• Title/Summary/Keyword: misuse detection

Search Result 85, Processing Time 0.032 seconds

Efficient Masquerade Detection Based on SVM (SVM 기반의 효율적인 신분위장기법 탐지)

  • 김한성;권영희;차성덕
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.5
    • /
    • pp.91-104
    • /
    • 2003
  • A masquerader is someone who pretends to be another user while invading the target user's accounts, directories, or files. The masquerade attack is the most serious computer misuse. Because, in most cases, after securing the other's password, the masquerader enters the computer system. The system such as IDS could not detect or response to the masquerader. The masquerade detection is the effort to find the masquerader automatically. This system will detect the activities of a masquerader by determining that user's activities violate a profile developed for that user with his audit data. From 1988, there are many efforts on this topic, but the success of the offers was limited and the performance was unsatisfactory. In this report we propose efficient masquerade detection system using SVM which create the user profile.

An Analysis of Intrusion Pattern Based on Backpropagation Algorithm (역전파 알고리즘 기반의 침입 패턴 분석)

  • Woo Chong-Woo;Kim Sang-Young
    • Journal of Internet Computing and Services
    • /
    • v.5 no.5
    • /
    • pp.93-103
    • /
    • 2004
  • The main function of the intrusion Detection System (IDS) usee to be more or less passive detection of the intrusion evidences, but recently it is developed with more diverse types and methodologies. Especially, it is required that the IDS should process large system audit data fast enough. Therefore the data mining or neural net algorithm is being focused on, since they could satisfy those situations. In this study, we first surveyed and analyzed the several recent intrusion trends and types. And then we designed and implemented an IDS using back-propagation algorithm of the neural net, which could provide more effective solution. The distinctive feature of our study could be stated as follows. First, we designed the system that allows both the Anomaly dection and the Misuse detection. Second, we carried out the intrusion analysis experiment by using the reliable KDD Cup ‘99 data, which would provide us similar results compared to the real data. Finally, we designed the system based on the object-oriented concept, which could adapt to the other algorithms easily.

  • PDF

A Design and Implementation of Anomaly Detection Model based the Web Traffic Trend Analysis (웹 트래픽 추이 분석 기반 비정상행위 탐지 모델의 설계 및 구현)

  • Jang, Sung-Min;Park, Soon-Dong
    • Journal of the Korea Computer Industry Society
    • /
    • v.6 no.5
    • /
    • pp.715-724
    • /
    • 2005
  • Recently many important systems that used to be operated in a closed environment are now providing web services and these kinds of web-based services are often an easy and common target of attacks. In addition, the great variety of web content and applications cause the development of new various intrusion technologies, while the misuse-based intrusion detection technology cannot keep the peace with the attacks and it seems to lack the capability to deal with such various new security threats, As a result it is necessary to research and develop new types of detection technologies that can detect newly developed attacks and intrusions as well as to be able to deal with previous types of exploits. In this paper, a HTTP traffic model is tested for its anomaly by using a HTTP request traffic pattern analysis and the field information analysis of the HTTP packet. Consequently, the HTTP traffic models by applying anomaly tests is designed and established.

  • PDF

Automated Generation Algorithm of the Penetration Scenarios using Association Mining Technique (연관 마이닝 기법을 이용한 침입 시나리오 자동생성 알고리즘)

  • 정경훈;주정은;황현숙;김창수
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 1999.05a
    • /
    • pp.203-207
    • /
    • 1999
  • In this paper we propose the automated generation algorithm of penetration scenario using association mining technique. Until now known intrusion detections are classified into anomaly detection and misuse detection. The former uses statistical method, features selection, neural network method in order to decide intrusion, the latter uses conditional probability, expert system, state transition analysis, pattern matching for deciding intrusion. In proposed many intrusion detection algorithms unknown penetrations are created and updated by security experts. Our algorithm automatically generates penetration scenarios applying association mining technique to state transition technique. Association mining technique discovers efficient and useful unknown information in existing data. In this paper the algorithm we propose can automatically generate penetration scenarios to have been produced by security experts and is easy to cope with intrusions when it is compared to existing intrusion algorithms. Also It has advantage that maintenance cost is not high.

  • PDF

Simulation of Detecting the Distributed Denial of Service by Multi-Agent

  • Seo, Hee-Suk;Lee, Young-Won
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2001.10a
    • /
    • pp.59.1-59
    • /
    • 2001
  • The attackers on Internet-connected systems we are seeing today are more serious and more technically complex than those in the past. Computer security incidents are different from many other types of crimes because detection is unusually difficult. So, network security managers need a IDS and Firewall. IDS (Intrusion Detection System) monitors system activities to identify unauthorized use, misuse or abuse of computer and network system. It accomplishes these by collecting information from a variety of systems and network resources and then analyzing the information for symptoms of security problems. A Firewall is a way to restrict access between the Internet and internal network. Usually, the input ...

