• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2002.12a
• /
• pp.258-261
• /
• 2002

최근 네트워크 취약점 검색 방법을 이용한 침입 공격이 증가하는 추세이며 이런 공격에 대하여 적절하게 실시간 탐지 및 대응 처리하는 침입방지시스템(IPS: Intrusion Prevention System)에 대한 연구가 지속적으로 이루어지고 있다. 본 논문에서는 시스템에 허락을 얻지 않은 서비스거부 공격(Denial of Service Attack) 기술 중 TCP의 신뢰성 및 연결 지향적 전송서비스로 종단간에 이루어지는 3-Way Handshake를 이용한 Syn Flooding Attack에 대하여 침입시도패킷 정보를 수집, 분석하고 퍼지인식도(FCM : Fuzzy Cognitive Maps)를 이용한 침입시도여부결정 및 대응 처리하는 네트워크 기반의 실시간 탐지 및 방지 모델(Network based Real Time Scan Detection & Prevention Model)을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1043-1057
• /
• 2015

In order to recognize intelligent threats quickly and detect and respond to them actively, major public bodies and private institutions operate and administer an Intrusion Detection Systems (IDS), which plays a very important role in finding and detecting attacks. However, most IDS alerts have a problem that they generate false positives. In addition, in order to detect unknown malicious codes and recognize and respond to their threats in advance, APT response solutions or actions based systems are introduced and operated. These execute malicious codes directly using virtual technology and detect abnormal activities in virtual environments or unknown attacks with other methods. However, these, too, have weaknesses such as the avoidance of the virtual environments, the problem of performance about total inspection of traffic and errors in policy. Accordingly, for the effective detection of intrusion, it is very important to enhance security monitoring, consequentially. This study discusses a plan for the reduction of false positives as a plan for the enhancement of security monitoring. As a result of an experiment based on the empirical data of G, rules were drawn in three types and 11 kinds. As a result of a test following these rules, it was verified that the overall detection rate decreased by 30% to 50%, and the performance was improved by over 30%.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.6
• /
• pp.1294-1301
• /
• 2005

In this paper, we investigate the problems of existing solutions for intrusion detection and propose an agent network based on stationary and mobile agents on agent system to solve them. The proposed agent network can detect intrusions, collect their information and execute active responses against intruders by introducing various stationary and mobile agents. It will show a new approach of active responses against more intelligent and distributed intrusions.

• Journal of IKEEE
• /
• v.28 no.1
• /
• pp.6-13
• /
• 2024

This paper proposes an approach to detect abnormal data in automotive controller area network (CAN) using an unsupervised learning model, i.e. autoencoder and Gaussian kernel density estimation function. The proposed autoencoder model is trained with only message ID of CAN data frames. Afterwards, by employing the Gaussian kernel density estimation function, it effectively detects abnormal data based on the trained model characterized by the optimally determined number of frames and a loss threshold. It was verified and evaluated using four types of attack data, i.e. DoS attacks, gear spoofing attacks, RPM spoofing attacks, and fuzzy attacks. Compared with conventional unsupervised learning-based models, it has achieved over 99% detection performance across all evaluation metrics.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.26 no.5
• /
• pp.361-367
• /
• 2016

The intruder detection system using digital PIR sensor has the problem that it can't recognize human correctly. In this paper, we suggest a new intruder detection system based on analog PIR sensor to get around the drawbacks of the digital PIR sensor. The analog type PIR sensor emits the voltage output at various levels whereas the output of the digitial PIR sensor is binary. The signal captured using analog PIR sensor is sampled, and its frequency feature is extracted using FFT or MFCC. The extracted features are used for the input of neural networks. After neural network is trained using various human and pet's intrusion data, it is used for classifying human and pet in the intrusion situation.

