• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.111-118
• /
• 2024

In general network-based intrusion detection system is designed to detect malicious behavior directed at a network or its resources. The key goal of this paper is to look at network data and identify whether it is normal traffic data or anomaly traffic data specifically for accounting information systems. In today's world, there are a variety of principles for detecting various forms of network-based intrusion. In this paper, we are using supervised machine learning techniques. Classification models are used to train and validate data. Using these algorithms we are training the system using a training dataset then we use this trained system to detect intrusion from the testing dataset. In our proposed method, we will detect whether the network data is normal or an anomaly. Using this method we can avoid unauthorized activity on the network and systems under that network. The Decision Tree and K-Nearest Neighbor are applied to the proposed model to classify abnormal to normal behaviors of network traffic data. In addition to that, Logistic Regression Classifier and Support Vector Classification algorithms are used in our model to support proposed concepts. Furthermore, a feature selection method is used to collect valuable information from the dataset to enhance the efficiency of the proposed approach. Random Forest machine learning algorithm is used, which assists the system to identify crucial aspects and focus on them rather than all the features them. The experimental findings revealed that the suggested method for network intrusion detection has a neglected false alarm rate, with the accuracy of the result expected to be between 95% and 100%. As a result of the high precision rate, this concept can be used to detect network data intrusion and prevent vulnerabilities on the network.

• The Journal of the Korea Contents Association
• /
• v.8 no.6
• /
• pp.54-65
• /
• 2008

When DDoS attack is achieved, malicious host discovering is more difficult on wireless network than existing wired network environment. Specially, because wireless network is weak on wireless user authentication attack and packet spoofing attack, advanced technology should be studied in reply. Integrated Access Device (IAD) that support VoIP communication facility etc with wireless routing function recently is developed and is distributed widely. IAD is alternating facility that is offered in existent AP. Therefore, advanced traffic classification function and real time attack detection function should be offered in IAD on wireless network environment. System that is presented in this research collects client information of wireless network that connect to IAD using AirSensor. And proposed mechanism also offers function that collects the wireless client's attack packet to monitoring its legality. Also the proposed mechanism classifies and detect the attack packet with W-TMS system that was received to IAD. As a result, it was possible for us to use IAD on wireless network service stably.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.12
• /
• pp.483-490
• /
• 2019

In the Network Intrusion Detection System (NIDS), the function of classification is very important, and detection performance depends on various features. Recently, a lot of research has been carried out on deep learning, but network intrusion detection system experience slowing down problems due to the large volume of traffic and a high dimensional features. Therefore, we do not use deep learning as a classification, but as a preprocessing process for feature extraction and propose a research method from which classifications can be made based on extracted features. A stacked AutoEncoder, which is a representative unsupervised learning of deep learning, is used to extract features and classifications using the Random Forest classification algorithm. Using the data collected in the IOT environment, the performance was more than 99% when normal and attack traffic are classified into multiclass, and the performance and detection rate were superior even when compared with other models such as AE-RF and Single-RF.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.3
• /
• pp.612-622
• /
• 2017

Long-lived flowed termed as elephant flows in data center networks have a tendency to consume a lot of bandwidth, leaving delay-sensitive short-lived flows referred to as mice flows choked behind them. This results in non-trivial delays for mice flows, eventually degrading application performance running on the network. Therefore, a datacenter network should be able to classify, detect, and visualize elephant flows as well as provide QoS guarantees in real-time. In this paper we aim to focus on: 1) a proposed framework for real-time detection and visualization of elephant flows in SDN using sFlow. This allows to examine elephant flows traversing a switch by double-clicking the switch node in the topology visualization UI; 2) an approach to guarantee QoS that is defined and administered by a SDN controller and specifications offered by OpenFlow. In the scope of this paper, we will focus on the use of rate-limiting (traffic-shaping) classification technique within an SDN network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.11
• /
• pp.5568-5587
• /
• 2018

This research uses artificial intelligence methods for computer network intrusion detection system modeling. Primary classification is done using self-organized maps (SOM) in two levels, while the secondary classification of ambiguous data is done using Sugeno type Fuzzy Inference System (FIS). FIS is created by using Adaptive Neuro-Fuzzy Inference System (ANFIS). The main challenge for this system was to successfully detect attacks that are either unknown or that are represented by very small percentage of samples in training dataset. Improved algorithm for SOMs in second layer and for the FIS creation is developed for this purpose. Number of clusters in the second SOM layer is optimized by using our improved algorithm to minimize amount of ambiguous data forwarded to FIS. FIS is created using ANFIS that was built on ambiguous training dataset clustered by another SOM (which size is determined dynamically). Proposed hybrid model is created and tested using NSL KDD dataset. For our research, NSL KDD is especially interesting in terms of class distribution (overlapping). Objectives of this research were: to successfully detect intrusions represented in data with small percentage of the total traffic during early detection stages, to successfully deal with overlapping data (separate ambiguous data), to maximize detection rate (DR) and minimize false alarm rate (FAR). Proposed hybrid model with test data achieved acceptable DR value 0.8883 and FAR value 0.2415. The objectives were successfully achieved as it is presented (compared with the similar researches on NSL KDD dataset). Proposed model can be used not only in further research related to this domain, but also in other research areas.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.411-418
• /
• 2020

