• Title/Summary/Keyword: Attack Detection Prevention System

Search Result 50, Processing Time 0.022 seconds

The Study of Hierarchical Intrusion Detection Based on Rules for MANET (MANET에서 규칙을 기반으로 한 계층형 침입 탐지에 관한 연구)

  • Jung, Hye Won
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.4
    • /
    • pp.153-160
    • /
    • 2010
  • MANET composed mobile nodes without central concentration control like base station communicate through multi-hop route among nodes. Accordingly, it is hard to maintain stability of network because topology of network change at any time owing to movement of mobile nodes. MANET has security problems because of node mobility and needs intrusion detection system that can detect attack of malicious nodes. Therefore, system is protected from malicious attack of intruder in this environment and it has to correspond to attack immediately. In this paper, we propose intrusion detection system based on rules in order to more accurate intrusion detection. Cluster head perform role of monitor node to raise monitor efficiency of packet. In order to evaluate performance of proposed method, we used jamming attack, selective forwarding attack, repetition attack.

Sampling based Network Flooding Attack Detection/Prevention System for SDN (SDN을 위한 샘플링 기반 네트워크 플러딩 공격 탐지/방어 시스템)

  • Lee, Yungee;Kim, Seung-uk;Vu Duc, Tiep;Kim, Kyungbaek
    • Smart Media Journal
    • /
    • v.4 no.4
    • /
    • pp.24-32
    • /
    • 2015
  • Recently, SDN is actively used as datacenter networks and gradually increase its applied areas. Along with this change of networking environment, research of deploying network security systems on SDN becomes highlighted. Especially, systems for detecting network flooding attacks by monitoring every packets through ports of OpenFlow switches have been proposed. However, because of the centralized management of a SDN controller which manage multiple switches, it may be substantial overhead that the attack detection system continuously monitors all the flows. In this paper, a sampling based network flooding attack detection and prevention system is proposed to reduce the overhead of monitoring packets and to achieve reasonable functionality of attack detection and prevention. The proposed system periodically takes sample packets of network flows with the given sampling conditions, analyzes the sampled packets to detect network flooding attacks, and block the attack flows actively by managing the flow entries in OpenFlow switches. As network traffic sampler, sFlow agent is used, and snort, an opensource IDS, is used to detect network flooding attack from the sampled packets. For active prevention of the detected attacks, an OpenDaylight application is developed and applied. The proposed system is evaluated on the local testbed composed with multiple OVSes (Open Virtual Switch), and the performance and overhead of the proposed system under various sampling condition is analyzed.

Unethical Network Attack Detection and Prevention using Fuzzy based Decision System in Mobile Ad-hoc Networks

  • Thanuja, R.;Umamakeswari, A.
    • Journal of Electrical Engineering and Technology
    • /
    • v.13 no.5
    • /
    • pp.2086-2098
    • /
    • 2018
  • Security plays a vital role and is the key challenge in Mobile Ad-hoc Networks (MANET). Infrastructure-less nature of MANET makes it arduous to envisage the genre of topology. Due to its inexhaustible access, information disseminated by roaming nodes to other nodes is susceptible to many hazardous attacks. Intrusion Detection and Prevention System (IDPS) is undoubtedly a defense structure to address threats in MANET. Many IDPS methods have been developed to ascertain the exceptional behavior in these networks. Key issue in such IDPS is lack of fast self-organized learning engine that facilitates comprehensive situation awareness for optimum decision making. Proposed "Intelligent Behavioral Hybridized Intrusion Detection and Prevention System (IBH_IDPS)" is built with computational intelligence to detect complex multistage attacks making the system robust and reliable. The System comprises of an Intelligent Client Agent and a Smart Server empowered with fuzzy inference rule-based service engine to ensure confidentiality and integrity of network. Distributed Intelligent Client Agents incorporated with centralized Smart Server makes it capable of analyzing and categorizing unethical incidents appropriately through unsupervised learning mechanism. Experimental analysis proves the proposed model is highly attack resistant, reliable and secure on devices and shows promising gains with assured delivery ratio, low end-to-end delay compared to existing approach.

Using Machine Learning Techniques for Accurate Attack Detection in Intrusion Detection Systems using Cyber Threat Intelligence Feeds

  • Ehtsham Irshad;Abdul Basit Siddiqui
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.4
    • /
    • pp.179-191
    • /
    • 2024
  • With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

A Study on Security Event Detection in ESM Using Big Data and Deep Learning

  • Lee, Hye-Min;Lee, Sang-Joon
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.13 no.3
    • /
    • pp.42-49
    • /
    • 2021
  • As cyber attacks become more intelligent, there is difficulty in detecting advanced attacks in various fields such as industry, defense, and medical care. IPS (Intrusion Prevention System), etc., but the need for centralized integrated management of each security system is increasing. In this paper, we collect big data for intrusion detection and build an intrusion detection platform using deep learning and CNN (Convolutional Neural Networks). In this paper, we design an intelligent big data platform that collects data by observing and analyzing user visit logs and linking with big data. We want to collect big data for intrusion detection and build an intrusion detection platform based on CNN model. In this study, we evaluated the performance of the Intrusion Detection System (IDS) using the KDD99 dataset developed by DARPA in 1998, and the actual attack categories were tested with KDD99's DoS, U2R, and R2L using four probing methods.

