• Journal of the Korea Society of Computer and Information
• /
• v.8 no.1
• /
• pp.103-113
• /
• 2003

Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles. and detectes anomaly intrusions effectively. Anomaly detections using system calls are detected only anomaly processes. But this has a Problem that doesn't detect affected various Part by anomaly processes. To improve this problem, the relation among system calls of processes is represented by bayesian probability values. Application behavior profiling by Bayesian Network supports anomaly intrusion informations . This paper overcomes the Problems of various intrusion detection models we Propose effective intrusion detection technique using Bayesian Networks. we have profiled concisely normal behaviors using behavior context. And this method be able to detect new intrusions or modificated intrusions we had simulation by proposed normal behavior profiling technique using UNM data.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.37-43
• /
• 2004

Expasion of computer network and rapid growth of Internet have made computer security very important. As one of the ways to deal with security risk, much research has been made on Intrusion Detection System(IDS). The paper, also, addresses the issue of intrusion detection, but especially with Neuro-Fuzzy model. By applying the fuzzy logic which is known to deal with uncertainty to Anomaly Intrusion, it not only overcomes the difficulty of Misuse Intrusion, but also ultimately aims to detect the intrusions yet to be known.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.595-604
• /
• 2004

By the help of expansion of computer network and rapid growth of Internet, the information infrastructure is now able to provide a wide range of services. Especially open architecture - the inherent nature of Internet - has not only got in the way of offering QoS service, managing networks, but also made the users vulnerable to both the threat of backing and the issue of information leak. Thus, people recognized the importance of both taking active, prompt and real-time action against intrusion threat, and at the same time, analyzing the similar patterns of in-trusion already known. There are now many researches underway on Intrusion Detection System(IDS). The paper carries research on the in-trusion detection system which hired supervised learning algorithm and Fuzzy membership function especially with Neuro-Fuzzy model in order to improve its performance. It modifies tansigmoid transfer function of Neural Networks into fuzzy membership function, so that it can reduce the uncertainty of anomaly intrusion detection. Finally, the fuzzy logic suggested here has been applied to a network-based anomaly intrusion detection system, tested against intrusion data offered by DARPA 2000 Intrusion Data Sets, and proven that it overcomes the shortcomings that Anomaly Intrusion Detection usually has.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.1173-1192
• /
• 2015

The Support Vector Data Description (SVDD) has achieved great success in anomaly detection, directly finding the optimal ball with a minimal radius and center, which contains most of the target data. The SVDD has some limited classification capability, because the hyper-sphere, even in feature space, can express only a limited region of the target class. This paper presents an anomaly detection algorithm for mitigating the limitations of the conventional SVDD by finding the minimum volume enclosing ellipsoid in the feature space. To evaluate the performance of the proposed approach, we tested it with intrusion detection applications. Experimental results show the prominence of the proposed approach for anomaly detection compared with the standard SVDD.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.5 s.43
• /
• pp.157-164
• /
• 2006

The Recently, most of Internet attacks are zero-day types of the unknown attacks by Malware. Using already known Misuse Detection Technology is hard to cope with these attacks. Also, the existing information security technology reached the limits because of various attack's patterns over the Internet, as web based service became more affordable, web service exposed to the internet becomes main target of attack. This paper classifies the traffic type over the internet and suggests the Threat Management System(TMS) including the anomaly intrusion detection technologies which can detect and analyze the anomaly sign for each traffic type.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.14-21
• /
• 2005

Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.719-724
• /
• 2004

Recently, since the number of internet users is increasing rapidly and, by using the public hacking tools, general network users can intrude computer systems easily, the hacking problem is getting more serious. In order to prevent the intrusion, it is needed to detect the sign in advance of intrusion in a positive prevention by detecting the various foms of hackers' intrusion trials to know the vulnerability of systems. The existing network-based anomaly detection algorithms that cope with port- scanning and the network vulnerability scans have some weakness in intrusion detection. they can not detect slow scans and coordinated scans. therefore, the new concept of algorithm is needed to detect effectively the various forms of abnormal accesses for intrusion regardless of the intrusion methods. In this paper, SPAD(Session Pattern Anomaly Detector) is presented, which detects the abnormal service patterns by comparing them with the ordinary normal service patterns.

• Journal of Internet Computing and Services
• /
• v.4 no.2
• /
• pp.69-80
• /
• 2003

Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles, and detectes modificated anomaly intrusions effectively. In this paper, the relation among system calls of processes is represented by bayesian network and Multiple Sequence Alignment. Program behavior profiling by Bayesian Network classifies modified anomaly intrusion behaviors, and detects anomaly behaviors. we had simulation by proposed normal behavior profiling technique using UNM data.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.3
• /
• pp.544-551
• /
• 2003

Internet as being generalized, intrusion detection system is needed to protect computer system from intrusions synthetically. We propose a criterion on profiling for intrusion detection system using anomaly detection. We present the cause of false positive on profiling and propose anomaly method to control this. Finally, we propose similarity function to decide whether anomaly action or not for user pattern using pattern database.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.3
• /
• pp.22-29
• /
• 2009

In previous work, anomaly-based intrusion detection techniques have been widely used to effectively detect various intrusions into a computer. This is because the anomaly-based detection techniques can effectively handle previously unknown intrusion methods. However, most of the previous work assumed that the normal network connections are fixed. For this reason, a new network connection may be regarded as an anomalous event. This paper proposes a new anomaly detection method based on an association-mining algorithm. The proposed method is composed of two phases: intra-packet association mining and inter-packet association mining. The performances of the proposed method are comparatively verified with JAM, which is a conventional representative intrusion detection method.