• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.5
• /
• pp.953-959
• /
• 2012

There are a number of idle nodes in sensor networks, these can act as detector nodes for anomaly detection in the network. For detecting node selection problem modeled as optimization equation, the conventional method using centralized genetic algorithm was evaluated. In this paper, a method to improve the convergence of the optimal value, while improving energy efficiency as a method of considering the characteristics of the network topology using parallel genetic algorithm is proposed. Through simulation, the proposed method compared with the conventional approaches to the convergence of the optimal value was improved and was found to be energy efficient.

• Geophysics and Geophysical Exploration
• /
• v.5 no.1
• /
• pp.56-63
• /
• 2002

Tracing the history of study, problems of seawater intrusion are commonly investigated with electrical techniques because seawater saturated zone is indicative of the low resistivity anomaly. There we, however, silt and mud layers in the western and southern coastal areas of Korea, so we may make a mistake in case we determine seawater intrusion only with resistivity survey. Hence, reference IP survey was carried out in Kimje, Jeollabuk-Do and Youngkwang, Jeollanam-Do in order to decide whether or not the area is under the influence of seawater intrusion. With the use of a electric field cable to minimize EM coupling, we obtained more accurate results by appling reference If technique measuring simultaneously wavelet of current as well as potential. With the aid of reference IP technique, it is possible that we can exactly evaluate seawater intrusion by discriminating seawater saturated area (no IP effect) from very highly conductive layer composed of clay mineral (high IP effect).

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.9
• /
• pp.440-446
• /
• 2016

Military secrets or confidential data of any organization are extremely important assets. They must be discluded from outside. To do this, methods for detecting anomalous attacks and intrusions inside the network have been proposed. However, most anomaly-detection methods only cover aspects of intrusion from outside and do not deal with internal leakage of data, inflicting greater damage than intrusions and attacks from outside. In addition, applying conventional anomaly-detection methods to data exfiltration creates many problems, because the methods do not consider a number of variables or the internal network environment. In this paper, we describe issues considered in data exfiltration detection for anomaly detection (DEDfAD) to improve the accuracy of the methods, classify the methods as profile-based detection or machine learning-based detection, and analyze their advantages and disadvantages. We also suggest future research challenges through comparative analysis of the issues with classification of the detection methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.267-281
• /
• 2012

SCADA system is a computer system that monitors and controls the national infrastructure or industrial process including transportation facilities, water treatment and distribution, electrical power transmission and distribution, and gas pipelines. The SCADA system has been operated in a closed network, but it changes to open network as information and communication technology is developed rapidly. As the way of connecting with outside user extends, the possibility of exploitation of vulnerability of SCADA system gets high. The methodology to protect the possible huge damage caused by malicious user should be developed. In this paper, we proposed anomaly detection based intrusion detection methodology by estimating self-similarity of SCADA system.

• Journal of Platform Technology
• /
• v.12 no.3
• /
• pp.62-70
• /
• 2024

Recent surveillance systems employ multiple sensors, such as cameras and radars, to enhance the accuracy of intrusion detection. However, object recognition through camera (RGB, Thermal) sensors may not always be accurate during nighttime, in adverse weather conditions, or when the intruder is camouflaged. In such situations, it is possible to detect intruders by utilizing the trajectories of objects extracted from camera or radar sensors. This paper proposes a method to detect intruders using only trajectory information in environments where object recognition is challenging. The proposed method involves training an LSTM-Attention based trajectory classification model using normal and abnormal (intrusion, loitering) trajectory data of animals and humans. This model is then used to identify abnormal human trajectories and perform intrusion detection. Finally, the validity of the proposed method is demonstrated through experiments using real data.

• Smart Media Journal
• /
• v.12 no.11
• /
• pp.36-47
• /
• 2023

Industrial Control System(ICS), which controls facilities at major industrial sites, is increasingly connected to other systems through networks. With this integration and the development of intelligent attacks that can lead to a single external intrusion as a whole system paralysis, the risk and impact of security on industrial control systems are increasing. As a result, research on how to protect and detect cyber attacks is actively underway, and deep learning models in the form of unsupervised learning have achieved a lot, and many abnormal detection technologies based on deep learning are being introduced. In this study, we emphasize the application of preprocessing methodologies to enhance the anomaly detection performance of deep learning models on time series data. The results demonstrate the effectiveness of a Wavelet Transform (WT)-based noise reduction methodology as a preprocessing technique for deep learning-based anomaly detection. Particularly, by incorporating sensor characteristics through clustering, the differential application of the Dual-Tree Complex Wavelet Transform proves to be the most effective approach in improving the detection performance of cyber attacks.

• Geophysics and Geophysical Exploration
• /
• v.2 no.2
• /
• pp.96-103
• /
• 1999

Most of saline water inousions have been diagnosed by geophysical or geochemical approach independently. The objective of this study is to provide the effective method to detect the saline water intrusion on the ground water in the vicinity of seashore using these two methods. Schulumberger sounding, frequency domain electromagnetic sounding and geochemical analysis of ground water were carried out to explore saline water intrusion. Schulumberger sounding was implemented in dry surface condition before irrigation water was introduced into the field, while electromagnetic sounding was carried out in wet ground condition after the irrigation. The purpose of duplicated measurements on the equivalent spot at different times was to investigate the variation of anomaly zone depending on the amount of ground water. It was possible to discriminate the anomalous zone due to high water saturation from the low electric resistivity zone by high salt concentrations through this way. For the verification of the geophysical result, the ground water samples in the study area were collected and analysed at the 23 points near the measuring spots. The groundwater at the spot nearest to the sea water intrusion identified by geophysical method indicates higher salinity than the standard limit concentration for agricultural irrigation water (250 mg/1). Isotope analysis of $D({^2}H)$ vs. is ${^18}O$ and PCA analysis were used to discriminate the anthropogenic pollution from those of high salinity from sea water intrusion.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.649-653
• /
• 2006

In this paper, we propose a hybrid feature extraction method in which Principal Components Analysis is combined with optimized k-Means clustering technique. Our approach hierarchically reduces the redundancy of features with high explanation in principal components analysis for choosing a good subset of features critical to improve the performance of classifiers. Based on this result, we evaluate the performance of intrusion detection by using Support Vector Machine and a nonparametric approach based on k-Nearest Neighbor over data sets with reduced features. The Experiment results with KDD Cup 1999 dataset show several advantages in terms of computational complexity and our method achieves significant detection rate which shows possibility of detecting successfully attacks.

• Proceedings of the Korean Information Science Society Conference
• /
• 1999.10c
• /
• pp.306-308
• /
• 1999

사회분야 전반이 전산화되면서 전산시스템에 대한 효과적인 침입방지와 탐지가 중요한 문제로 대두되었다. 침입행위도 정상사용행위와 마찬가지로 전산시스템 서비스를 사용하므로 호출된 서비스의 순서로 나타난다. 본 논문에서는 정상사용행위에 대한 서비스 호출순서를 모델링 한 후 사용자의 사용패턴을 정상행위와 비교해서 비정상행위(anomaly)를 탐지하는 접근방식을 사용한다. 정상 행위 모델링에는 순서정보를 통계적으로 모델링하고 펴가하는데 널리 쓰이고 있는 HMM(Hidden Markov Model)을 사용하였다. Sun사의 BSM 모듈로 얻어진 3명 사용자의 사용로그에 대하여 본 시스템을 적용한 결과, 학습되지 않은 u2r 침입에 대해 2.95%의 false-positive 오류에서 100%의 탐지율을 보여주었다.