• Title/Summary/Keyword: intrusion detection system (IDS)

Search Result 279, Processing Time 0.028 seconds

An Effective Intrusion Detection System for MobileAdHocNetwork (모바일 에드혹네트워크를 위한 효과적인 침입 탐지 시스템)

  • Shrestha, Rakesh;Park, Kyu-Jin;Park, Kwang-Chae;Choi, Dong-You;Han, Seung-Jo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2008.05a
    • /
    • pp.271-276
    • /
    • 2008
  • The intrusion detection system is one of the active fields of research in wireless networks. Intrusion detection in wireless mobile Ad hoc network is challenging because the network topologies is dynamic, lack centralization and are vulnerable to attacks. This paper is about the effective enhancement of the IDS technique that is being implemented in the mobile ad hoc network and deals with security and vulnerabilities issues which results in the better performance and detection of the intrusion.

  • PDF

A Development of Artificial Immune Model for Network Intrusion Detection (네트워크 침입 탐지를 위한 인공 면역 모델의 개발)

  • ;Peter Brently
    • Proceedings of the Korea Inteligent Information System Society Conference
    • /
    • 1999.03a
    • /
    • pp.373-379
    • /
    • 1999
  • This pqer investigates the subject of intrusion detection over networks. Existing network-based IDS's are categorised into three groups and the overall architecture of each group is summarised and assessed. A new methodology to this problem is then presented, which is inspired by the human immune system and based on a novel artificial immune model. The architecture of the model is presented and its characteristics are compared with the requirements of network-based IDS's. The paper concludes that this new approach shows considerable promise for future network-based IDS's.

  • PDF

Design of agent intrusion detection system applying data mining (데이터 마이닝을 적용한 에이전트 침입 탐지 시스템 설계)

  • Jeong Jong Kun;Lee Sung Tae;Kim Yong Ho;Lee Yun Bae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2001.05a
    • /
    • pp.676-679
    • /
    • 2001
  • As network security is coning up with significant problem after the major Internet sites were hacked nowadays, IDS(Intrusion Detection System) is considered as a next generation security solution for more reliable network and system security rather than firewall. In this paper, we propose the new IDS model which tan detect intrusion in different systems as well as which ran make real-time detection of intrusion in the expanded distributed environment in host level of drawback of existing IDS. We implement its prototype and verify its validity. We use pattern extraction agent so that we can extract automatically audit file needed in distributed intrusion detection even in other platforms.

  • PDF

Bayesian Rules Based Optimal Defense Strategies for Clustered WSNs

  • Zhou, Weiwei;Yu, Bin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.12
    • /
    • pp.5819-5840
    • /
    • 2018
  • Considering the topology of hierarchical tree structure, each cluster in WSNs is faced with various attacks launched by malicious nodes, which include network eavesdropping, channel interference and data tampering. The existing intrusion detection algorithm does not take into consideration the resource constraints of cluster heads and sensor nodes. Due to application requirements, sensor nodes in WSNs are deployed with approximately uncorrelated security weights. In our study, a novel and versatile intrusion detection system (IDS) for the optimal defense strategy is primarily introduced. Given the flexibility that wireless communication provides, it is unreasonable to expect malicious nodes will demonstrate a fixed behavior over time. Instead, malicious nodes can dynamically update the attack strategy in response to the IDS in each game stage. Thus, a multi-stage intrusion detection game (MIDG) based on Bayesian rules is proposed. In order to formulate the solution of MIDG, an in-depth analysis on the Bayesian equilibrium is performed iteratively. Depending on the MIDG theoretical analysis, the optimal behaviors of rational attackers and defenders are derived and calculated accurately. The numerical experimental results validate the effectiveness and robustness of the proposed scheme.

A Detection Rule Exchange Mechanism for the Collaborative Intrusion Detection in Defense-ESM (국방통합보안관제체계에서의 협업 침입탐지를 위한 탐지규칙 교환 기법)

  • Lee, Yun-Hwan;Lee, Soo-Jin
    • Convergence Security Journal
    • /
    • v.11 no.1
    • /
    • pp.57-69
    • /
    • 2011
  • Many heterogeneous Intrusion Detection Systems(IDSs) based in misuse detection technique including the self-developed IDS are now operating in Defense-ESM(Enterprise Security Management System). IDS based on misuse detection may have different capability in the intrusion detection process according to the frequency and quality of its signature update. This makes the integration and collaboration with other IDSs more difficult. In this paper, with the purpose of creating the proper foundation for integration and collaboration between heterogeneous IDSs being operated in Defense-ESM, we propose an effective mechanism that can enable one IDS to propagate its new detection rules to other IDSs and receive updated rules from others. We also prove the performance of rule exchange and application possibility to defense environment through the implementation and experiment.

