• Journal of Electrical Engineering and Technology
• /
• 제13권5호
• /
• pp.2086-2098
• /
• 2018

Security plays a vital role and is the key challenge in Mobile Ad-hoc Networks (MANET). Infrastructure-less nature of MANET makes it arduous to envisage the genre of topology. Due to its inexhaustible access, information disseminated by roaming nodes to other nodes is susceptible to many hazardous attacks. Intrusion Detection and Prevention System (IDPS) is undoubtedly a defense structure to address threats in MANET. Many IDPS methods have been developed to ascertain the exceptional behavior in these networks. Key issue in such IDPS is lack of fast self-organized learning engine that facilitates comprehensive situation awareness for optimum decision making. Proposed "Intelligent Behavioral Hybridized Intrusion Detection and Prevention System (IBH_IDPS)" is built with computational intelligence to detect complex multistage attacks making the system robust and reliable. The System comprises of an Intelligent Client Agent and a Smart Server empowered with fuzzy inference rule-based service engine to ensure confidentiality and integrity of network. Distributed Intelligent Client Agents incorporated with centralized Smart Server makes it capable of analyzing and categorizing unethical incidents appropriately through unsupervised learning mechanism. Experimental analysis proves the proposed model is highly attack resistant, reliable and secure on devices and shows promising gains with assured delivery ratio, low end-to-end delay compared to existing approach.

• 한국철도학회:학술대회논문집
• /
• 한국철도학회 2011년도 춘계학술대회 논문집
• /
• pp.1729-1734
• /
• 2011

Urban transit administers need to introduce the intelligent system to know the situations in the urban transit service area automatically. It is one of the important elements to detect of intrusion in operation room or electric rooms, etc. In this paper, we describe the definition for detection of intrusion in urban transit area, and propose the context-awareness model detect of intrusion. We expect that the definition is helpful to extract the elements that are need to construct the intrusion detecting system. The proposed model that is based on an image analysis model and a rule-based model is also helpful to design intelligent surveillance model.

• 융합정보논문지
• /
• 제12권4호
• /
• pp.126-132
• /
• 2022

현재 스마트폰의 급격한 보급과 IoT을 대상으로 활성화로 인해 소셜네트워크 서비스를 이용하여 악성코드를 유포하거나 지능화된 APT와 랜섬웨어 등과 같은 지능적인 침입이 진행되고 있고 이로 인한 피해도 이전의 침입보다는 많이 심각해지고 커지고 있는 실정이다. 따라서 본 논문에서는 이런 지능적인 악성 코드로 이루어지는 침입행위를 탐지하기 위하여 지능적인 침입 상황 인식 추론 시스템을 제안하고, 제안한 시스템을 이용하여 지능적으로 진행되는 다양한 침입 행위를 조기에 탐지하고 대응하게 하였다. 제안 시스템은 이벤트 모니터와 이벤트 관리기, 상황 관리기, 대응 관리기, 데이터베이스로 구성되어 있으며 각 구성 요소들 사이에 긴밀한 상호 작용을 통해 기존에 인식하고 있는 침입 행위를 탐지하게 하고 새로운 침입 행위에 대해서는 학습을 통해 추론 엔진의 성능을 개선하는 기능을 통하여 탐지하게 하였다. 또한, 지능적인 침입 유형인 랜섬웨어를 탐지하는 시나리오 통하여 제안 시스템이 지능적인 침입을 탐지하고 대응함을 알 수 있었다.

• 한국지능시스템학회:학술대회논문집
• /
• 한국퍼지및지능시스템학회 2002년도 춘계학술대회 및 임시총회
• /
• pp.109-113
• /
• 2002

In this paper, we propose a new intrusion detection algorithm based on clustering: Kernel-ART, which is composed of the on-line clustering algorithm, ART (adaptive resonance theory), combining with mercer-kernel and concept vector. Kernel-ART is not only satisfying all desirable characteristics in the context of clustering-based 105 but also alleviating drawbacks associated with the supervised learning IDS. It is able to detect various types of intrusions in real-time by means of generating clusters incrementally.

• 한국지능시스템학회논문지
• /
• 제15권3호
• /
• pp.282-288
• /
• 2005

본 논문에서는 기존의 침입탐지 모델인 오용탐지 모델과 비정상 탐지 모델의 장점은 유지하되 단점은 보완하는 견지에서 새로운 침입탐지 모델을 제안한다. MMIDS로 명명된 새로운 침입탐지시스템은 다음의 평가 기준들을 모두 만족하는 차원에서 설계되었다: 1) 시스템에서 학습되지 않은 새로운 공격 유형의 신속한 발견; 2) 탐지된 공격 유형에 대한 세부적 정보의 제공; 3) 빠르고 효율적인 학습 및 갱신으로 인한 경제적인 시스템의 유지/보수; 4) 시스템의 점증성(incrementality) 및 확장성. MMIDS의 핵심 구성요소로 새롭게 제안된 다중 클래스 SVM은 빠르고 효율적인 학습 및 갱신이 가능하여 침입탐지 시스템의 유지보수 비용을 절감할 수 있다. 실험을 통해 유사한 공격 패턴에 대한 분류성능 및 각 공격 유형별 세분화 능력이 우수함을 보인다.

