• Title/Summary/Keyword: Anomaly Detections

Search Result 6, Processing Time 0.025 seconds

Normal Behavior Profiling based on Bayesian Network for Anomaly Intrusion Detection (이상 침입 탐지를 위한 베이지안 네트워크 기반의 정상행위 프로파일링)

  • 차병래;박경우;서재현
    • Journal of the Korea Society of Computer and Information
    • /
    • v.8 no.1
    • /
    • pp.103-113
    • /
    • 2003
  • Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles. and detectes anomaly intrusions effectively. Anomaly detections using system calls are detected only anomaly processes. But this has a Problem that doesn't detect affected various Part by anomaly processes. To improve this problem, the relation among system calls of processes is represented by bayesian probability values. Application behavior profiling by Bayesian Network supports anomaly intrusion informations . This paper overcomes the Problems of various intrusion detection models we Propose effective intrusion detection technique using Bayesian Networks. we have profiled concisely normal behaviors using behavior context. And this method be able to detect new intrusions or modificated intrusions we had simulation by proposed normal behavior profiling technique using UNM data.

  • PDF

Anomaly Detection Mechanism against DDoS on BcN (BcN 상에서의 DDoS에 대한 Anomaly Detection 연구)

  • Song, Byung-Hak;Lee, Seung-Yeon;Hong, Choong-Seon;Huh, Eui-Nam;Sohn, Seong-Won
    • Journal of Internet Computing and Services
    • /
    • v.8 no.2
    • /
    • pp.55-65
    • /
    • 2007
  • BcN is a high-quality broadband network for multimedia services integrating telecommunication, broadcasting, and Internet seamlessly at anywhere, anytime, and using any device. BcN is Particularly vulnerable to intrusion because it merges various traditional networks, wired, wireless and data networks. Because of this, one of the most important aspects in BcN is security in terms of reliability. So, in this paper, we suggest the sharing mechanism of security data among various service networks on the BcN. This distributed, hierarchical architecture enables BcN to be robust of attacks and failures, controls data traffic going in and out the backbone core through IP edge routers integrated with IDRS. Our proposed anomaly detection scheme on IDRS for BcN service also improves detection rate compared to the previous conventional approaches.

  • PDF

Design of Network Attack Detection and Response Scheme based on Artificial Immune System in WDM Networks (WDM 망에서 인공면역체계 기반의 네트워크 공격 탐지 제어 모델 및 대응 기법 설계)

  • Yoo, Kyung-Min;Yang, Won-Hyuk;Kim, Young-Chon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.35 no.4B
    • /
    • pp.566-575
    • /
    • 2010
  • In recent, artificial immune system has become an important research direction in the anomaly detection of networks. The conventional artificial immune systems are usually based on the negative selection that is one of the computational models of self/nonself discrimination. A main problem with self and non-self discrimination is the determination of the frontier between self and non-self. It causes false positive and false negative which are wrong detections. Therefore, additional functions are needed in order to detect potential anomaly while identifying abnormal behavior from analogous symptoms. In this paper, we design novel network attack detection and response schemes based on artificial immune system, and evaluate the performance of the proposed schemes. We firstly generate detector set and design detection and response modules through adopting the interaction between dendritic cells and T-cells. With the sequence of buffer occupancy, a set of detectors is generated by negative selection. The detection module detects the network anomaly with a set of detectors and generates alarm signal to the response module. In order to reduce wrong detections, we also utilize the fuzzy number theory that infers the degree of threat. The degree of threat is calculated by monitoring the number of alarm signals and the intensity of alarm occurrence. The response module sends the control signal to attackers to limit the attack traffic.

Intelligent Abnormal Situation Event Detections for Smart Home Users Using Lidar, Vision, and Audio Sensors (스마트 홈 사용자를 위한 라이다, 영상, 오디오 센서를 이용한 인공지능 이상징후 탐지 알고리즘)

  • Kim, Da-hyeon;Ahn, Jun-ho
    • Journal of Internet Computing and Services
    • /
    • v.22 no.3
    • /
    • pp.17-26
    • /
    • 2021
  • Recently, COVID-19 has spread and time to stay at home has been increasing in accordance with quarantine guidelines of the government such as recommendations to refrain from going out. As a result, the number of single-person households staying at home is also increasingsingle-person households are less likely to be notified to the outside world in times of emergency than multi-person households. This study collects various situations occurring in the home with lidar, image, and voice sensors and analyzes the data according to the sensors through their respective algorithms. Using this method, we analyzed abnormal patterns such as emergency situations and conducted research to detect abnormal signs in humans. Artificial intelligence algorithms that detect abnormalities in people by each sensor were studied and the accuracy of anomaly detection was measured according to the sensor. Furthermore, this work proposes a fusion method that complements the pros and cons between sensors by experimenting with the detectability of sensors for various situations.

Anomaly Detections Model of Aviation System by CNN (합성곱 신경망(CNN)을 활용한 항공 시스템의 이상 탐지 모델 연구)

  • Hyun-Jae Im;Tae-Rim Kim;Jong-Gyu Song;Bum-Su Kim
    • Journal of Aerospace System Engineering
    • /
    • v.17 no.4
    • /
    • pp.67-74
    • /
    • 2023
  • Recently, Urban Aircraft Mobility (UAM) has been attracting attention as a transportation system of the future, and small drones also play a role in various industries. The failure of various types of aviation systems can lead to crashes, which can result in significant property damage or loss of life. In the defense industry, where aviation systems are widely used, the failure of aviation systems can lead to mission failure. Therefore, this study proposes an anomaly detection model using deep learning technology to detect anomalies in aviation systems to improve the reliability of development and production, and prevent accidents during operation. As training and evaluating data sets, current data from aviation systems in an extremely low-temperature environment was utilized, and a deep learning network was implemented using the convolutional neural network, which is a deep learning technique that is commonly used for image recognition. In an extremely low-temperature environment, various types of failure occurred in the system's internal sensors and components, and singular points in current data were observed. As a result of training and evaluating the model using current data in the case of system failure and normal, it was confirmed that the abnormality was detected with a recall of 98 % or more.

Automated Generation Algorithm of the Penetration Scenarios using Association Mining Technique (연관 마이닝 기법을 이용한 침입 시나리오 자동생성 알고리즘)

  • 정경훈;주정은;황현숙;김창수
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 1999.05a
    • /
    • pp.203-207
    • /
    • 1999
  • In this paper we propose the automated generation algorithm of penetration scenario using association mining technique. Until now known intrusion detections are classified into anomaly detection and misuse detection. The former uses statistical method, features selection, neural network method in order to decide intrusion, the latter uses conditional probability, expert system, state transition analysis, pattern matching for deciding intrusion. In proposed many intrusion detection algorithms unknown penetrations are created and updated by security experts. Our algorithm automatically generates penetration scenarios applying association mining technique to state transition technique. Association mining technique discovers efficient and useful unknown information in existing data. In this paper the algorithm we propose can automatically generate penetration scenarios to have been produced by security experts and is easy to cope with intrusions when it is compared to existing intrusion algorithms. Also It has advantage that maintenance cost is not high.

  • PDF