• Journal of information and communication convergence engineering
• /
• 제7권1호
• /
• pp.7-12
• /
• 2009

The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

• 한국정보통신학회논문지
• /
• 제11권12호
• /
• pp.2287-2297
• /
• 2007

제안한 ANIDS(Advanced Network based IDS)는 네트워크 패킷을 수집하여 연관규칙 마이닝 기법을 이용하여 패킷의 연관성을 분석하고, 연관성이 높은 패킷을 이용해 패턴 그래프를 생성한 후, 생성된 패턴 그래프를 이용해 침입인지를 판단하는 네트워크 기반 침입 탐지 시스템이다. ANIDS는 패킷 수집 및 관리하는 PMM(Packet Management Module), 연관성 있는 패킷들만을 이용해 패턴 그래프를 생성하는 PGGM (Pattern Graph Generate Module), 침입을 탐지하는 IDM(Intrusion Detection Module)으로 구성된다. 특히, PGGM은 Apriori 알고리즘을 이용해 $Sup_{min}$보다 큰 연관규칙의 후보 패킷을 찾은 후, 연관규칙의 신뢰도를 측정하여 최소 신뢰도 $Conf_{min}$보다 큰 연관규칙의 패턴 그래프를 생성한다. ANIDS는 패킷간의 연관성을 분석하여 침입인지를 탐지 할 수 있는 패턴 그래프를 사용함으로써, 침입 탐지의 긍정적 결함 오류를 감소시킬 수 있으며, 완벽한 패턴 그래프 패턴이 생성되기 전에, 이미 침입으로 판정된 패턴 그래프 패턴과 비교하여 유사한 패턴 형태를 침입으로 간주하므로 기존의 침입 탐지 시스템에 비해 침입 탐지속도를 감소시키고 침입 탐지율을 증가시킬 수 있다.

• Journal of Communications and Networks
• /
• 제14권3호
• /
• pp.310-318
• /
• 2012

Detecting intrusion attacks accurately and rapidly in wireless networks is one of the most challenging security problems. Intrusion attacks of various types can be detected by the change in traffic flow that they induce. Wireless industrial networks based on the wireless networks for industrial automation-process automation (WIA-PA) standard use a superframe to schedule network communications. We propose an intrusion detection system for WIA-PA networks. After modeling and analyzing traffic flow data by time-sequence techniques, we propose a data traffic prediction model based on autoregressive moving average (ARMA) using the time series data. The model can quickly and precisely predict network traffic. We initialized the model with data traffic measurements taken by a 16-channel analyzer. Test results show that our scheme can effectively detect intrusion attacks, improve the overall network performance, and prolong the network lifetime.

• 디지털산업정보학회논문지
• /
• 제11권4호
• /
• pp.33-45
• /
• 2015

Currently, Internet is used an essential tool in the business area. Despite this importance, there is a risk of network attacks attempting collection of fraudulence, private information, and cyber terrorism. Firewalls and IDS(Intrusion Detection System) are tools against those attacks. IDS is used to determine whether a network data is a network attack. IDS analyzes the network data using various techniques including expert system, data mining, and state transition analysis. This paper tries to compare the performance of two data mining models in detecting network attacks. They are decision tree (C4.5), and neural network (FANN model). I trained and tested these models with data and measured the effectiveness in terms of detection accuracy, detection rate, and false alarm rate. This paper tries to find out which model is effective in intrusion detection. In the analysis, I used KDD Cup 99 data which is a benchmark data in intrusion detection research. I used an open source Weka software for C4.5 model, and C++ code available for FANN model.

• Journal of Multimedia Information System
• /
• 제6권4호
• /
• pp.165-172
• /
• 2019

Machine-learning techniques have been actively employed to information security in recent years. Traditional rule-based security solutions are vulnerable to advanced attacks due to unpredictable behaviors and unknown vulnerabilities. By employing ML techniques, we are able to develop intrusion detection systems (IDS) based on anomaly detection instead of misuse detection. Moreover, threshold issues in anomaly detection can also be resolved through machine-learning. There are very few datasets for network intrusion detection compared to datasets for malicious code. KDD CUP 99 (KDD) is the most widely used dataset for the evaluation of IDS. Numerous studies on ML-based IDS have been using KDD or the upgraded versions of KDD. In this work, we develop an IDS model using CSE-CIC-IDS 2018, a dataset containing the most up-to-date common network attacks. We employ deep-learning techniques and develop a convolutional neural network (CNN) model for CSE-CIC-IDS 2018. We then evaluate its performance comparing with a recurrent neural network (RNN) model. Our experimental results show that the performance of our CNN model is higher than that of the RNN model when applied to CSE-CIC-IDS 2018 dataset. Furthermore, we suggest a way of improving the performance of our model.

