• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.5 no.2
• /
• pp.371-384
• /
• 2001

In these days, it is continuously increased to the intrusion of system in internet environment. The methods of intrusion detection can be largely classified into anomaly detection and misuse detection. The former uses statistical methods, features selection method in order to detect intrusion, the latter uses conditional probability, expert system, state transition analysis, pattern matching. The existing studies for IDS(intrusion detection system) use combined methods. In this paper, we propose a new intrusion detection algorithm combined both state transition analysis and association mining techniques. For the intrusion detection, the first step is generated state table for transmitted commands through the network. This method is similar to the existing state transition analysis. The next step is decided yes or no for intrusion using the association mining technique. According to this processing steps, we present the automated generation algorithm of the penetration scenarios.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.5159-5178
• /
• 2018

Network Intrusion detection is a rapidly growing field of information security due to its importance for modern IT infrastructure. Many supervised and unsupervised learning techniques have been devised by researchers from discipline of machine learning and data mining to achieve reliable detection of anomalies. In this paper, a deep convolutional neural network (DCNN) based intrusion detection system (IDS) is proposed, implemented and analyzed. Deep CNN core of proposed IDS is fine-tuned using Randomized search over configuration space. Proposed system is trained and tested on NSLKDD training and testing datasets using GPU. Performance comparisons of proposed DCNN model are provided with other classifiers using well-known metrics including Receiver operating characteristics (RoC) curve, Area under RoC curve (AuC), accuracy, precision-recall curve and mean average precision (mAP). The experimental results of proposed DCNN based IDS shows promising results for real world application in anomaly detection systems.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.111-118
• /
• 2024

In general network-based intrusion detection system is designed to detect malicious behavior directed at a network or its resources. The key goal of this paper is to look at network data and identify whether it is normal traffic data or anomaly traffic data specifically for accounting information systems. In today's world, there are a variety of principles for detecting various forms of network-based intrusion. In this paper, we are using supervised machine learning techniques. Classification models are used to train and validate data. Using these algorithms we are training the system using a training dataset then we use this trained system to detect intrusion from the testing dataset. In our proposed method, we will detect whether the network data is normal or an anomaly. Using this method we can avoid unauthorized activity on the network and systems under that network. The Decision Tree and K-Nearest Neighbor are applied to the proposed model to classify abnormal to normal behaviors of network traffic data. In addition to that, Logistic Regression Classifier and Support Vector Classification algorithms are used in our model to support proposed concepts. Furthermore, a feature selection method is used to collect valuable information from the dataset to enhance the efficiency of the proposed approach. Random Forest machine learning algorithm is used, which assists the system to identify crucial aspects and focus on them rather than all the features them. The experimental findings revealed that the suggested method for network intrusion detection has a neglected false alarm rate, with the accuracy of the result expected to be between 95% and 100%. As a result of the high precision rate, this concept can be used to detect network data intrusion and prevent vulnerabilities on the network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.647-660
• /
• 2022

Recent works demonstrate that the semi-supervised anomaly detection method functions quite well in the environment with normal data and some anomalous data. However, abnormal data shortages can occur in an environment where it is difficult to reserve anomalous data, such as an unknown attack in the cyber security fields. In this paper, we propose ADA-PH(Abnormal Data Augmentation Method using Perturbation based on Hypersphere), a novel anomalous data augmentation method that is applicable in an environment where abnormal data is insufficient to secure the performance of the semi-supervised anomaly detection method. ADA-PH generates abnormal data by perturbing samples located relatively far from the center of the hypersphere. With the network intrusion detection datasets where abnormal data is rare, ADA-PH shows 23.63% higher AUC performance than anomaly detection without data augmentation and even performs better than the other augmentation methods. Also, we further conduct quantitative and qualitative analysis on whether generated abnormal data is anomalous.

