• Title/Summary/Keyword: malicious traffic detection

Search Result 66, Processing Time 0.022 seconds

A Study on Dual-IDS Technique for Improving Safety and Reliability in Internet of Things (사물인터넷 환경에서 안전성과 신뢰성 향상을 위한 Dual-IDS 기법에 관한 연구)

  • Yang, Hwanseok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.13 no.1
    • /
    • pp.49-57
    • /
    • 2017
  • IoT can be connected through a single network not only objects which can be connected to existing internet but also objects which has communication capability. This IoT environment will be a huge change to the existing communication paradigm. However, the big security problem must be solved in order to develop further IoT. Security mechanisms reflecting these characteristics should be applied because devices participating in the IoT have low processing ability and low power. In addition, devices which perform abnormal behaviors between objects should be also detected. Therefore, in this paper, we proposed D-IDS technique for efficient detection of malicious attack nodes between devices participating in the IoT. The proposed technique performs the central detection and distribution detection to improve the performance of attack detection. The central detection monitors the entire network traffic at the boundary router using SVM technique and detects abnormal behavior. And the distribution detection combines RSSI value and reliability of node and detects Sybil attack node. The performance of attack detection against malicious nodes is improved through the attack detection process. The superiority of the proposed technique can be verified by experiments.

Network Intrusion Detection Using One-Class Models (단일 클래스 모델을 활용한 네트워크 침입 탐지)

  • Byeongjun Min;Daekyeong Park
    • Convergence Security Journal
    • /
    • v.24 no.3
    • /
    • pp.13-21
    • /
    • 2024
  • Recently, with the rapid expansion of networks driven by the advancements of the Fourth Industrial Revolution, cybersecurity threats are becoming increasingly severe. Traditional signature-based Network Intrusion Detection Systems (NIDS) are effective in detecting known attacks but show limitations when faced with new threats such as Advanced Persistent Threats (APT). Additionally, deep learning models based on supervised learning can lead to biased decision boundaries due to the imbalanced nature of network traffic data, where normal traffic vastly outnumbers malicious traffic. To address these challenges, this paper proposes a network intrusion detection method based on one-class models that learn only from normal data to identify abnormal traffic. The effectiveness of this approach is validated through experiments using the Deep SVDD and MemAE models on the NSL-KDD dataset. Comparative analysis with supervised learning models demonstrates that the proposed method offers superior adaptability and performance in real-world scenarios.

A Study on Improved Intrusion Detection Technique Using Distributed Monitoring in Mobile Ad Hoc Network (Mobile Ad Hoc Network에서 분산 모니터링을 이용한 향상된 침입탐지 기법 연구)

  • Yang, Hwanseok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.14 no.1
    • /
    • pp.35-43
    • /
    • 2018
  • MANET composed of only wireless nodes is increasingly utilized in various fields. However, it is exposed to many security vulnerabilities because it doesn't have any infrastructure and transmits data by using multi-hop method. Therefore, MANET should be applied the intrusion detection technique that can detect efficiently malicious nodes and decrease impacts of various attacks. In this paper, we propose a distributed intrusion detection technique that can detect the various attacks while improving the efficiency of attack detection and reducing the false positive rate. The proposed technique uses the cluster structure to manage the information in the center and monitor the traffic of their neighbor nodes directly in all nodes. We use three parameters for attack detection. We also applied an efficient authentication technique using only key exchange without the help of CA in order to provide integrity when exchanging information between cluster heads. This makes it possible to free the forgery of information about trust information of the nodes and attack nodes. The superiority of the proposed technique can be confirmed through comparative experiments with existing intrusion detection techniques.

Mutual Information Applied to Anomaly Detection

  • Kopylova, Yuliya;Buell, Duncan A.;Huang, Chin-Tser;Janies, Jeff
    • Journal of Communications and Networks
    • /
    • v.10 no.1
    • /
    • pp.89-97
    • /
    • 2008
  • Anomaly detection systems playa significant role in protection mechanism against attacks launched on a network. The greatest challenge in designing systems detecting anomalous exploits is defining what to measure. Effective yet simple, Shannon entropy metrics have been successfully used to detect specific types of malicious traffic in a number of commercially available IDS's. We believe that Renyi entropy measures can also adequately describe the characteristics of a network as a whole as well as detect abnormal traces in the observed traffic. In addition, Renyi entropy metrics might boost sensitivity of the methods when disambiguating certain anomalous patterns. In this paper we describe our efforts to understand how Renyi mutual information can be applied to anomaly detection as an offline computation. An initial analysis has been performed to determine how well fast spreading worms (Slammer, Code Red, and Welchia) can be detected using our technique. We use both synthetic and real data audits to illustrate the potentials of our method and provide a tentative explanation of the results.

A Study on the Analysis and Detection Method for Protecting Malware Spreading via E-mail (전자우편을 이용한 악성코드 유포방법 분석 및 탐지에 관한 연구)

  • Yang, Kyeong-Cheol;Lee, Su-Yeon;Park, Won-Hyung;Park, Kwang-Cheol;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.1
    • /
    • pp.93-101
    • /
    • 2009
  • This paper proposes the detection method of spreading mails which hacker injects malicious codes to steal the information. And I developed the 'Analysis model' which is decoding traffics when hacker's encoding them to steal the information. I researched 'Methodology of intrusion detection techniques' in the computer network monitoring. As a result of this simulation, I developed more efficient rules to detect the PCs which are infected malicious codes in the hacking mail. By proposing this security policy which can be applicable in the computer network environment including every government or company, I want to be helpful to minimize the damage by hacking mail with malicious codes.

