• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.4
• /
• pp.153-160
• /
• 2010

MANET composed mobile nodes without central concentration control like base station communicate through multi-hop route among nodes. Accordingly, it is hard to maintain stability of network because topology of network change at any time owing to movement of mobile nodes. MANET has security problems because of node mobility and needs intrusion detection system that can detect attack of malicious nodes. Therefore, system is protected from malicious attack of intruder in this environment and it has to correspond to attack immediately. In this paper, we propose intrusion detection system based on rules in order to more accurate intrusion detection. Cluster head perform role of monitor node to raise monitor efficiency of packet. In order to evaluate performance of proposed method, we used jamming attack, selective forwarding attack, repetition attack.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.24-32
• /
• 2015

Recently, SDN is actively used as datacenter networks and gradually increase its applied areas. Along with this change of networking environment, research of deploying network security systems on SDN becomes highlighted. Especially, systems for detecting network flooding attacks by monitoring every packets through ports of OpenFlow switches have been proposed. However, because of the centralized management of a SDN controller which manage multiple switches, it may be substantial overhead that the attack detection system continuously monitors all the flows. In this paper, a sampling based network flooding attack detection and prevention system is proposed to reduce the overhead of monitoring packets and to achieve reasonable functionality of attack detection and prevention. The proposed system periodically takes sample packets of network flows with the given sampling conditions, analyzes the sampled packets to detect network flooding attacks, and block the attack flows actively by managing the flow entries in OpenFlow switches. As network traffic sampler, sFlow agent is used, and snort, an opensource IDS, is used to detect network flooding attack from the sampled packets. For active prevention of the detected attacks, an OpenDaylight application is developed and applied. The proposed system is evaluated on the local testbed composed with multiple OVSes (Open Virtual Switch), and the performance and overhead of the proposed system under various sampling condition is analyzed.

• Journal of Electrical Engineering and Technology
• /
• v.13 no.5
• /
• pp.2086-2098
• /
• 2018

Security plays a vital role and is the key challenge in Mobile Ad-hoc Networks (MANET). Infrastructure-less nature of MANET makes it arduous to envisage the genre of topology. Due to its inexhaustible access, information disseminated by roaming nodes to other nodes is susceptible to many hazardous attacks. Intrusion Detection and Prevention System (IDPS) is undoubtedly a defense structure to address threats in MANET. Many IDPS methods have been developed to ascertain the exceptional behavior in these networks. Key issue in such IDPS is lack of fast self-organized learning engine that facilitates comprehensive situation awareness for optimum decision making. Proposed "Intelligent Behavioral Hybridized Intrusion Detection and Prevention System (IBH_IDPS)" is built with computational intelligence to detect complex multistage attacks making the system robust and reliable. The System comprises of an Intelligent Client Agent and a Smart Server empowered with fuzzy inference rule-based service engine to ensure confidentiality and integrity of network. Distributed Intelligent Client Agents incorporated with centralized Smart Server makes it capable of analyzing and categorizing unethical incidents appropriately through unsupervised learning mechanism. Experimental analysis proves the proposed model is highly attack resistant, reliable and secure on devices and shows promising gains with assured delivery ratio, low end-to-end delay compared to existing approach.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.42-49
• /
• 2021

As cyber attacks become more intelligent, there is difficulty in detecting advanced attacks in various fields such as industry, defense, and medical care. IPS (Intrusion Prevention System), etc., but the need for centralized integrated management of each security system is increasing. In this paper, we collect big data for intrusion detection and build an intrusion detection platform using deep learning and CNN (Convolutional Neural Networks). In this paper, we design an intelligent big data platform that collects data by observing and analyzing user visit logs and linking with big data. We want to collect big data for intrusion detection and build an intrusion detection platform based on CNN model. In this study, we evaluated the performance of the Intrusion Detection System (IDS) using the KDD99 dataset developed by DARPA in 1998, and the actual attack categories were tested with KDD99's DoS, U2R, and R2L using four probing methods.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2002.12a
• /
• pp.258-261
• /
• 2002