• Journal of the Korea Society for Simulation
• /
• v.8 no.3
• /
• pp.105-121
• /
• 1999

Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of the use of computers. Intrusion Detection System(IDS) has been an active research area to reduce the risk from intruders. We propose a new IDS model, which consists of several computers with IDS, based on the immune system model and describe the design of the IDS model and the prototype implementation of it for feasibility testing and evaluate the performance of the IDS in the aspect of detection time, detection accuracy, diversity which is feature of immune system, and system overhead. The IDSs are distributed and if any of distributed IDSs detect anomaly system call among system call sequences generated by a privilege process, the anomaly system call can be dynamically shared with other IDSs. This makes the IDSs improve the ability of immunity for new intruders.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2002.05d
• /
• pp.951-954
• /
• 2002

최근의 침입탐지시스템(IDS: Intrusion Detection System) 기술동향은 Misuse 방식의 규칙 데이터베이스 변경에 대한 한계성 때문에 Anomaly 방식의 NIDS(Network IDS)에 대한 연구가 고려되고 있다. 현재 국내에서 개발된 기존의 제품들은 대부분 Misuse 방식을 채택하고 있으며, 향후 국제 경쟁력을 갖추기 위해서는 Anomaly 방식의 기술 연구가 필요하다. 본 연구에서는 본 연구실에서 개발한 NIDS를 기반으로 연관 마이닝을 이용한 비정상 탐지 문제, 내부 정보 유출 차단 등에 대한 통합된 시스템 설계 방향을 제시하여 국가기관이나 기업이 보다 안전하게 침입을 관리할 수 있는 IPS(Intrusion Prevention System) 시스템을 설계한다.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.45-56
• /
• 2005

The weak foundation of the computing environment caused information leakage and hacking to be uncontrollable, Therefore, dynamic control of security threats and real-time reaction to identical or similar types of accidents after intrusion are considered to be important, h one of the solutions to solve the problem, studies on intrusion detection systems are actively being conducted. To improve the anomaly IDS using system calls, this study focuses on neural networks learning using the soundex algorithm which is designed to change feature selection and variable length data into a fixed length learning pattern, That Is, by changing variable length sequential system call data into a fixed iength behavior pattern using the soundex algorithm, this study conducted neural networks learning by using a backpropagation algorithm. The backpropagation neural networks technique is applied for anomaly detection of system calls using Sendmail Data of UNM to demonstrate its performance.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.2
• /
• pp.41-47
• /
• 2012

MANET has vulnerable structure on security owing to structural characteristics as follows. MANET consisted of moving nodes is that every nodes have to perform function of router. Every node has to provide reliable routing service in cooperation each other. These properties are caused by expose to various attacks. But, it is difficult that position of environment intrusion detection system is established, information is collected, and particularly attack is detected because of moving of nodes in MANET environment. It is not easy that important profile is constructed also. In this paper, conformal predictor - support vector machine(CP-SVM) based intrusion detection technique was proposed in order to do more accurate and efficient intrusion detection. In this study, IDS-agents calculate p value from collected packet and transmit to cluster head, and then other all cluster head have same value and detect abnormal behavior using the value. Cluster form of hierarchical structure was used to reduce consumption of nodes also. Effectiveness of proposed method was confirmed through experiment.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.26 no.3
• /
• pp.233-238
• /
• 2016

In this paper, we propose the algorithms of processing the uncertainty data using data fusion for the next generation intrusion detection. In the next generation intrusion detection, a lot of data are collected by many of network sensors to discover knowledge from generating information in cyber space. It is necessary the data fusion process to extract knowledge from collected sensors data. In this paper, we have proposed method to represent the uncertainty data, by classifying where is a confidence interval in interval of uncertainty data through feature analysis of different data using inference method with Dempster-Shafer Evidence Theory. In this paper, we have implemented a detection experiment that is classified by the confidence interval using IRIS plant Data Set for anomaly detection of uncertainty data. As a result, we found that it is possible to classify data by confidence interval.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.89-101
• /
• 2023

In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched. Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates. To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.