• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.37 no.5
• /
• pp.117-124
• /
• 2000

As network security is coming up with significant problem after the major Internet sites were hacked nowadays, IDS (Intrusion Detection System) is considered as a next generation security solution for more trusted network and system security We propose the new IDS model which can detect intrusion in the expanded distribute environment in host level, drawback of existing IDS, and implement prototype. We used pattern extraction agent so that we extract automatically audit file needed in intrusion detection even in other Platforms.

• Journal of the Korea Society for Simulation
• /
• v.8 no.3
• /
• pp.105-121
• /
• 1999

Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of the use of computers. Intrusion Detection System(IDS) has been an active research area to reduce the risk from intruders. We propose a new IDS model, which consists of several computers with IDS, based on the immune system model and describe the design of the IDS model and the prototype implementation of it for feasibility testing and evaluate the performance of the IDS in the aspect of detection time, detection accuracy, diversity which is feature of immune system, and system overhead. The IDSs are distributed and if any of distributed IDSs detect anomaly system call among system call sequences generated by a privilege process, the anomaly system call can be dynamically shared with other IDSs. This makes the IDSs improve the ability of immunity for new intruders.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

• Journal of Internet Computing and Services
• /
• v.5 no.5
• /
• pp.93-103
• /
• 2004

The main function of the intrusion Detection System (IDS) usee to be more or less passive detection of the intrusion evidences, but recently it is developed with more diverse types and methodologies. Especially, it is required that the IDS should process large system audit data fast enough. Therefore the data mining or neural net algorithm is being focused on, since they could satisfy those situations. In this study, we first surveyed and analyzed the several recent intrusion trends and types. And then we designed and implemented an IDS using back-propagation algorithm of the neural net, which could provide more effective solution. The distinctive feature of our study could be stated as follows. First, we designed the system that allows both the Anomaly dection and the Misuse detection. Second, we carried out the intrusion analysis experiment by using the reliable KDD Cup ‘99 data, which would provide us similar results compared to the real data. Finally, we designed the system based on the object-oriented concept, which could adapt to the other algorithms easily.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.893-896
• /
• 2002

네트워크 발달로 컴퓨터 시스템에 대한 접근이 용이해 지면서 호기심 또는 악의로 시스템을 침입 및 파괴하려는 다양한 형태의 침입 행위가 날로 증가하고 있다. 이러한 침입에 대비하여 대상 시스템에 대한 비 인가된 행위를 탐지 및 구별하고 이에 대응하는 기능을 가진 침입 탐지 시스템(IDS: Intrusion Detection System)에 대한 연구가 폭 넓게 진행되어 왔으며 다양한 형태의 IDS 들이 컴퓨터 및 네트워크 시스템에 적용되고 있다. 그러나 일반적인 IDS 는 단일 시스템에 대한 침입을 탐지하고 방어하는 것에 그 목적이 있으므로, 하나의 단위 네트워크 시스템을 효과적으로 보호하기 위해서는 단일 시스템에 대한 침입정보를 신속하게 상호 공유할 필요가 있다. 따라서 개별 Host 나 Network 장비에 분산되어 동작하는 다중의 IDS 에 대해서 통합 관리를 수행하는 통합 침입 관리시스템이 요구되어진다. 본 논문에서 제안하는 시스템은 각 IDS 들이 침입을 탐지하는 순간 이에 대한 정보를 수집하여 다른 IDS 들에게 침입에 대한 정보를 신속하게 전달하고, 정보의 종류와 수행 기능에 따른 요구사항을 프로토콜에 적절하게 반영 할 수 있는 시스템을 제안한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.9-15
• /
• 2013

Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user's behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).

• ETRI Journal
• /
• v.37 no.3
• /
• pp.502-511
• /
• 2015

Intrusion detection plays a key role in detecting attacks over networks, and due to the increasing usage of Internet services, several security threats arise. Though an intrusion detection system (IDS) detects attacks efficiently, it also generates a large number of false alerts, which makes it difficult for a system administrator to identify attacks. This paper proposes automatic fuzzy rule generation combined with a Wiener filter to identify attacks. Further, to optimize the results, simplified swarm optimization is used. After training a large dataset, various fuzzy rules are generated automatically for testing, and a Wiener filter is used to filter out attacks that act as noisy data, which improves the accuracy of the detection. By combining automatic fuzzy rule generation with a Wiener filter, an IDS can handle intrusion detection more efficiently. Experimental results, which are based on collected live network data, are discussed and show that the proposed method provides a competitively high detection rate and a reduced false alarm rate in comparison with other existing machine learning techniques.

• Journal of Multimedia Information System
• /
• v.3 no.3
• /
• pp.91-96
• /
• 2016

Network security is an interesting area in Information Technology. It has an important role for the manager monitor and control operating of the network. There are many techniques to help us prevent anomaly or malicious activities such as firewall configuration etc. Intrusion Detection System (IDS) is one of effective method help us reduce the cost to build. The more attacks occur, the more necessary intrusion detection needs. IDS is a software or hardware systems, even though is a combination of them. Its major role is detecting malicious activity. In recently, there are many researchers proposed techniques or algorithms to build a tool in this field. In this paper, we improve the performance of IDS. We explore and analyze the impact of activation functions applying to recurrent neural network model. We use to KDD cup dataset for our experiment. By our experimental results, we verify that our new tool of IDS is really significant in this field.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.71-84
• /
• 1999

The most of intrusion detection methods do not detect intrusion when it happens. To solve the problem, we are studying a real-time intrusion detection. Because a previous intrusion detection system(IDS) is running on the host level, it difficult to port and to extend to other system on the network level that distributed environment. Also IDS provides the confidentiality of messages when it sends each other. This paper proposes a model of real-time intrusion detection using agents. It applies to distributed environment using an extensibility and communication mechanism among agents, supports a portability, an extensibility and a confidentiality of IDS.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1707-1721
• /
• 2004

In this paper, we propose a distributed communication model of intrusion detection system(IDS) in which integrated security management at networks level is possible, model it at a security node and distributed system levels, design and implement a simulator. At the node level, we evaluate the transfer capability of alert message based on the analysis of giga-bit security node architecture which performs hardware-based intrusion detection. At the distributed system level, we perform the evaluation of transfer capability of detection and alert informations between components of distributed IDS. In the proposed model, we carry out the performance evaluation considering decision factors of communication mechanism and present the results in order to gain some quantitative understanding of the system.