• Title/Summary/Keyword: misuse detection

Search Result 85, Processing Time 0.02 seconds

A Study of Security Rule Management for Misuse Intrusion Detection Systems using Mobile Agent (오용 침입탐지 시스템에서 모바일 에이전트를 이용한 보안규칙 관리에 관한 연구)

  • Kim, Tae-Kyung;Lee, Dong-Young;Chung, Tai-M.
    • The KIPS Transactions:PartC
    • /
    • v.10C no.5
    • /
    • pp.525-532
    • /
    • 2003
  • This paper describes intrusion detection rule management using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed approach, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2 (Network Simulator) with respect to time.

A Study of Security Rule Management for Misuse Intrusion Detection Systems using Mobile Agen (오용침입탐지시스템에서보바일에이전트를이용한보안규칙관리에관한연구)

  • Kim, Tae-Kyoung;Seo, Hee-Suk;Kim, Hee-Wan
    • Journal of the Korea Computer Industry Society
    • /
    • v.5 no.8
    • /
    • pp.781-790
    • /
    • 2004
  • This paper describes intrusion detection rule mangement using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed appraoch, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2(Network Simulator) with respect to time.

  • PDF

A Design of FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) using Naive Bayesian and Data Mining (나이브 베이지안과 데이터 마이닝을 이용한 FHIDS(Fuzzy Logic based Hybrid Intrusion Detection System) 설계)

  • Lee, Byung-Kwan;Jeong, Eun-Hee
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.5 no.3
    • /
    • pp.158-163
    • /
    • 2012
  • This paper proposes an FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) design that detects anomaly and misuse attacks by using a Naive Bayesian algorithm, Data Mining, and Fuzzy Logic. The NB-AAD(Naive Bayesian based Anomaly Attack Detection) technique using a Naive Bayesian algorithm within the FHIDS detects anomaly attacks. The DM-MAD(Data Mining based Misuse Attack Detection) technique using Data Mining within it analyzes the correlation rules among packets and detects new attacks or transformed attacks by generating the new rule-based patterns or by extracting the transformed rule-based patterns. The FLD(Fuzzy Logic based Decision) technique within it judges the attacks by using the result of the NB-AAD and DM-MAD. Therefore, the FHIDS is the hybrid attack detection system that improves a transformed attack detection ratio, and reduces False Positive ratio by making it possible to detect anomaly and misuse attacks.

Design and implementation of port scan detection improvement and algorithm connected with attack detection in IDS (침입탐지시스템에서 포트 스캔 탐지 개선 및 공격 탐지와 연계한 알고리즘 설계 및 구현)

  • Park Seong-Chul;Ko Han-Seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.3
    • /
    • pp.65-76
    • /
    • 2006
  • This paper deals with an effective algerian aimed at improving the port scan detection in an intrusion detection system (IDS). In particular, a detection correlation algerian is proposed to maximize the detection capability in the network-based IDS whereby the 'misuse' is flagged for analysis to establish intrusion profile in relation to the overall port scan detection process. In addition, we establish an appropriate system maintenance policy for port scan detection as preprocessor for improved port scan in IDS, thereby achieving minimum false positive in the misuse detection engine while enhancing the system performance.

Privacy-Preserving Cryptographic API Misuse Detection Framework Using Homomorphic Encryption (동형 암호를 활용한 프라이버시 보장 암호화 API 오용 탐지 프레임워크)

  • Seungho Kim;Hyoungshick Kim
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.5
    • /
    • pp.865-873
    • /
    • 2024
  • In this study, we propose a privacy-preserving cryptographic API misuse detection framework utilizing homomorphic encryption. The proposed framework is designed to effectively detect cryptographic API misuse while maintaining data confidentiality. We employ a Convolutional Neural Network (CNN)-based detection model and optimize its structure to ensure high accuracy even in an encrypted environment. Specifically, to enable efficient homomorphic operations, we leverage depth-wise convolutional layers and a cubic activation function to secure non-linearity, enabling effective misuse detection on encrypted data. Experimental results show that the proposed model achieved a high F1-score of 0.978, and the total execution time for the homomorphically encrypted model was 11.20 seconds, demonstrating near real-time processing efficiency. These findings confirm that the model offers excellent security and accuracy even when operating in a homomorphic encryption environment.