최근 네트워크 취약점 검색 방법을 이용한 침입 공격이 증가하는 추세이며 이런 공격에 대하여 적절하게 실시간 탐지 및 대응 처리하는 침입방지시스템(IPS: Intrusion Prevention System)에 대한 연구가 지속적으로 이루어지고 있다. 본 논문에서는 시스템에 허락을 얻지 않은 서비스거부 공격(Denial of Service Attack) 기술 중 TCP의 신뢰성 및 연결 지향적 전송서비스로 종단간에 이루어지는 3-Way Handshake를 이용한 Syn Flooding Attack에 대하여 침입시도패킷 정보를 수집, 분석하고 퍼지인식도(FCM : Fuzzy Cognitive Maps)를 이용한 침입시도여부결정 및 대응 처리하는 네트워크 기반의 실시간 탐지 및 방지 모델(Network based Real Time Scan Detection & Prevention Model)을 제안한다.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.827-838
• /
• 2005

DDoS (Distributed Denial of Service) attack is a critical threat to current Internet. To solve the detection and response of DDoS attack on BcN, we have investigated detection algorithms of DDoS and Implemented anomaly detection modules. Recently too many technologies of the detection and prevention have developed, but it is difficult that the IDS distinguishes normal traffic from the DDoS attack Therefore, when the DDoS attack is detected by the IDS, the firewall just discards all over-bounded traffic for a victim or absolutely decreases the threshold of the router. That is just only a method for preventing the DDoS attack. This paper proposed the mechanism of response for the legitimated clients to be protected Then, we have designed and implemented the statistic based system that has the automated detection and response functionality against DDoS on Linux Zebra router environment.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.119-132
• /
• 2006

The network based security techniques well-known until now have week points to be passive in attacks and susceptible to roundabout attacks so that the misuse detection based intrusion prevention system which enables positive correspondence to the attacks of inline mode are used widely. But because the Misuse detection based Intrusion prevention system is proportional to the detection rules, it causes excessive false alarm and is linked to wrong correspondence which prevents the regular network flow and is insufficient to detect transformed attacks, This study suggests an Intrusion prevention system which uses Support Vector machines(hereinafter referred to as SVM) as one of rule based Intrusion prevention system and Anomaly System in order to supplement these problems, When this compared with existing intrusion prevention system, show performance result that improve about 20% and could through intrusion prevention system that propose false positive minimize and know that can detect effectively about new variant attack.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.7-12
• /
• 2009

It is very difficult to completely block the DDoS attack, which paralyzes services by depleting resources or occupying the network bandwidth by transmitting a vast amount of traffic to the specific website or server from normal users' PCs that have been already infected by an outside attacker. In order to defense or endure the DDoS attack, we usually use various solutions such as IDS (Intrusion Detection System), IPS (Intrusion Prevention System), ITS (Intrusion Tolerance System), FW (Firewall), and the dedicated security equipment against DDoS attack. However, diverse types of security appliances cause the cost problem, besides, the full function of the equipments are not performed well owing to the unproper setting without considering connectivity among systems. In this paper, we present the effective connectivity of security equipments and countermeasure methodology against DDoS attack. In practice, it is approved by experimentation that this designed methdology is better than existing network structure in the efficiency of block and endurance. Therefore, we would like to propose the effective security control measures responding and enduring against discriminated DDoS attacks through this research.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.759-761
• /
• 2016

Recent changes in the information security environment have led to persistent attacks on intelligent assets such as cyber security breaches, leakage of confidential information, and global security threats. Since existing information security systems are not adequate for Advanced Persistent Threat; APT attacks, bypassing attacks, and attacks on encryption packets, therefore, continuous monitoring is required to detect and protect against such attacks. Accordingly, this paper suggests an operation plan for managing an information security system to block the attack routes of advanced persistent threats. This is achieved with identifying the valuable assets for prevention control by establishing information control policies through analyzing the vulnerability and risks to remove potential hazard, as well as constructing detection control through controlling access to servers and conducting surveillance on encrypted communication, and enabling intelligent violation of response by having corrective control through packet tagging, platform security, system backups, and recovery.