• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.397-406
• /
• 2003

As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, has been raised. In the field of anomaly-based IDS several artificial intelligence techniques such as hidden Markov model (HMM), artificial neural network, statistical techniques and expert systems are used to model network rackets, system call audit data, etc. However, there are undetectable intrusion types for each measure and modeling method because each intrusion type makes anomalies at individual measure. To overcome this drawback of single-measure anomaly detector, this paper proposes a multiple-measure intrusion detection method. We measure normal behavior by systems calls, resource usage and file access events and build up profiles for normal behavior with hidden Markov model, statistical method and rule-base method, which are integrated with a rule-based approach. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.6
• /
• pp.1039-1046
• /
• 2022

After the COVID-19 pandemic, the spread of the untact culture and the Fourth Industrial Revolution, which generates various types of data, generated so much data that it was not compared to before. This led to higher data throughput, revealing little by little the limitations of the existing network system centered on vendors and hardware. Recently, SDN technology centered on users and software that can overcome these limitations is attracting attention. In addition, SDN-based load balancing techniques are expected to increase efficiency in the load balancing area of the server cluster in the data center, which generates and processes vast and diverse data. Unlike existing SDN load distribution studies, this paper proposes a load distribution technique in which a controller checks the state of a server according to the occurrence of an event rather than periodic confirmation through a monitoring technique and allocates a user's request by weighting it according to a load ratio. As a result of the desired experiment, the proposed technique showed a better equal load balancing effect than the comparison technique, so it is expected to be more effective in a server cluster in a large and packet-flowing data center.