A Study of Command & Control Server through Analysis - DNS query log (명령제어서버 탐색 방법 - DNS 분석 중심으로)

  • Cheon, Yang-Ha
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.8 no.12
    • /
    • pp.1849-1856
    • /
    • 2013
  • DOS attack, the short of Denial of Service attack is an internet intrusion technique which harasses service availability of legitimate users. To respond the DDoS attack, a lot of methods focusing attack source, target and intermediate network, have been proposed, but there have not been a clear solution. In this paper, we purpose the prevention of malicious activity and early detection of DDoS attack by detecting and removing the activity of botnets, or other malicious codes. For the purpose, the proposed method monitors the network traffic, especially DSN traffic, which is originated from botnets or malicious codes.

Cyber Threat Intelligence Traffic Through Black Widow Optimisation by Applying RNN-BiLSTM Recognition Model

  • Kanti Singh Sangher;Archana Singh;Hari Mohan Pandey
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.11
    • /
    • pp.99-109
    • /
    • 2023
  • The darknet is frequently referred to as the hub of illicit online activity. In order to keep track of real-time applications and activities taking place on Darknet, traffic on that network must be analysed. It is without a doubt important to recognise network traffic tied to an unused Internet address in order to spot and investigate malicious online activity. Any observed network traffic is the result of mis-configuration from faked source addresses and another methods that monitor the unused space address because there are no genuine devices or hosts in an unused address block. Digital systems can now detect and identify darknet activity on their own thanks to recent advances in artificial intelligence. In this paper, offer a generalised method for deep learning-based detection and classification of darknet traffic. Furthermore, analyse a cutting-edge complicated dataset that contains a lot of information about darknet traffic. Next, examine various feature selection strategies to choose a best attribute for detecting and classifying darknet traffic. For the purpose of identifying threats using network properties acquired from darknet traffic, devised a hybrid deep learning (DL) approach that combines Recurrent Neural Network (RNN) and Bidirectional LSTM (BiLSTM). This probing technique can tell malicious traffic from legitimate traffic. The results show that the suggested strategy works better than the existing ways by producing the highest level of accuracy for categorising darknet traffic using the Black widow optimization algorithm as a feature selection approach and RNN-BiLSTM as a recognition model.

Development of Malicious Traffic Detection and Prevention System by Embedded Module on Wireless LAN Access Point (무선 LAN Access Point에서 임베디드 형태의 유해 트래픽 침입탐지/차단 시스템 개발)

  • Lee, Hyung-Woo;Choi, Chang-Won
    • The Journal of the Korea Contents Association
    • /
    • v.6 no.12
    • /
    • pp.29-39
    • /
    • 2006
  • With the increasing popularity of the wireless network, the vulnerability issue on IEEE 802.1x Wireless Local Area Network (WLAN) are more serious than we expected. Security issues range from mis-configured wireless Access Point(AP) such as session hijacking to Denial of Service(DoS) attack. We propose a new system based on intrusion detection or prevention mechanism to protect the wireless network against these attacks. The proposed system has a security solution on AP that includes an intrusion detection and protection system(IDS/IPS) as an embedded module. In this paper, we suggest integrated wireless IDS/IPS module on AP with wireless traffic monitoring, analysis and packet filtering module against malicious wireless attacks. We also present that the system provides both enhanced security and performance such as on the university wireless campus network.

  • PDF

DDoS traffic analysis using decision tree according by feature of traffic flow (트래픽 속성 개수를 고려한 의사 결정 트리 DDoS 기반 분석)

  • Jin, Min-Woo;Youm, Sung-Kwan
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.25 no.1
    • /
    • pp.69-74
    • /
    • 2021
  • Internet access is also increasing as online activities increase due to the influence of Corona 19. However, network attacks are also diversifying by malicious users, and DDoS among the attacks are increasing year by year. These attacks are detected by intrusion detection systems and can be prevented at an early stage. Various data sets are used to verify intrusion detection algorithms, but in this paper, CICIDS2017, the latest traffic, is used. DDoS attack traffic was analyzed using the decision tree. In this paper, we analyzed the traffic by using the decision tree. Through the analysis, a decisive feature was found, and the accuracy of the decisive feature was confirmed by proceeding the decision tree to prove the accuracy of detection. And the contents of false positive and false negative traffic were analyzed. As a result, learning the feature and the two features showed that the accuracy was 98% and 99.8% respectively.

Detection of Personal Information Leakage using the Network Traffic Characteristics (네트워크 트래픽 특성을 이용한 개인정보유출 탐지기법)

  • Park, Jung-Min;Kim, Eun-Kyung;Jung, Yu-Kyung;Chae, Ki-Joon;Na, Jung-Chan
    • The KIPS Transactions:PartC
    • /
    • v.14C no.3 s.113
    • /
    • pp.199-208
    • /
    • 2007
  • In a ubiquitous network environment, detecting the leakage of personal information is very important. The leakage of personal information might cause severe problem such as impersonation, cyber criminal and personal privacy violation. In this paper, we have proposed a detection method of personal information leakage based on network traffic characteristics. The experimental results indicate that the traffic character of a real campus network shows the self-similarity and Proposed method can detect the anomaly of leakage of personal information by malicious code.