• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권9호
• /
• pp.4706-4726
• /
• 2019

The paper is devoted to the detailed description of the distributed system for gathering data from Windows-based workstations and servers. The research presented in the beginning demonstrates that neither a solution for gathering data on attacks against Windows based PCs is available at present nor other security tools and supplementary programs can be combined in order to achieve the required attack data gathering from Windows computers. The design of the newly proposed system named Colander is presented, too. It is based on a client-server architecture while taking much inspiration from previous attempts for designing systems with similar purpose, as well as from IDS systems like Snort. Colander emphasizes its ease of use and minimum demand for system resources. Although the resource usage is usually low, it still requires further optimization, as is noted in the performance testing. Colander's ability to detect threats has been tested by real malware, and it has undergone a pilot field application. Future prospects and development are also proposed.

• 한국지능시스템학회논문지
• /
• 제13권4호
• /
• pp.491-498
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using FCM(Fuzzy Cognitive Maps) that can detect intrusion by the DoS attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The SPuF(Syn flooding Preventer using Fussy cognitive maps) model captures and analyzes the packet informations to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance comparison, the "KDD′99 Competition Data Set" made by MIT Lincoln Labs was used. The result of simulating the "KDD′99 Competition Data Set" in the SPuF model shows that the probe detection rates were over 97 percentages.

• 한국융합학회논문지
• /
• 제9권7호
• /
• pp.55-62
• /
• 2018

최근 다양한 사이버 범죄 위협이 증가하는 추세로 정보시스템을 대상으로 공격하는 사이버 공격에 대해 실시간 탐지 등 최전선에서 초동 대응을 해야 하는 보안관제의 중요성이 높아지고 있다. 보안관제센터, 사이버테러 대응센터, 침해 대응센터 등의 이름으로 기관의 관제인원들은 사이버 공격 예방을 위해 많은 노력을 하고 있다. 특히 침해사고 탐지를 위한 방법으로 네트워크 보안장비를 이용하거나 관제시스템을 활용하여 탐지를 하고 있지만 장비 위주의 단순한 패턴기반으로 관제를 하는 방법으로는 침해사고의 예방을 위한 방법으로는 부족하다. 그러므로 보안관제시스템은 지속적으로 고도화 되고 있으며 침해위협에 대한 예방활동으로 탐지방법에 대한 개발과 연구가 활발히 진행되고 있다. 이에 본 논문에서는 기존 침해사고 탐지 방법에 대한 문제점 개선을 위해 주요 구성 모듈의 침해사고 탐지 방법을 정의하고, 성능테스트를 통해 효율적인 보안 관제를 위한 방안을 제시하고 SIEM(Security Information Event Management)을 활용한 관제시스템 고도화를 통하여 효과적인 침해위협 탐지 방법을 연구하고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제22권3호
• /
• pp.155-162
• /
• 2022

Over the last 10 years, there has been rapid growth in the use of Machine Learning (ML) techniques to automate the process of intrusion threat detection at a scale never imagined before. This has prompted researchers, software engineers, and network specialists to rethink the applications of machine ML techniques particularly in the area of cybersecurity. As a result there exists numerous research documentations on the use ML techniques to detect and block cyber-attacks. This article is a systematic review involving the identification of published scholarly articles as found on IEEE Explore and Scopus databases. The articles exclusively related to the use of machine learning in Intrusion Detection Systems (IDS). Methods, concepts, results, and conclusions as found in the texts are analyzed. A description on the process taken in the identification of the research articles included: First, an introduction to the topic which is followed by a methodology section. A table is used to list identified research articles in the form of title, authors, methodology, and key findings.

• International Journal of Computer Science & Network Security
• /
• 제23권10호
• /
• pp.89-96
• /
• 2023

Intrusion detection has been widely studied in both industry and academia, but cybersecurity analysts always want more accuracy and global threat analysis to secure their systems in cyberspace. Big data represent the great challenge of intrusion detection systems, making it hard to monitor and analyze this large volume of data using traditional techniques. Recently, deep learning has been emerged as a new approach which enables the use of Big Data with a low training time and high accuracy rate. In this paper, we propose an approach of an IDS based on cloud computing and the integration of big data and deep learning techniques to detect different attacks as early as possible. To demonstrate the efficacy of this system, we implement the proposed system within Microsoft Azure Cloud, as it provides both processing power and storage capabilities, using a convolutional neural network (CNN-IDS) with the distributed computing environment Apache Spark, integrated with Keras Deep Learning Library. We study the performance of the model in two categories of classification (binary and multiclass) using CSE-CIC-IDS2018 dataset. Our system showed a great performance due to the integration of deep learning technique and Apache Spark engine.

• 정보처리학회논문지:소프트웨어 및 데이터공학
• /
• 제10권3호
• /
• pp.91-98
• /
• 2021

오늘날 정보통신 기술이 급격하게 발달하면서 IT 인프라에서 보안의 중요성이 높아졌고 동시에 지능형 지속 공격(Advanced Persistent Threat)처럼 고도화되고 다양한 형태의 사이버 공격이 증가하고 있다. 점점 더 고도화되는 사이버 공격을 조기에 방어하거나 예측하는 것은 매우 중요한 사안으로, NIDS(Network-based Intrusion Detection System) 관련 데이터 분석만으로는 빠르게 변형하는 사이버 공격을 방어하지 못하는 경우가 많이 보고되고 있다. 따라서 현재는 HIDS(Host-based Intrusion Detection System) 데이터 분석을 통해서 위와 같은 사이버 공격을 방어하는데 침입 탐지 시스템에서 생성된 데이터를 이용하고 있다. 본 논문에서는 기존에 사용되었던 데이터 세트에서 결여된 스레드 정보, 메타 데이터 및 버퍼 데이터를 포함한 LID-DS(Leipzig Intrusion Detection-Data Set) 호스트 기반 침입 탐지 데이터를 이용하여 기계학습 알고리즘에 관한 비교 연구를 진행했다. 사용한 알고리즘은 Decision Tree, Naive Bayes, MLP(Multi-Layer Perceptron), Logistic Regression, LSTM(Long Short-Term Memory model), RNN(Recurrent Neural Network)을 사용했다. 평가를 위해 Accuracy, Precision, Recall, F1-Score 지표와 오류율을 측정했다. 그 결과 LSTM 알고리즘의 정확성이 가장 높았다.