An Intrusion Prevention Model Using Fuzzy Cognitive Maps on Denial of Service Attack (서비스 거부 공격에서의 퍼지인식도를 이용한 침입 방지 모델)

  • 이세열;김용수;심귀보;양재원
    • Proceedings of the Korean Institute of Intelligent Systems Conference
    • /
    • 2002.12a
    • /
    • pp.258-261
    • /
    • 2002
  • 최근 네트워크 취약점 검색 방법을 이용한 침입 공격이 증가하는 추세이며 이런 공격에 대하여 적절하게 실시간 탐지 및 대응 처리하는 침입방지시스템(IPS: Intrusion Prevention System)에 대한 연구가 지속적으로 이루어지고 있다. 본 논문에서는 시스템에 허락을 얻지 않은 서비스거부 공격(Denial of Service Attack) 기술 중 TCP의 신뢰성 및 연결 지향적 전송서비스로 종단간에 이루어지는 3-Way Handshake를 이용한 Syn Flooding Attack에 대하여 침입시도패킷 정보를 수집, 분석하고 퍼지인식도(FCM : Fuzzy Cognitive Maps)를 이용한 침입시도여부결정 및 대응 처리하는 네트워크 기반의 실시간 탐지 및 방지 모델(Network based Real Time Scan Detection & Prevention Model)을 제안한다.

A Statistic-based Response System against DDoS Using Legitimated IP Table (검증된 IP 테이블을 사용한 통계 기반 DDoS 대응 시스템)

  • Park, Pilyong;Hong, Choong-Seon;Choi, Sanghyun
    • The KIPS Transactions:PartC
    • /
    • v.12C no.6 s.102
    • /
    • pp.827-838
    • /
    • 2005
  • DDoS (Distributed Denial of Service) attack is a critical threat to current Internet. To solve the detection and response of DDoS attack on BcN, we have investigated detection algorithms of DDoS and Implemented anomaly detection modules. Recently too many technologies of the detection and prevention have developed, but it is difficult that the IDS distinguishes normal traffic from the DDoS attack Therefore, when the DDoS attack is detected by the IDS, the firewall just discards all over-bounded traffic for a victim or absolutely decreases the threshold of the router. That is just only a method for preventing the DDoS attack. This paper proposed the mechanism of response for the legitimated clients to be protected Then, we have designed and implemented the statistic based system that has the automated detection and response functionality against DDoS on Linux Zebra router environment.

False Alarm Minimization Technology using SVM in Intrusion Prevention System (SVM을 이용한 침입방지시스템 오경보 최소화 기법)

  • Kim Gill-Han;Lee Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.7 no.3
    • /
    • pp.119-132
    • /
    • 2006
  • The network based security techniques well-known until now have week points to be passive in attacks and susceptible to roundabout attacks so that the misuse detection based intrusion prevention system which enables positive correspondence to the attacks of inline mode are used widely. But because the Misuse detection based Intrusion prevention system is proportional to the detection rules, it causes excessive false alarm and is linked to wrong correspondence which prevents the regular network flow and is insufficient to detect transformed attacks, This study suggests an Intrusion prevention system which uses Support Vector machines(hereinafter referred to as SVM) as one of rule based Intrusion prevention system and Anomaly System in order to supplement these problems, When this compared with existing intrusion prevention system, show performance result that improve about 20% and could through intrusion prevention system that propose false positive minimize and know that can detect effectively about new variant attack.

  • PDF

Research on Effective Security Control Measures Against DDoS Attacks (DDoS 공격에 대한 효과적인 보안 관제 방안)

  • Jung, Il-Kwon;Kim, Jeom-Gu;Kim, Kiu-Nam;Ha, Ok-Hyun
    • Convergence Security Journal
    • /
    • v.9 no.4
    • /
    • pp.7-12
    • /
    • 2009
  • It is very difficult to completely block the DDoS attack, which paralyzes services by depleting resources or occupying the network bandwidth by transmitting a vast amount of traffic to the specific website or server from normal users' PCs that have been already infected by an outside attacker. In order to defense or endure the DDoS attack, we usually use various solutions such as IDS (Intrusion Detection System), IPS (Intrusion Prevention System), ITS (Intrusion Tolerance System), FW (Firewall), and the dedicated security equipment against DDoS attack. However, diverse types of security appliances cause the cost problem, besides, the full function of the equipments are not performed well owing to the unproper setting without considering connectivity among systems. In this paper, we present the effective connectivity of security equipments and countermeasure methodology against DDoS attack. In practice, it is approved by experimentation that this designed methdology is better than existing network structure in the efficiency of block and endurance. Therefore, we would like to propose the effective security control measures responding and enduring against discriminated DDoS attacks through this research.

  • PDF

Operation Plan for the Management of an Information Security System to Block the Attack Routes of Advanced Persistent Threats (지능형지속위협 공격경로차단 위한 정보보호시스템 운영관리 방안)

  • Ryu, Chang-Su
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.05a
    • /
    • pp.759-761
    • /
    • 2016
  • Recent changes in the information security environment have led to persistent attacks on intelligent assets such as cyber security breaches, leakage of confidential information, and global security threats. Since existing information security systems are not adequate for Advanced Persistent Threat; APT attacks, bypassing attacks, and attacks on encryption packets, therefore, continuous monitoring is required to detect and protect against such attacks. Accordingly, this paper suggests an operation plan for managing an information security system to block the attack routes of advanced persistent threats. This is achieved with identifying the valuable assets for prevention control by establishing information control policies through analyzing the vulnerability and risks to remove potential hazard, as well as constructing detection control through controlling access to servers and conducting surveillance on encrypted communication, and enabling intelligent violation of response by having corrective control through packet tagging, platform security, system backups, and recovery.

  • PDF