• Journal of Multimedia Information System
• /
• v.3 no.3
• /
• pp.91-96
• /
• 2016

Network security is an interesting area in Information Technology. It has an important role for the manager monitor and control operating of the network. There are many techniques to help us prevent anomaly or malicious activities such as firewall configuration etc. Intrusion Detection System (IDS) is one of effective method help us reduce the cost to build. The more attacks occur, the more necessary intrusion detection needs. IDS is a software or hardware systems, even though is a combination of them. Its major role is detecting malicious activity. In recently, there are many researchers proposed techniques or algorithms to build a tool in this field. In this paper, we improve the performance of IDS. We explore and analyze the impact of activation functions applying to recurrent neural network model. We use to KDD cup dataset for our experiment. By our experimental results, we verify that our new tool of IDS is really significant in this field.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5574-5591
• /
• 2017

Inspired by the idea of Artificial Immune System, many researches of wireless sensor network (WSN) intrusion detection is based on the artificial intelligent system (AIS). However, a large number of generated detectors, black hole, overlap problem of NSA have impeded further used in WSN. In order to improve the anomaly detection performance for WSN, detector generation mechanism need to be improved. Therefore, in this paper, a Differential Evolution Constraint Multi-objective Optimization Problem based Negative Selection Algorithm (DE-CMOP based NSA) is proposed to optimize the distribution and effectiveness of the detector. By combining the constraint handling and multi-objective optimization technique, the algorithm is able to generate the detector set with maximized coverage of non-self space and minimized overlap among detectors. By employing differential evolution, the algorithm can reduce the black hole effectively. The experiment results show that our proposed scheme provides improved NSA algorithm in-terms, the detectors generated by the DE-CMOP based NSA more uniform with less overlap and minimum black hole, thus effectively improves the intrusion detection performance. At the same time, the new algorithm reduces the number of detectors which reduces the complexity of detection phase. Thus, this makes it suitable for intrusion detection in WSN.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.97-116
• /
• 2003

Frequency of attacks on web services and the resulting damage continue to grow as web services become popular. Techniques used in web service attacks are usually different from traditional network intrusion techniques, and techniques to protect web services are badly needed. Unfortunately, conventional intrusion detection systems (IDS), especially those based on known attack signatures, are inadequate in providing reasonable degree of security to web services. An application-level IDS, tailored to web services, is needed to overcome such limitations. The first step in developing web application IDS is to analyze known attacks on web services and characterize them so that anomaly-based intrusion defection becomes possible. In this paper, we classified known attack techniques to web services by analyzing causes, locations where such attack can be easily detected, and the potential risks.

• The KIPS Transactions:PartC
• /
• v.12C no.1 s.97
• /
• pp.19-28
• /
• 2005

Recently, it has been sharply increased the interests to detect the network traffic anomalies to help protect the computer network from unknown attacks. In this paper, we propose a new anomaly detection scheme using the simple linear regression analysis for the exported LetFlow data, such as bits per second and flows per second, from a border router at a campus network. In order to verify the proposed scheme, we apply it to a real campus network and compare the results with the Holt-Winters seasonal algorithm. In particular, we integrate it into the RRDtooi for detecting the anomalies in real time.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.2
• /
• pp.77-83
• /
• 2010

Vehicular Ad Hoc Networks are self-organizing Peer-to-Peer networks that typically have highly mobile vehicle nodes, moving at high speeds, very short-lasting and unstable communication links. VANETs are formed without fixed infrastructure, central administration, and dedicated routing equipment, and network nodes are mobile, joining and leaving the network over time. So, VANET-security is very vulnerable for the intrusion of malicious and misbehaving nodes in the network, since VANETs are mostly open networks, allowing everyone connect, without centralized control. In this paper, we propose a rough set based anomaly detection method that efficiently identify malicious behavior of vehicle node activities in these VANETs, and the performance of a proposed scheme is evaluated by a simulation in terms of anomaly detection rate and false alarm rate for the threshold ${\epsilon}$.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.13-22
• /
• 2005