In the field of information security, IDS(Intrusion Detection System) is normally classified in two different categories: signature-based IDS and anomaly-based IDS. Many studies in anomaly-based IDS have been conducted that analyze network traffic data generated in cyberspace by machine learning algorithms. In this paper, we studied pre-processing methods to overcome performance degradation problems cashed by rare classes. We experimented classification performance of a Machine Learning algorithm by reconstructing data set based on rare classes and semi rare classes. After reconstructing data into three different sets, wrapper and filter feature selection methods are applied continuously. Each data set is regularized by a quantile scaler. Depp neural network model is used for learning and validation. The evaluation results are compared by true positive values and false negative values. We acquired improved classification performances on all of three data sets.

• The Journal of the Korea Contents Association
• /
• v.21 no.1
• /
• pp.277-283
• /
• 2021

Traffic data by vehicle classification are important data used as basic data in various fields such as road and traffic design. Traffic data is collected through permanent and temporary surveys and is provided as an annual average daily traffic (AATD) in the statistical yearbook of road traffic. permanent surveys are collected through traffic collection equipment (AVC), and the AVC consists of a loop sensor that detects traffic volume and a piezo sensor that detects the number of axes. Due to the nature of the buried type of traffic collection equipment, missing data is generated due to failure of detection equipment. In the existing method, it is corrected through historical data and the trend of traffic around the point. However, this method has a disadvantage in that it does not reflect temporal and spatial characteristics and that the existing data used for correction may also be a correction value. In this study, we proposed a method to correct the missing traffic volume by calculating the axis correction coefficient through the accumulated number of axes acquired by using a piezo sensor that can detect the axis of the vehicle. This has the advantage of being able to reflect temporal and spatial characteristics, which are the limitations of the existing methods, and as a result of comparative evaluation, the error rate was derived lower than that of the existing methods. The traffic volume correction system using axis count is judged as a correction method applicable to the field system with a simple algorithm.

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.201-217
• /
• 2006

In this paper, we collected the physical traces from high speed Internet backbone traffic and analyze the various characteristics of the underlying packet traces. Particularly, our work is focused on analyzing the characteristics of an anomalous traffic. It is found that in our data, the anomalous traffic is caused by UDP session traffic and we determined that it was one of the Denial of Service attacks. In this work, we adopted the unsupervised machine learning algorithm to classify the network flows. We apply the k-means clustering algorithm to train the learner. Via the Cramer-Yon-Misses test, we confirmed that the proposed classification method which is able to detect anomalous traffic within 1 second can accurately predict the class of a flow and can be effectively used in determining the anomalous flows.

• Journal of Navigation and Port Research
• /
• v.42 no.4
• /
• pp.277-282
• /
• 2018

Recently, the Vessel Traffic Service (VTS) coverage has expanded to include coastal areas following the increased attention on vessel traffic safety. However, it has increased the workload on the VTS operators. In some cases, when the traffic volume increases sharply during the rush hour, the VTS operator may not be aware of the risks. Therefore, in this paper, we proposed a new method to recognize ship movement anomalies automatically to support the VTS operator's decision-making. The proposed method generated traffic pattern model without any category information using the unsupervised learning algorithm.. The anomaly score can be calculated by classification and comparison of the trained model. Finally, we reviewed the experimental results using a ship-handling simulator and the actual trajectory data to verify the feasibility of the proposed method.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.19 no.4
• /
• pp.13-29
• /
• 2020

Automobiles have long been an essential part of daily life, but the social costs of car traffic accidents exceed 9% of the national budget of Korea. Hence, it is necessary to establish prevention and response system for car traffic accidents. In order to present a model that can classify and predict the degree of injury in car traffic accidents, we used big data analysis techniques of K-nearest neighbor, logistic regression analysis, naive bayes classifier, decision tree, and ensemble algorithm. The performances of the models were analyzed by using the data on the nationwide traffic accidents over the past three years. In particular, considering the difference in the number of data among the respective injury severity levels, we used down-sampling methods for the group with a large number of samples to enhance the accuracy of the classification of the models and then verified the statistical significance of the models using ANOVA.