• 한국지능시스템학회:학술대회논문집
• /
• 한국퍼지및지능시스템학회 2003년도 ISIS 2003
• /
• pp.660-663
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

• International Journal of Computer Science & Network Security
• /
• 제24권5호
• /
• pp.111-118
• /
• 2024

In general network-based intrusion detection system is designed to detect malicious behavior directed at a network or its resources. The key goal of this paper is to look at network data and identify whether it is normal traffic data or anomaly traffic data specifically for accounting information systems. In today's world, there are a variety of principles for detecting various forms of network-based intrusion. In this paper, we are using supervised machine learning techniques. Classification models are used to train and validate data. Using these algorithms we are training the system using a training dataset then we use this trained system to detect intrusion from the testing dataset. In our proposed method, we will detect whether the network data is normal or an anomaly. Using this method we can avoid unauthorized activity on the network and systems under that network. The Decision Tree and K-Nearest Neighbor are applied to the proposed model to classify abnormal to normal behaviors of network traffic data. In addition to that, Logistic Regression Classifier and Support Vector Classification algorithms are used in our model to support proposed concepts. Furthermore, a feature selection method is used to collect valuable information from the dataset to enhance the efficiency of the proposed approach. Random Forest machine learning algorithm is used, which assists the system to identify crucial aspects and focus on them rather than all the features them. The experimental findings revealed that the suggested method for network intrusion detection has a neglected false alarm rate, with the accuracy of the result expected to be between 95% and 100%. As a result of the high precision rate, this concept can be used to detect network data intrusion and prevent vulnerabilities on the network.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.1051-1055
• /
• 2003

Policies are collections of general principles specifying the desired behavior and state of a system. Network management is mainly carried out by following policies about the behavior of the resources in the network. Policy-based (PB) network management supports to manage distributed system in a flexible and dynamic way. This paper focuses on configuration management based on Internet Engineering Task Force (IETF) standards. Network security approaches include the usage of intrusion detection system to detect the intrusion, building firewall to protect the internal systems and network. This paper presents how the policy-based framework is collaborated among the network security systems (intrusion detection system, firewall) and intrusion detection systems are cooperated to detect the intrusions.

• 한국정보전자통신기술학회논문지
• /
• 제10권1호
• /
• pp.38-45
• /
• 2017

정보 처리 기술의 컴퓨터 및 네트워크 의존도가 심화됨에 따라 컴퓨터 및 네트워크에 대한 침입 사례가 갈수록 증가하고 있다. 시스템 및 네트워크의 침입을 방지하기 위하여 호스트와 네트워크 기반 침입차단시스템(방화벽 등)이 개발되었지만 기존의 규칙 기반의 침입차단시스템만으로는 보안 관리에 많은 어려움이 있다. 이러한 이유로 인해 시스템 및 네트워크 자원에 대한 침입을 실시간으로 탐지하고 이에 대처하는 침입탐지시스템 개발에 대한 요구가 증가하고 있다. 본 논문에서는 비선형 자료에도 적용 가능하며 수렴성이 보장된 실시간 특징 추출 방법으로 APEX 알고리즘과 점증적 LS-SVM 분류기를 결합한 실시간 침입탐지 시스템을 개발하였다. 일반적으로 실시간 처리 방식은 메모리의 효율성이 좋고 학습 자료의 추가를 허용하는 장점이 있지만 일괄처리 방식에 비해 정확도가 떨어지는 단점이 있다. 따라서 제안한 시스템은 정확도 면에서도 일괄 처리 방식과 비슷한 성능을 나타내고 있어 상용화가 가능한 시스템이다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권7호
• /
• pp.1874-1893
• /
• 2012

An approach to detect abnormal activities based on reputations created individually by each node is vulnerable to a false accusation since intrusion detection in ad-hoc networks is done in a distributed and cooperative manner. Detection of false accusation is considered important because the efficiency or survivability of the network can be degraded severely if normal nodes were excluded from the network by being considered as abnormal ones in the intrusion detection process. In this paper, we propose an improved reputation-based intrusion detection technique to efficiently detect and manage false accusations in ad-hoc networks. Additionally, we execute simulations of the proposed technique to analyze its performance and feasibility to be implemented in a real environment.