  • PDF

An Architecture for Efficient Intrusion Detection System of Abnormal Traffic (비정상 트래픽 상황에서 효율적 침입 탐지 시스템(EIDS) 구조 연구)

  • Kwon, Young-Jae;Lee, Du-Man;Yim, Hong-Bin;Jung, Jae-Il
    • Proceedings of the IEEK Conference
    • /
    • 2006.06a
    • /
    • pp.207-208
    • /
    • 2006
  • Intrusion detection technology is highlighted in order to establish a safe information-oriented environment. Intrusion detection system can be categorized into anomaly detection and misuse detection according to intrusion detection pattern. In this paper, we propose an architecture to make up for the defect of conventional anomaly intrusion detection. This architecture reduces additional resource consumption and cost by placing the agent in the strategic location in Internet.

  • PDF

An Anomalous Behavior Detection Method Using System Call Sequences for Distributed Applications

  • Ma, Chuan;Shen, Limin;Wang, Tao
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.2
    • /
    • pp.659-679
    • /
    • 2015
  • Distributed applications are composed of multiple nodes, which exchange information with individual nodes through message passing. Compared with traditional applications, distributed applications have more complex behavior patterns because a large number of interactions and concurrent behaviors exist among their distributed nodes. Thus, it is difficult to detect anomalous behaviors and determine the location and scope of abnormal nodes, and some attacks and misuse cannot be detected. To address this problem, we introduce a method for detecting anomalous behaviors based on process algebra. We specify the architecture of the behavior detection model and the detection algorithm. The anomalous behavior detection and analysis demonstrate that our method is a good discriminator between normal and anomalous behavior characteristics of distributed applications. Performance evaluation shows that the proposed method enhances efficiency without security degradation.

Optimizing of Intrusion Detection Algorithm Performance and The development of Evaluation Methodology (침입탐지 알고리즘 성능 최적화 및 평가 방법론 개발)

  • Shin, Dae Cheol;Kim, Hong Yoon
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.8 no.1
    • /
    • pp.125-137
    • /
    • 2012
  • As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. For such reason, lots of intrusion detection system has been developed. Intrusion detection system has abilities to detect abnormal behavior and unknown intrusions also it can detect intrusions by using patterns studied from various penetration methods. Various algorithms are studying now such as the statistical method for detecting abnormal behavior, extracting abnormal behavior, and developing patterns that can be expected. Etc. This study using clustering of data mining and association rule analyzes detecting areas based on two models and helps design detection system which detecting abnormal behavior, unknown attack, misuse attack in a large network.

Anomaly Intrusion Detection using Neuro-Fuzzy (Neuro-Fuzzy를 애용한 이상 침입 탐지)

  • 김도윤;서재현
    • Journal of the Korea Society of Computer and Information
    • /
    • v.9 no.1
    • /
    • pp.37-43
    • /
    • 2004
  • Expasion of computer network and rapid growth of Internet have made computer security very important. As one of the ways to deal with security risk, much research has been made on Intrusion Detection System(IDS). The paper, also, addresses the issue of intrusion detection, but especially with Neuro-Fuzzy model. By applying the fuzzy logic which is known to deal with uncertainty to Anomaly Intrusion, it not only overcomes the difficulty of Misuse Intrusion, but also ultimately aims to detect the intrusions yet to be known.

  • PDF

An Online Response System for Anomaly Traffic by Incremental Mining with Genetic Optimization

  • Su, Ming-Yang;Yeh, Sheng-Cheng
    • Journal of Communications and Networks
    • /
    • v.12 no.4
    • /
    • pp.375-381
    • /
    • 2010
  • A flooding attack, such as DoS or Worm, can be easily created or even downloaded from the Internet, thus, it is one of the main threats to servers on the Internet. This paper presents an online real-time network response system, which can determine whether a LAN is suffering from a flooding attack within a very short time unit. The detection engine of the system is based on the incremental mining of fuzzy association rules from network packets, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The incremental mining approach makes the system suitable for detecting, and thus, responding to an attack in real-time. This system is evaluated by 47 flooding attacks, only one of which is missed, with no false positives occurring. The proposed online system belongs to anomaly detection, not misuse detection. Moreover, a mechanism for dynamic firewall updating is embedded in the proposed system for the function of eliminating suspicious connections when necessary.