A Distributed Communication Model of Intrusion Detection System in Active Network

  • Park, Soo-Young;Park, Sang-Gug
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2005.06a
    • /
    • pp.1577-1580
    • /
    • 2005
  • With remarkable growth of using Internet, attempts to try intrusions on network are now increasing. Intrusion Detection System is a security system which detects and copes illegal intrusions. Especially with increasing dispersive attacks through network, concerns for this Distributed Intrusion Detection are also rising. The previous Intrusion Detection System has difficulty in coping cause it detects intrusions only on particular network and only same segment. About same attacks, system lacks capacity of combining information and related data. Also it lacks cooperations against intrusions. Systematic and general security controls can make it possible to detect intrusions and deal with intrusions and predict. This paper considers Distributed Intrusion Detection preventing attacks and suggests the way sending active packets between nodes safely and performing in corresponding active node certainly. This study suggested improved E-IDS system which prevents service attacks and also studied sending messages safely by encoding. Encoding decreases security attacks in active network. Also described effective ways of dealing intrusions when misuses happens thorough case study. Previous network nodes can't deal with hacking and misuses happened in the middle nodes at all, cause it just encodes ends. With above suggested ideas, problems caused by security services can be improved.

  • PDF

Performance Evaluation of Snort System

  • Kim, Wan-Kyung;Soh, Woo-Young
    • Journal of the Speleological Society of Korea
    • /
    • no.80
    • /
    • pp.11-19
    • /
    • 2007
  • Most studies in the past in testing and benchmarking on Intrusion Detection System (IDS) were conducted as comparisons, rather than evaluation, on different IDSs. This paper presents the evaluation of the performance of one of the open source IDS, snort, in an inexpensive high availability system configuration. Redundancy and fault tolerance technology are used in deploying such IDS, because of the possible attacks that can make snort exhaust resources, degrade in performance and even crash. Several test data are used in such environment and yielded different results. CPU speed, Disk usage, memory utilization and other resources of the IDS host are also monitored. Test results with the proposed system configuration environment shows much better system availability and reliability, especially on security systems.

Communication Models and Performance Evaluation for the Delivery of Data and Policy in a Hybrid-Type Intrusion Detection System (혼합형 침입 탐지 시스템에서 데이터 및 정책 전달 통신 모델과 성능 평가)

  • Jang, Jung-Sook;Jeon, Yong-Hee;Jang, Jong-Soo;Sohn, Seung-Won
    • The KIPS Transactions:PartC
    • /
    • v.10C no.6
    • /
    • pp.727-738
    • /
    • 2003
  • Much research efforts are being exerted for the study of intrusion detection system(IDS). However little work has been for the communication medels and performance eveluation of the IDS. Here we present a communication framework for doing hybrid intrusion detection in which agents are used for local intrusion detections with a centralized data anaysis componenta for a global intrusion detection at multiple domains environment. We also assume the combination of host-based and network-based intrusion detection systems in the oberall framework. From the local domain, a set of information such as alert, and / or log data are reported to the upper level. At the root of the hierarchy, there is a global manager where data coalescing is performed. The global manager delivers a security policy to its lower levels as the result of aggregation and correlation of intrusion detection alerts. In this paper, we model the communication mechanisms for the hybrid IDS and develop a simular using OPNET modeller for the performance evaluation of transmission capabillities for the delivery of data and policy. We present and compare simulation results based on several scenarios focuding on communication delay.

Design and Implementation of an Intrusion Detection System based on Outflow Traffic Analysis (유출트래픽 분석기반의 침입탐지시스템 설계 및 구현)

  • Shin, Dong-Jin;Yang, Hae-Sool
    • The Journal of the Korea Contents Association
    • /
    • v.9 no.4
    • /
    • pp.131-141
    • /
    • 2009
  • An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. This paper proposes an intrusion detection system based outflow traffic analysis. Many research efforts and commercial products have focused on preventing intrusion by filtering known exploits or unknown ones exploiting known vulnerabilities. Complementary to these solutions, the proposed IDS can detect intrusion of unknown new mal ware before their signatures are widely distributed. The proposed IDS is consists of a outflow detector, user monitor, process monitor and network monitor. To infer user intent, the proposed IDS correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. As a complement to existing prevention system, proposed IDS decreases the danger of information leak and protects computers and networks from more severe damage.

Transmission Performance of Large Scale MANETs with IDS (IDS가 있는 대규모 MANET의 전송성능)

  • Kim, Young-Dong
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2012.10a
    • /
    • pp.642-645
    • /
    • 2012
  • MANET has disadvantage for information intrusion caused from non-infra structure. That is based on mixed problems caused from terminal devices has no capability of various resources using abilities to run intrusion prevention function, and also from difficulty of no easy using infra structural server like as firewall. In this paper, transmission performances, be effected from information intrusion and IDS(Intrusion Detection System), are analyzed for large scale MANET, and weakness from information intrusion of MANET are studied. This study is for large scale MANET which has some large communication area and lots of nodes, voice traffic, based on VoIP protocols, is considered as application services be transmitted over MANETs. Computer simulation using NS-2 is used to measure and show MOS and call connection ratios.

  • PDF