• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.57-69
• /
• 2012

C4ISR system is an important tool for military operational command and control. Therefore, it is frequently exposed to the cyber-terror attempt to paralyze the military command and control system. Generally, the information system uses IDS and firewall as major security computing tools. C4ISR system also uses them as major measures for the information protection. But the usefulness of IDS is reduced due to the frequent false-positives and false-negatives if the behavioral patterns are modified or new behavioral patterns appear. This paper presents new IDS structure which can create modified attack patterns and unexpected attack patterns automatically during IDS probing process. The proposed IDS structure is expected to enhance the information protection capability of the C4ISR system by reducing false-positives and false-negatives through the creation and verification of new attack patterns.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.67-74
• /
• 2022

One type of network security breach is the availability breach, which deprives legitimate users of their right to access services. The Denial of Service (DoS) attack is one way to have this breach, whereas using the Intrusion Detection System (IDS) is the trending way to detect a DoS attack. However, building IDS has two challenges: reducing the false alert and picking up the right dataset to train the IDS model. The survey concluded, in the end, that using a real dataset such as MAWILab or some tools like ID2T that give the researcher the ability to create a custom dataset may enhance the IDS model to handle the network threats, including DoS attacks. In addition to minimizing the rate of the false alert.

• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.1-12
• /
• 2022

Besides unexpected growth perceived by IoT's, the variety and volume of threats have increased tremendously, making it a necessity to introduce intrusion detections systems for prevention and detection of such threats. But Intrusion Detection and Prevention System (IDPS) inside the IoT network yet introduces some unique challenges due to their unique characteristics, such as privacy inference, performance, and detection rate and their frequency in the dynamic networks. Our research is focused on the privacy inferences of existing intrusion prevention and detection system approaches. We also tackle the problem of providing unified a solution to implement the open-source IDPS in the IoT architecture for assessing the performance of IDS by calculating; usage consumption and detection rate. The proposed scheme is considered to help implement the human health monitoring system in IoT networks

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2021.07a
• /
• pp.213-214
• /
• 2021

최근 4차 산업혁명으로 인해 사용자와 단말과의 연결이 증가하면서 악성코드에 의한 침해사고가 증가하였고, 이에 따라, 파일의 상세한 정보인 메타 데이터를 추출하여 악성코드를 탐지하는 파일 스캐닝 도구의 필요성이 요구된다. 본 논문에서는 대표적인 오픈소스 기반의 파일 스캐닝 도구인 Strelka, File Scanning Framework (FSF), Laika BOSS를 대상으로 파일 스캐닝 기술에서 주요한 성능 지표인 스캐닝 속도를 비교함으로써 각 도구의 성능을 평가하였다. 다양한 파일 종류를 선정한 테스트 셋을 기반으로 파일의 개수에 따른 속도를 비교하였으며, Laika BOSS, FSF, Strelka 순으로 성능이 높은 것으로 평가되었다. 결과적으로, 악의적인 파일을 빠르게 탐지하기 위한 파일 스캐닝 도구로 Laika BOSS가 가장 적합한 것으로 평가되었다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.584-587
• /
• 2012

MANET, which can be constructed with only terminal devices, has structural advantages of ease installation and operation, also has environmental change of rapid supply of smart phone, it's usage can be extended to application area likes as emergency communication, leasure, exploration and investigations. But, as one characteristic of MANET, no use of communicaton infrastructure caused disadvantage of weakness for information intrusion which is frequently occurred, nowadays. In this paper, the effects of IDS(Intrusion Detection System), one of defence tools for information intrusion, is analyzed for transmission performance. Blackhole attack is assumed as a type of intrusion, MANET defence with IDS from intrusions. Computer simulation based on NS-2 used for performance measurement. In this paper, performance measurement is done for application service to analyze application level effects of IDS. VoIP service is used as application service.

• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.43-53
• /
• 2007

Intrusion detection system(IDS) has recently evolved while combining signature-based detection approach with anomaly detection approach. Although signature-based IDS tools have been commonly used by utilizing machine learning algorithms, they only detect network intrusions with already known patterns, Ideal IDS tools should always keep the signature database of your detection system up-to-date. The system needs to generate the signatures to detect new possible attacks while monitoring and analyzing incoming network data. In this paper, we propose a new outlier cluster detection algorithm with density (or influence) function, Our method assumes that an outlier is a kind of cluster with similar instances instead of a single object in the context of network intrusion, Through extensive experiments using KDD 1999 Cup Intrusion Detection dataset. we show that the proposed method outperform the conventional outlier detection method using Euclidean distance function, specially when attacks occurs frequently.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.33-45
• /
• 2015

Currently, Internet is used an essential tool in the business area. Despite this importance, there is a risk of network attacks attempting collection of fraudulence, private information, and cyber terrorism. Firewalls and IDS(Intrusion Detection System) are tools against those attacks. IDS is used to determine whether a network data is a network attack. IDS analyzes the network data using various techniques including expert system, data mining, and state transition analysis. This paper tries to compare the performance of two data mining models in detecting network attacks. They are decision tree (C4.5), and neural network (FANN model). I trained and tested these models with data and measured the effectiveness in terms of detection accuracy, detection rate, and false alarm rate. This paper tries to find out which model is effective in intrusion detection. In the analysis, I used KDD Cup 99 data which is a benchmark data in intrusion detection research. I used an open source Weka software for C4.5 model, and C++ code available for FANN model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.9
• /
• pp.4706-4726
• /
• 2019

The paper is devoted to the detailed description of the distributed system for gathering data from Windows-based workstations and servers. The research presented in the beginning demonstrates that neither a solution for gathering data on attacks against Windows based PCs is available at present nor other security tools and supplementary programs can be combined in order to achieve the required attack data gathering from Windows computers. The design of the newly proposed system named Colander is presented, too. It is based on a client-server architecture while taking much inspiration from previous attempts for designing systems with similar purpose, as well as from IDS systems like Snort. Colander emphasizes its ease of use and minimum demand for system resources. Although the resource usage is usually low, it still requires further optimization, as is noted in the performance testing. Colander's ability to detect threats has been tested by real malware, and it has undergone a pilot field application. Future prospects and development are also proposed.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.217-224
• /
• 2008

EThis paper is study regarding banking institution and DoS attack regarding government organization which occurred in 2008. We used a tool aggressive actual DoS You install the N-IDS which used Snort in networks in order to detect a DoS attack. Storages of Winpcap and a packet to detect a packet and MySQL, HSC, to analyze. We install NET Framework etc. E-Watch etc. analyzes Packet regarding a DoS attack of a hacker and TCP, UDP etc. information, Port, MAC and IP information etc. through packet analysis tools. There is a meaning you analyze data regarding the cyber DoS, DDoS attack that is dysfunction of Ubiquitous Information Society, and it generates forensics data regarding an invader and back-tracking analysis data, and to ensure safe Internet information system through this paper study.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.