• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3884-3910
• /
• 2016

Intrusion Detection System (IDS) in general considers a big amount of data that are highly redundant and irrelevant. This trait causes slow instruction, assessment procedures, high resource consumption and poor detection rate. Due to their expensive computational requirements during both training and detection, IDSs are mostly ineffective for real-time anomaly detection. This paper proposes a dimensionality reduction technique that is able to enhance the performance of IDSs up to constant time O(1) based on the Principle Component Analysis (PCA). Furthermore, the present study offers a feature selection approach for identifying major components in real time. The PCA algorithm transforms high-dimensional feature vectors into a low-dimensional feature space, which is used to determine the optimum volume of factors. The proposed approach was assessed using HTTP packet payload of ISCX 2012 IDS and DARPA 1999 dataset. The experimental outcome demonstrated that our proposed anomaly detection achieved promising results with 97% detection rate with 1.2% false positive rate for ISCX 2012 dataset and 100% detection rate with 0.06% false positive rate for DARPA 1999 dataset. Our proposed anomaly detection also achieved comparable performance in terms of computational complexity when compared to three state-of-the-art anomaly detection systems.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.9-15
• /
• 2013

Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user's behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.9-13
• /
• 2005

Computer security has become a critical issue with the rapid development of business and other transaction systems over the Internet. The application of artificial intelligence, machine learning and data mining techniques to intrusion detection systems has been increasing recently. But most research is focused on improving the classification performance of a classifier. Selecting important features from input data leads to simplification of the problem, and faster and more accurate detection rates. Thus selecting important features is an important issue in intrusion detection. Another issue in intrusion detection is that most of the intrusion detection systems are performed by off-line and it is not a suitable method for a real-time intrusion detection system. In this paper, we develop the real-time intrusion detection system, which combines an on-line feature extraction method with the Least Squares Support Vector Machine classifier. Applying the proposed system to KDD CUP 99 data, experimental results show that it has a remarkable feature extraction and classification performance compared to existing off-line intrusion detection systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.27-37
• /
• 2011

The IDS/IPS(Intrusion Detection/Prevention System) has been widely deployed to protect the internal network against internet attacks. Reducing the packet inspection time is one of the most important challenges of improving the performance of the IDS/IPS. Since the IDS/IPS needs to match multiple patterns for the incoming traffic, we may have to apply the multiple pattern matching schemes, some of which use finite automata, while the others use the shift table. In this paper, we first show that the performance of those schemes would degrade with various kinds of pattern sets and payload, and then propose a hybrid multiple pattern matching scheme which combines those two schemes. The proposed scheme is organized to guarantee an appropriate level of performance in any cases. The experimental results using real traffic show that the time required to do multiple pattern matching could be reduced effectively.

• Journal of the Korean Society of Fisheries and Ocean Technology
• /
• v.50 no.1
• /
• pp.21-29
• /
• 2014

The dynamic information of radar and automatic identification system (AIS) for targets obtained from the traffic vessels operating in the north outer harbor and surrounding waters of Busan port, Korea. The target information was analyzed to investigate the potential collision risk resulting from the invalid true heading (HDT) information of AIS and the integration ambiguity in the graphic presentation of both tracked data sets for two systems. An integrated display system (IDS) for supporting the navigator of offshore fishing vessels was also developed to find possible maneuvering solutions for collision avoidance by comparing radar data with AIS data in real-time at sea. Consequently, the multiple functions of IDS can provide additional information that is potentially valuable for taking action to avoid the collision in offshore fishing vessels. However, the integration criteria of radar and AIS targets in the IDS must be carefully established to eliminate the fusion ambiguity in the graphic presentation of both AIS and radar symbols such as the one or two physical targets which are very close to each other.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.676-679
• /
• 2001

As network security is coning up with significant problem after the major Internet sites were hacked nowadays, IDS(Intrusion Detection System) is considered as a next generation security solution for more reliable network and system security rather than firewall. In this paper, we propose the new IDS model which tan detect intrusion in different systems as well as which ran make real-time detection of intrusion in the expanded distributed environment in host level of drawback of existing IDS. We implement its prototype and verify its validity. We use pattern extraction agent so that we can extract automatically audit file needed in distributed intrusion detection even in other platforms.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1093-1095
• /
• 2007

As the networking and data communication technology is making progress, there has been an augmented concern about the security. Intrusion Detection and Prevention Systems have long being providing a reliable layer in the field of Network Security. Intrusion Detection System works on analyzing the traffic and finding a known intrusion or attack pattern in that traffic. But as the new technology provides betterment for the world of the Internet; it also provides new and efficient ways for hacker to intrude in the system. Hence, these patterns on which IDS & IPS work need to be updated. For detecting the power and knowledge of attackers we sometimes make use of Honey-pots. In this paper, we propose a Honey-pot architecture that automatically updates the Intrusion's Signature Knowledge Base of the IDS in a Network.

• ETRI Journal
• /
• v.38 no.2
• /
• pp.397-404
• /
• 2016

In group-oriented applications, it is often required to verify a group of signatures/messages. The individual verification of signed messages in such applications comes at a high cost in terms of computations and time. To improve computational efficiency and to speed up the verification process, a batch verification technique is a good alternative to individual verification. Such a technique is useful in many real-world applications, such as mail servers, e-commerce, banking transactions, and so on. In this work, we propose a new, efficient identity-based signature (IDS) scheme supporting batch verifications. We prove that the proposed IDS scheme and its various types of batch verifications is tightly related to the Computational Diffie.Hellman problem under a random oracle paradigm. We compare the efficiency of the proposed scheme with related schemes that support batch verifications.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.6
• /
• pp.435-445
• /
• 2013

One of the most challenging issues in radio frequency identification (RFID) and near field communications (NFC) is to correctly and quickly recognize a number of tag IDs in the reader's field. Unlike the probabilistic anti-collision schemes, a query tree based protocol guarantees to identify all the tags, where the distribution of tag IDs is assumed to be uniform. However, in real implements, the prefix of tag ID is uniquely assigned by the EPCglobal and the remaining part is sequentially given by a company or manufacturer. In this paper, we propose an enhanced M-ary query tree protocol (EMQT), which effectively reduces unnecessary query-response cycles between similar tag IDs using m-bit arbitration and tag expectation. The theoretical analysis and simulation results show that the EMQT significantly outperforms other schemes in terms of identification time, identification efficiency and communications overhead.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.13 no.2
• /
• pp.237-242
• /
• 2003

In this paper, we propose a new adaptive intrusion detection algorithm based on clustering: Kernel-ART, which is composed of the on-line clustering algorithm, ART (adaptive resonance theory), combining with mercer-kernel and concept vector. Kernel-ART is not only satisfying all desirable characteristics in the context of clustering-based IDS but also alleviating drawbacks associated with the supervised learning IDS. It is able to detect various types of intrusions in real-time by means of generating clusters incrementally.