Learning Method for minimize false positive in IDS (침입탐지시스템에서 긍정적 결함을 최소화하기 위한 학습 방법)

  • 정종근;김철원
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.7 no.5
    • /
    • pp.978-985
    • /
    • 2003
  • The implementation of abnormal behavior detection IDS is more difficult than the implementation of misuse behavior detection IDS because usage patterns are various. Therefore, most of commercial IDS is misuse behavior detection IDS. However, misuse behavior detection IDS cannot detect system intrusion in case of modified intrusion patterns occurs. In this paper, we apply data mining so as to detect intrusion with only audit data related in intrusion among many audit data. The agent in the distributed IDS can collect log data as well as monitoring target system. False positive should be minimized in order to make detection accuracy high, that is, core of intrusion detection system. So We apply data mining algorithm for prediction of modified intrusion pattern in the level of audit data learning.

A Hybrid Model of Network Intrusion Detection System : Applying Packet based Machine Learning Algorithm to Misuse IDS for Better Performance (Misuse IDS의 성능 향상을 위한 패킷 단위 기계학습 알고리즘의 결합 모형)

  • Weon, Ill-Young;Song, Doo-Heon;Lee, Chang-Hoon
    • The KIPS Transactions:PartC
    • /
    • v.11C no.3
    • /
    • pp.301-308
    • /
    • 2004
  • Misuse IDS is known to have an acceptable accuracy but suffers from high rates of false alarms. We show a behavior based alarm reduction with a memory-based machine learning technique. Our extended form of IBL, (XIBL) examines SNORT alarm signals if that signal is worthy sending signals to security manager. An experiment shows that there exists an apparent difference between true alarms and false alarms with respect to XIBL behavior This gives clear evidence that although an attack in the network consists of a sequence of packets, decisions over Individual packet can be used in conjunction with misuse IDS for better performance.

Design and Implementation of IDS based on Misuse Detection Models (오용탐지모델 기반의 침입 탐지시스템 설계 및 구현)

  • 강진수;김남진;김창수
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2002.05d
    • /
    • pp.930-935
    • /
    • 2002
  • 본 논문은 불법 침입 탐지를 위한 정보시스템 구축에 있어 많은 연구가 진행되고 있는 침입 탐지 시스템(IDS: Intrusion Detection System)중 네트워크 기반의 오용(Misuse) 탐지 모델을 이용하여 침입 탐지 시스템을 설계 및 구현하였다. 구현된 침입 탐지 시스템은 K4 인증 기준을 모델로 삼았으며, 탐지하는 시그너쳐의 분류상 Content, DoS, Probing을 대상으로 설계되었으며, 원격으로 시스템의 관리와 감독이 가능하도록 구현하였다.

  • PDF

Framework Architecture of Intrusion Detection System against Denial-of-Service Attack, especially for Web Server System (웹서버를 위한, 서비스 거부 공격에 강한 침입탐지시스템 구성)

  • Kim, Yoon-Jeong
    • Convergence Security Journal
    • /
    • v.8 no.3
    • /
    • pp.1-8
    • /
    • 2008
  • The pattern matching part of Intrusion Detection System based on misuse-detection mechanism needs much processing time and resources, and it has become a bottleneck in system performance. Moreover, it derives denial-of-service attack. In this paper, we propose (1) framework architecture that is strong against denial-of-service attack and (2) efficient pattern matching method especially for web server system. By using both of these 2 methods, we can maintain web server system efficiently secure against attacks including denial-of-service.

  • PDF

Reinforcement Data Mining Method for Anomaly&Misuse Detection (침입탐지시스템의 정확도 향상을 위한 개선된 데이터마이닝 방법론)

  • Choi, Yun Jeong
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.1
    • /
    • pp.1-12
    • /
    • 2010
  • Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks,from 0.62 to 0.84 about 35%.