• Journal of Internet Computing and Services
• /
• v.10 no.2
• /
• pp.1-13
• /
• 2009

Intrusion detection is a process that identifies the attacks and responds to the malicious intrusion actions for the protection of the computer and the network resources. Due to the fast development of the Internet, the types of intrusions become more complex recently and need immediate and correct responses because the frequent occurrences of a new intrusion type rise rapidly. Therefore, to solve these problems of the intrusion detection systems, we propose a sequential pattern miner for analysis of the alert data in order to support intelligent and automatic detection of the intrusion. Sequential pattern mining is one of the methods to find the patterns among the extracted items that are frequent in the fixed sequences. We apply the prefixSpan algorithm to find out the alert sequences. This method can be used to predict the actions of the sequential patterns and to create the rules of the intrusions. In this paper, we propose an extended prefixSpan algorithm which is designed to consider the specific characteristics of the alert data. The extended sequential pattern miner will be used as a part of alert data analyzer of intrusion detection systems. By using the created rules from the sequential pattern miner, the HA(high-level alert analyzer) of PEP(policy enforcement point), usually called IDS, performs the prediction of the sequence behaviors and changing patterns that were not visibly checked.

• Journal of the Korean Society of Industry Convergence
• /
• v.20 no.2
• /
• pp.177-186
• /
• 2017

With the latest developments in ICT(Information Communication Technology) technology, research on Intelligent Car, Connected Car that support autonomous driving or services is actively underway. It is true that the number of inputs linked to external connections is likely to be exposed to a malicious intrusion. I studied possible security issues that may occur within the Connected Car. A variety of security issues may arise in the use of CAN, the most typical internal network of vehicles. The data can be encrypted by encrypting the entire data within the CAN network system to resolve the security issues, but can be time-consuming and time-consuming, and can cause the authentication process to be carried out in the event of a certification procedure. To resolve this problem, CAN network system can be used to authenticate nodes in the network to perform a unique authentication of nodes using nodes in the network to authenticate nodes in the nodes and By encoding the ID, identifying the identity of the data, changing the identity of the ID and decryption algorithm, and identifying the cipher and certification techniques of the external invader, the encryption and authentication techniques could be detected by detecting and verifying the external intruder. Add a monitoring node to the CAN network to resolve this. Share a unique ID that can be authenticated using the server that performs the initial certification of nodes within the network and encrypt IDs to secure data. By detecting external invaders, designing encryption and authentication techniques was designed to detect external intrusion and certification techniques, enabling them to detect external intrusions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2610-2628
• /
• 2019

Advanced persistent threats (APTs) are constant attacks of specific targets by hackers using intelligent methods. All current internal infrastructures are constantly subject to APT attacks created by external and unknown malware. Therefore, information security officers require a framework that can assess whether information security systems are capable of detecting and blocking APT attacks. Furthermore, an on-line evaluation of information security systems is required to cope with various malicious code attacks. A regular evaluation of the information security system is thus essential. In this paper, we propose a dynamic updated evaluation framework to improve the detection rate of internal information systems for malware that is unknown to most (over 60 %) existing static information security system evaluation methodologies using non-updated unknown malware.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.13 no.1
• /
• pp.119-124
• /
• 2003

In this paper, we modeled positive selection and negative selection that is developing process of cytotoxic T-cell that plays important role in biological immune system. Also, we developed change detection algorithm, which is very Important part in detecting data change by intrusion and data infection by computer virus. Proposed method is the algorithm that produces MHC receptor lot recognizing self and antigen detector for recognizing non-self. Therefore, proposed method detects self and intruder by two type of detectors like real immune system. We show the effectiveness and characteristics of proposed change detection algorithm by simulation about point and block change of self file.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.13 no.2
• /
• pp.169-174
• /
• 2003

The trial and success of malicious cyber attacks has been increased rapidly with spreading of Internet and the activation of a internet shopping mall and the supply of an online, or an offline internet, so it is expected to make a problem more and more. The goal of intrusion detection is to identify unauthorized use, misuse, and abuse of computer systems by both system insiders and external penetrators in real time. In fact, the general security system based on Internet couldn't cope with the attack properly, if ever. other regular systems have depended on common vaccine softwares to cope with the attack. But in this paper, we will use the positive selection and negative selection mechanism of T-cell, which is the biologically distributed autonomous system, to develop the self/nonself recognition algorithm and AIS (Artificial Immune System) that is easy to be concrete on the artificial system. For making it come true, we will apply AIS to the network environment, which is a computer security system.