• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.42-49
• /
• 2021

As cyber attacks become more intelligent, there is difficulty in detecting advanced attacks in various fields such as industry, defense, and medical care. IPS (Intrusion Prevention System), etc., but the need for centralized integrated management of each security system is increasing. In this paper, we collect big data for intrusion detection and build an intrusion detection platform using deep learning and CNN (Convolutional Neural Networks). In this paper, we design an intelligent big data platform that collects data by observing and analyzing user visit logs and linking with big data. We want to collect big data for intrusion detection and build an intrusion detection platform based on CNN model. In this study, we evaluated the performance of the Intrusion Detection System (IDS) using the KDD99 dataset developed by DARPA in 1998, and the actual attack categories were tested with KDD99's DoS, U2R, and R2L using four probing methods.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2003.09a
• /
• pp.224-227
• /
• 2003

The Intrsuion Detecion Systems(IDS) are required the accuracy, the adaptability, and the expansion in the information society to be changed quickly. Also, it is required the more structured, and intelligent IDS to protect the resource which is important and maintains a secret in the complicated network environment. The research has the purpose to build the model for the intelligent IDS, which creates the intrusion patterns. The intrusion pattern has extracted from the vast amount of data. To manage the large size of data accurately and efficiently, the link analysis and sequence analysis among the data mining techniqes are used to build the model creating the intrusion patterns. The model is consist of "Time based Traffic Model", "Host based Traffic Model", and "Content Model", which is produced the different intrusion patterns with each model. The model can be created the stable patterns efficiently. That is, we can build the intrusion detection model based on the intelligent systems. The rules prodeuced by the model become the rule to be represented the intrusion data, and classify the normal and abnormal users. The data to be used are KDD audit data.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.5
• /
• pp.1332-1341
• /
• 1999

Rapid expansion of network and increment of computer system access cause computer security to be an important issue. Hence, the researches in intrusion detection system(IDS)are active to reduce the risk from hackers. Considering IDS, we propose a new IDS model(DABIDS : Distributed Agent Based Intelligent intrusion Detection System) based on distributed intrusion detecting agents. The DABIDS dynamically collects intrusion behavior knowledge from each agents when some doubtable behaviors of users are detected and make new agents codes using intrusion scenario data base, and broadcast the detector codes to the distributed intrusion detecting agent of all node. This DABIDS can efficiently solve the problem to reduce the overhead for training detecting agent for intrusion behavior patterns.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.3
• /
• pp.1722-1741
• /
• 2017

Intrusion detection techniques based on virtual machine introspection (VMI) provide high temper-resistance in comparison with traditional in-host anti-virus tools. However, the presence of semantic gap also leads to the performance and compatibility problems. In order to map raw bits of hardware to meaningful information of virtual machine, detailed knowledge of different guest OS is required. In this work, we present VDSM, a lightweight and general approach based on driver separation mechanism: divide semantic view reconstruction into online driver of view generation and offline driver of semantics extraction. We have developed a prototype of VDSM and used it to do intrusion detection on 13 operation systems. The evaluation results show VDSM is effective and practical with a small performance overhead.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2006.05a
• /
• pp.279-282
• /
• 2006

네트워크를 기반으로 한 컴퓨터 시스템이 현대 사회에 있어서 더욱 더 불가결한 역할을 하는 것에 따라, 네트워크 기반 컴퓨터 시스템은 침입자의 침입 목표가 되고 있다. 이를 보호하기 위한 침입탐지시스템(Intrusion Detection System : IDS)은 점차 중요한 기술이 되었다. 침입탐지시스템에서 패턴들을 분석한 후 정상/비정상을 판단 및 예측하기 위해서는 초기단계인 특징추출이나 선택이 매우 중요한 부분이 되고 있다. 본 논문에서는 IDS에서 중요한 부분인 feature selection을 Data Mining 기법인 Genetic Algorithm(GA)과 Decision Tree(DT)를 적용해서 구현했다.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2003.09a
• /
• pp.660-663
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

• The Journal of Information Systems
• /
• v.15 no.4
• /
• pp.211-224
• /
• 2006

This study investigates the application of data mining techniques such as artificial neural networks, rough sets, and induction teaming to the intrusion detection systems. To maximize the effectiveness of data mining for intrusion detection systems, we introduced the asymmetric costs with false positive errors and false negative errors. And we present a method for intrusion detection systems to utilize the asymmetric costs of errors in data mining. The results of our empirical experiment show our intrusion detection model provides high accuracy in intrusion detection. In addition the approach using the asymmetric costs of errors in rough sets and neural networks is effective according to the change of threshold value. We found the threshold has most important role of intrusion detection model for decreasing the costs, which result from false negative errors.

• Journal of Convergence for Information Technology
• /
• v.9 no.3
• /
• pp.134-139
• /
• 2019

As the development of modern society progresses rapidly, the technologies of society as a whole are progressing and becoming more advanced. Especially in the field of security, more sophisticated and intelligent attacks are being created. Meanwhile, damaging situations are becoming several times larger than before Therefore, it is necessary to re-classify and enhance the existing classification system. It is required to minimize the intrusion damage by actively responding to intelligent intrusions by applying this classification scheme to currently operating intrusion detection systems. In this paper, we analyze the intrusion type caused by intelligent attack We propose a new classification scheme for intrusion situations to guarantee the service safety, reliability, and availability of the target system, We use this classification model to lay the foundations for the design and implementation of a smart intrusion cognitive system capable of early detection of intrusion, the damages caused by intrusion, and more collections active response.

• Journal of IKEEE
• /
• v.27 no.4
• /
• pp.524-530
• /
• 2023

This paper proposes an efficient algorithm to detect CAN (Controller Area Network) bus attack based on a lightweight CNN (Convolutional Neural Network), and an IDS(Intrusion Detection System) was designed, implemented, and verified with FPGA. Compared to conventional CNN-based IDS, the proposed IDS detects CAN bus attack on a frame-by-frame basis, enabling accurate and rapid response. Furthermore, the proposed IDS can significantly reduce hardware since it exploits only one convolutional layer, compared to conventional CNN-based IDS. Simulation and implementation results show that the proposed IDS effectively detects various attacks on the CAN bus.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.12 no.6
• /
• pp.531-536
• /
• 2002

In this paper, we have applied Genetic Algorithms(GAs) to Intrusion Detection System(TDS), and then proposed and simulated the misuse detection model firstly. We have implemented with the KBD contest data, and tried to simulated in the same environment. In the experiment, the set of record is regarded as a chromosome, and GAs are used to produce the intrusion patterns. That is, the intrusion rules are generated. We have concentrated on the simulation and analysis of classification among the Data Mining techniques and then the intrusion patterns are produced. The generated rules are represented by intrusion data and classified between abnormal and normal users. The different rules are generated separately from three models "Time Based Traffic Model", "Host Based Traffic Model", and "Content Model". The proposed system has generated the update and adaptive rules automatically and continuously on the misuse detection method which is difficult to update the rule generation. The generated rules are experimented on 430M test data and almost 94.3% of detection rate is shown.3% of detection rate is shown.