is trained and tested on NSLKDD training and testing datasets using GPU. Performance comparisons of proposed DCNN model are provided with other classifiers using well-known metrics including Receiver operating characteristics (RoC) curve, Area under RoC curve (AuC), accuracy, precision-recall curve and mean average precision (mAP). The experimental results of proposed DCNN based IDS shows promising results for real world application in anomaly detection systems.