• IEIE Transactions on Smart Processing and Computing
• /
• 제5권2호
• /
• pp.94-99
• /
• 2016

Application layer attacks have for years posed an ever-serious threat to network security, since they always come after a technically legitimate connection has been established. In recent years, cyber criminals have turned to fully exploiting the web as a medium of communication to launch a variety of forbidden or illicit activities by spreading malicious automated software (auto-ware) such as adware, spyware, or bots. When this malicious auto-ware infects a network, it will act like a robot, mimic normal behavior of web access, and bypass the network firewall or intrusion detection system. Besides that, in a private and large network, with huge Hypertext Transfer Protocol (HTTP) traffic generated each day, communication behavior identification and classification of auto-ware is a challenge. In this paper, based on a previous study, analysis of auto-ware communication behavior, and with the addition of new features, a method for classification of HTTP auto-ware communication is proposed. For that, a Not Only Structured Query Language (NoSQL) database is applied to handle large volumes of unstructured HTTP requests captured every day. The method is tested with real HTTP traffic data collected through a proxy server of a private network, providing good results in the classification and detection of suspicious auto-ware web access.

• 정보보호학회논문지
• /
• 제27권4호
• /
• pp.763-773
• /
• 2017

최근 몇 년 동안 지속적으로 개인정보유출, 기술유출 사고가 빈번하게 발생하고 있다. 조사에 따르면 이러한 유출 사고의 주체로 가장 많은 부분을 차지하고 있는 것이 조직 내부에 있는 '내부자'로, 내부자에 의한 기술유출은 조직에 막대한 피해를 주기 때문에 점점 더 중요한 문제로 여겨지고 있다. 본 논문에서는 내부자위협을 방지하기 위해 기계학습을 이용하여 직원들의 일반적인 정상행위를 학습하고, 이에 벗어나는 비정상 행위를 탐지하기 방법에 대한 연구를 하고자 한다. Neural Network 모델 중 시계열 데이터의 학습에 적합한 Recurrent Neural Network로 구성한 Autoencoder를 구현하여 비정상 행위를 탐지하는 방법에 대한 실험을 진행하였고, 이 방법에 대한 유효성을 검증하였다.

• International Journal of Computer Science & Network Security
• /
• 제21권1호
• /
• pp.97-106
• /
• 2021

Social networking platforms have become a smart way for people to interact and meet on internet. It provides a way to keep in touch with friends, families, colleagues, business partners, and many more. Among the various social networking sites, Twitter is one of the fastest-growing sites where users can read the news, share ideas, discuss issues etc. Due to its vast popularity, the accounts of legitimate users are vulnerable to the large number of threats. Spam and Malware are some of the most affecting threats found on Twitter. Therefore, in order to enjoy seamless services it is required to secure Twitter against malicious users by fixing them in advance. Various researches have used many Machine Learning (ML) based approaches to detect spammers on Twitter. This research aims to devise a secure system based on Hybrid Similarity Cosine and Soft Cosine measured in combination with Genetic Algorithm (GA) and Artificial Neural Network (ANN) to secure Twitter network against spammers. The similarity among tweets is determined using Cosine with Soft Cosine which has been applied on the Twitter dataset. GA has been utilized to enhance training with minimum training error by selecting the best suitable features according to the designed fitness function. The tweets have been classified as spammer and non-spammer based on ANN structure along with the voting rule. The True Positive Rate (TPR), False Positive Rate (FPR) and Classification Accuracy are considered as the evaluation parameter to evaluate the performance of system designed in this research. The simulation results reveals that our proposed model outperform the existing state-of-arts.

• 인터넷정보학회논문지
• /
• 제22권1호
• /
• pp.13-22
• /
• 2021

최근 네트워크 환경에 대한 공격이 급속도로 고도화 및 지능화 되고 있기에, 기존의 시그니처 기반 침입탐지 시스템은 한계점이 명확해지고 있다. 지능형 지속 위협(Adavanced Persistent Threat; APT)과 같은 새로운 공격에 대해서 시그니처 패턴은 일반화 성능이 떨어지는 문제가 존재한다. 이러한 문제를 해결하기 위해 기계학습 기반의 침입 탐지 시스템에 대한 연구가 활발히 진행되고 있다. 하지만 실제 네트워크 환경에서 공격 샘플은 정상 샘플에 비해서 매우 적게 수집되어 클래스 불균형(Class Imbalance) 문제를 겪게 된다. 이러한 데이터로 지도 학습 기반의 이상 탐지 모델을 학습시킬 경우 정상 샘플에 편향된 결과를 가지게 된다. 본 논문에서는 이러한 불균형 문제를 해결하기 위해서 오토 인코더(Auto Encoder; AE)를 활용해 One-Class Anomaly Detection 을 수행하여 이를 극복한다. 실험은 NSL-KDD 데이터 셋을 통해 진행되었으며, 제안한 방법의 성능 평가를 위해 지도 학습된 모델들과 성능을 비교한다.