To improve the anomaly IDS using system calls, this study focuses on Neural Networks Learning using the Soundex algorithm which is designed to change feature selection and variable length data into a fixed length learning pattern. That is, by changing variable length sequential system call data into a fixed length behavior pattern using the Soundex algorithm, this study conducted neural networks learning by using a backpropagation algorithm with fuzzy membership function. The back-propagation neural networks and Neuro-Fuzzy technique are applied for anomaly intrusion detection of system calls using Sendmail Data of UNM to demonstrate its aspect of he complexity of time, space and MDL performance.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.411-418
• /
• 2020

In the field of information security, IDS(Intrusion Detection System) is normally classified in two different categories: signature-based IDS and anomaly-based IDS. Many studies in anomaly-based IDS have been conducted that analyze network traffic data generated in cyberspace by machine learning algorithms. In this paper, we studied pre-processing methods to overcome performance degradation problems cashed by rare classes. We experimented classification performance of a Machine Learning algorithm by reconstructing data set based on rare classes and semi rare classes. After reconstructing data into three different sets, wrapper and filter feature selection methods are applied continuously. Each data set is regularized by a quantile scaler. Depp neural network model is used for learning and validation. The evaluation results are compared by true positive values and false negative values. We acquired improved classification performances on all of three data sets.

• Journal of Internet Computing and Services
• /
• v.5 no.5
• /
• pp.93-103
• /
• 2004

The main function of the intrusion Detection System (IDS) usee to be more or less passive detection of the intrusion evidences, but recently it is developed with more diverse types and methodologies. Especially, it is required that the IDS should process large system audit data fast enough. Therefore the data mining or neural net algorithm is being focused on, since they could satisfy those situations. In this study, we first surveyed and analyzed the several recent intrusion trends and types. And then we designed and implemented an IDS using back-propagation algorithm of the neural net, which could provide more effective solution. The distinctive feature of our study could be stated as follows. First, we designed the system that allows both the Anomaly dection and the Misuse detection. Second, we carried out the intrusion analysis experiment by using the reliable KDD Cup ‘99 data, which would provide us similar results compared to the real data. Finally, we designed the system based on the object-oriented concept, which could adapt to the other algorithms easily.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.5
• /
• pp.9-15
• /
• 2018

With the advent of the 5G communication era recently, advancement of the convergence technologies related to IoT has been progressed rapidly. IoT convergence technologies using various sensors are actively applied many fields in our lives, and it contributes to the popularization of these convergence technologies among many people successfully. The security problem of the IoT which connects many things on the network is critically vulnerable and is one of the most important challenge to be solved urgently. In this paper, we design an intrusion detection and self-treatment system for IoT, which can detect external attacks and anomalies in order to solve the security problems in IoT, perform self-treatment by operating the vaccine program according to the intrusion type whenever it detects certain intrusion. Furthermore, we consider the broadcasting of intrusion alarm message according to the frequency of similar circumstances in order to block intrusion contagious in IoT.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.31-38
• /
• 2017

As the cyber-attacks through the networks advance, it is difficult for the intrusion detection system based on the simple rules to detect the novel type of attacks such as Advanced Persistent Threat(APT) attack. At present, many types of research have been focused on the application of machine learning techniques to the intrusion detection system in order to detect previously unknown attacks. In the case of using the machine learning techniques, the performance of the intrusion detection system largely depends on the feature set which is used as an input to the system. Generally, more features increase the accuracy of the intrusion detection system whereas they cause a problem when fast responses are required owing to their large elapsed time. In this paper, we present a network intrusion detection system based on artificial neural network, which adopts a multi-objective genetic algorithm to satisfy the both requirements: accuracy, and fast response. The comparison between the proposing approach and previously proposed other approaches is conducted against NSL_KDD data set for the evaluation of the performance of the proposing approach.