• Journal of Information Processing Systems
• /
• 제6권4호
• /
• pp.481-500
• /
• 2010

The Internet explosion and the increase in crucial web applications such as ebanking and e-commerce, make essential the need for network security tools. One of such tools is an Intrusion detection system which can be classified based on detection approachs as being signature-based or anomaly-based. Even though intrusion detection systems are well defined, their cooperation with each other to detect attacks needs to be addressed. Consequently, a new architecture that allows them to cooperate in detecting attacks is proposed. The architecture uses Software Agents to provide scalability and distributability. It works in two modes: learning and detection. During learning mode, it generates a profile for each individual system using a fuzzy data mining algorithm. During detection mode, each system uses the FuzzyJess to match network traffic against its profile. The architecture was tested against a standard data set produced by MIT's Lincoln Laboratory and the primary results show its efficiency and capability to detect attacks. Finally, two new methods, the memory-window and memoryless-window, were developed for extracting useful parameters from raw packets. The parameters are used as detection metrics.

• 한국지능정보시스템학회:학술대회논문집
• /
• 한국지능정보시스템학회 1999년도 춘계공동학술대회-지식경영과 지식공학
• /
• pp.307-313
• /
• 1999

This paper reviews and assesses the analogy between the human immune system and network intrusion detection systems. The promising results from a growing number of proposed computer immune models for intrusion detection motivate this work. The paper begins by briefly introducing existing intrusion detection systems (IDS's). A set of general requirements for network-based IDS's and the design goals to satisfy these requirements are identified by a careful examination of the literature. An overview of the human immune system is presented and its salient features that can contribute to the design of competent network-based IDS's are analysed. The analysis shows that the coordinated actions of several sophisticated mechanisms of the human immune system satisfy all the identified design goals. Consequently, the paper concludes that the design of a network-based IDS based on the human immune system is promising for future network-based IDS's

• 한국지능시스템학회논문지
• /
• 제13권4호
• /
• pp.491-498
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using FCM(Fuzzy Cognitive Maps) that can detect intrusion by the DoS attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The SPuF(Syn flooding Preventer using Fussy cognitive maps) model captures and analyzes the packet informations to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance comparison, the "KDD′99 Competition Data Set" made by MIT Lincoln Labs was used. The result of simulating the "KDD′99 Competition Data Set" in the SPuF model shows that the probe detection rates were over 97 percentages.

• 디지털산업정보학회논문지
• /
• 제14권1호
• /
• pp.35-43
• /
• 2018

MANET composed of only wireless nodes is increasingly utilized in various fields. However, it is exposed to many security vulnerabilities because it doesn't have any infrastructure and transmits data by using multi-hop method. Therefore, MANET should be applied the intrusion detection technique that can detect efficiently malicious nodes and decrease impacts of various attacks. In this paper, we propose a distributed intrusion detection technique that can detect the various attacks while improving the efficiency of attack detection and reducing the false positive rate. The proposed technique uses the cluster structure to manage the information in the center and monitor the traffic of their neighbor nodes directly in all nodes. We use three parameters for attack detection. We also applied an efficient authentication technique using only key exchange without the help of CA in order to provide integrity when exchanging information between cluster heads. This makes it possible to free the forgery of information about trust information of the nodes and attack nodes. The superiority of the proposed technique can be confirmed through comparative experiments with existing intrusion detection techniques.

• 한국지능정보시스템학회:학술대회논문집
• /
• 한국지능정보시스템학회 2007년도 추계학술대회
• /
• pp.514-519
• /
• 2007

컴퓨터 네트워크 모니터링에 의한 보안장비는 많은 트래픽 자료를 분석하여, 이상유무를 판단하고, 대응해야 한다. 기존의 보안장비들은 이미 알려진 패턴에 대한 규칙을 이용하는 오용탐지방법(misuse detection)과 의미를 파악하기 어려운 많은 자료들을 제시하고 있는데 머물고 있다. 보다 나은 보안을 위해서는 정상적인 동작에서 벗어나는 이상징후를 탐지하여 침입을 탐지하는 이상탐지방법(anomaly detection)의 채용이 필요하고, 보안장비에서 제시되는 많은 트래픽 자료들은 보안전문가의 전문적인 분석이 필요하다. 본 연구에서는 데이터마이닝 기법을 이용한 이상탐지방법과 보안전문가의 전문적인 보안지식에 의한 분석, 대응, 관리를 위한 지식처리 기법을 사용할 수 있는 지능형 IPS(intrusion Detection System) 프레임워크를 제안한다.