• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.219-222
• /
• 2006

In this paper an intrusion detection system technique of wireless Ad Hoc network is explained and the advantage of making them work in IEEE 802.15.4/ZigBee wireless standard is also discussed. The methodology that is mentioned here is intrusion detection architecture based on a local intrusion database [1]. An ad hoc network is a collection of nodes that is connected through a wireless medium forming rapidly changing topologies. Due to increased connectivity (especially on the Internet), and the vast spectrum of financial possibilities that are opening up, more and more systems are subject to attack by intruders. An ideal IDS should able to detect an anomaly caused by the intruders quickly so that the misbehaving node/nodes can be identified and appropriate actions (e.g. punish or avoid misbehaving nodes) can be taken so that further damage to the network is minimized

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.804-807
• /
• 2012

Cloud service provider has to protect client's information securely since all the resources are offered by the service provider, and a large number of users share the resources. In this paper, a NoSQL-based anomaly detection system is proposed in order to enhance the security of mobile cloud services. The existing integrated security management system that uses a relational database can not be used for real-time processing of data since security log from a variety of security equipment and data from cloud node have different data format with unstructured features. The proposed system can resolve the emerging security problem because it provides real time processing and scalability in distributed processing environment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.3
• /
• pp.181-188
• /
• 2011

With the rapid proliferation of wireless networks and mobile computing applications, the landscape of the network security has greatly changed recently. Especially, Vehicular Ad Hoc Networks maintaining network topology with vehicle nodes of high mobility are self-organizing Peer-to-Peer networks that typically have short-lasting and unstable communication links. VANETs are formed with neither fixed infrastructure, centralized administration, nor dedicated routing equipment, and vehicle nodes are moving, joining and leaving the network with very high speed over time. So, VANET-security is very vulnerable for the intrusion of malicious and misbehaving nodes in the network, since VANETs are mostly open networks, allowing everyone connection without centralized control. In this paper, we propose a weighted intrusion detection method using rough set that can identify malicious behavior of vehicle node's activity and detect intrusions efficiently in VANETs. The performance of the proposed scheme is evaluated by a simulation study in terms of intrusion detection rate and false alarm rate for the threshold of deviation number ${\epsilon}$.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.3
• /
• pp.482-488
• /
• 2009

Mobile Ad-hoc Networks provide communication without a centralized infrastructure, which makes them suitable for communication in disaster areas or when quick deployment is needed. On the other hand, they are susceptible to malicious exploitation and have to face different challenges at different layers due to its open Ad-hoc network structure which lacks previous security measures. Denial of service (DoS) attack is one that interferes with the radio transmission channel causing a jamming attack. In this kind of attack, an attacker emits a signal that interrupts the energy of the packets causing many errors in the packet currently being transmitted. In harsh environments where there is constant traffic, a jamming attack causes serious problems; therefore measures to prevent these types of attacks are required. The objective of this paper is to carry out the simulation of the jamming attack on the nodes and determine the DoS attacks in OPNET so as to obtain better results. We have used effective anomaly detection system to detect the malicious behaviour of the jammer node and analyzed the results that deny channel access by jamming in the mobile Ad-hoc networks.

• Journal of Intelligence and Information Systems
• /
• v.26 no.4
• /
• pp.127-148
• /
• 2020

The data center is a physical environment facility for accommodating computer systems and related components, and is an essential foundation technology for next-generation core industries such as big data, smart factories, wearables, and smart homes. In particular, with the growth of cloud computing, the proportional expansion of the data center infrastructure is inevitable. Monitoring the health of these data center facilities is a way to maintain and manage the system and prevent failure. If a failure occurs in some elements of the facility, it may affect not only the relevant equipment but also other connected equipment, and may cause enormous damage. In particular, IT facilities are irregular due to interdependence and it is difficult to know the cause. In the previous study predicting failure in data center, failure was predicted by looking at a single server as a single state without assuming that the devices were mixed. Therefore, in this study, data center failures were classified into failures occurring inside the server (Outage A) and failures occurring outside the server (Outage B), and focused on analyzing complex failures occurring within the server. Server external failures include power, cooling, user errors, etc. Since such failures can be prevented in the early stages of data center facility construction, various solutions are being developed. On the other hand, the cause of the failure occurring in the server is difficult to determine, and adequate prevention has not yet been achieved. In particular, this is the reason why server failures do not occur singularly, cause other server failures, or receive something that causes failures from other servers. In other words, while the existing studies assumed that it was a single server that did not affect the servers and analyzed the failure, in this study, the failure occurred on the assumption that it had an effect between servers. In order to define the complex failure situation in the data center, failure history data for each equipment existing in the data center was used. There are four major failures considered in this study: Network Node Down, Server Down, Windows Activation Services Down, and Database Management System Service Down. The failures that occur for each device are sorted in chronological order, and when a failure occurs in a specific equipment, if a failure occurs in a specific equipment within 5 minutes from the time of occurrence, it is defined that the failure occurs simultaneously. After configuring the sequence for the devices that have failed at the same time, 5 devices that frequently occur simultaneously within the configured sequence were selected, and the case where the selected devices failed at the same time was confirmed through visualization. Since the server resource information collected for failure analysis is in units of time series and has flow, we used Long Short-term Memory (LSTM), a deep learning algorithm that can predict the next state through the previous state. In addition, unlike a single server, the Hierarchical Attention Network deep learning model structure was used in consideration of the fact that the level of multiple failures for each server is different. This algorithm is a method of increasing the prediction accuracy by giving weight to the server as the impact on the failure increases. The study began with defining the type of failure and selecting the analysis target. In the first experiment, the same collected data was assumed as a single server state and a multiple server state, and compared and analyzed. The second experiment improved the prediction accuracy in the case of a complex server by optimizing each server threshold. In the first experiment, which assumed each of a single server and multiple servers, in the case of a single server, it was predicted that three of the five servers did not have a failure even though the actual failure occurred. However, assuming multiple servers, all five servers were predicted to have failed. As a result of the experiment, the hypothesis that there is an effect between servers is proven. As a result of this study, it was confirmed that the prediction performance was superior when the multiple servers were assumed than when the single server was assumed. In particular, applying the Hierarchical Attention Network algorithm, assuming that the effects of each server will be different, played a role in improving the analysis effect. In addition, by applying a different threshold for each server, the prediction accuracy could be improved. This study showed that failures that are difficult to determine the cause can be predicted through historical data, and a model that can predict failures occurring in servers in data centers is presented. It is expected that the occurrence of disability can be prevented in advance using the results of this study.