• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.81-90
• /
• 2003

The presence of the intrusion is judged by intrusion detection system based on the audit log and the Performance of this system depends on how correctly and effectively it has been described about the intrusion pattern with audit log. In this paper, the relativity concerning intrusion is demonstrated among the information those are ‘System call, Network packet and Syslog’ and the related pattern of the state-transition-based method and those rule-based pattern is identified. By applying this correlation to them, the accuracy rate of detection was able to be improved. Especially, the availability of detection with correlation pattern through Covert Channel detection test has been substantiated.

• The KIPS Transactions:PartC
• /
• v.12C no.4 s.100
• /
• pp.609-616
• /
• 2005

Signature-based Intrusion Detection has many false positive and many difficulties to detect new and changed attacks. Alpha-cut is introduced which reduces false positive with a combination of signature-based IDS and machine learning-based IDS in prior paper [1]. This research is a study of a succession of Alpha-cut, and we introduce Beta-rick in which attacks can be detected but cannot be detected in single signature-based detection. Alpha-cut is a way of increasing detection accuracy for the signature based IDS, Beta-pick is a way which decreases the case of treating attack as normality. For Alpha-cut and Beta-pick we use XIBL as a learning algorithm and also show the difference of result of Sd.5. To describe the value of proposed method we apply Alpha-cut and Beta-pick to signature-based IDS and show the decrease of false alarms.

• The KIPS Transactions:PartC
• /
• v.9C no.4
• /
• pp.473-480
• /
• 2002

Although many researches on IDS (Intrusion Detection System) have been performed, the most of them are limited to the algorithm of detection software. However, even an IDS with superior algorithm can not detect intrusion, if it loses packets which nay have a clue of intrusions. In this paper, we suggest an efficient wav to improve the performance of IDS by reducing packet losses occurred due to hardware limitation and abundant processing overhead introduced by massive detection software itself. The reduction in packet losses is achieved by dropping hacking-free packets. The result shows that this decrease of packet losses leads an IDS to improve the detection rate of real attack.

• The Journal of the Korea Contents Association
• /
• v.6 no.12
• /
• pp.29-39
• /
• 2006

With the increasing popularity of the wireless network, the vulnerability issue on IEEE 802.1x Wireless Local Area Network (WLAN) are more serious than we expected. Security issues range from mis-configured wireless Access Point(AP) such as session hijacking to Denial of Service(DoS) attack. We propose a new system based on intrusion detection or prevention mechanism to protect the wireless network against these attacks. The proposed system has a security solution on AP that includes an intrusion detection and protection system(IDS/IPS) as an embedded module. In this paper, we suggest integrated wireless IDS/IPS module on AP with wireless traffic monitoring, analysis and packet filtering module against malicious wireless attacks. We also present that the system provides both enhanced security and performance such as on the university wireless campus network.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2002.05d
• /
• pp.930-935
• /
• 2002

본 논문은 불법 침입 탐지를 위한 정보시스템 구축에 있어 많은 연구가 진행되고 있는 침입 탐지 시스템(IDS: Intrusion Detection System)중 네트워크 기반의 오용(Misuse) 탐지 모델을 이용하여 침입 탐지 시스템을 설계 및 구현하였다. 구현된 침입 탐지 시스템은 K4 인증 기준을 모델로 삼았으며, 탐지하는 시그너쳐의 분류상 Content, DoS, Probing을 대상으로 설계되었으며, 원격으로 시스템의 관리와 감독이 가능하도록 구현하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.93-98
• /
• 2012

MANET composed of only moving nodes is concerned to core technology to construct ubiquitous computing environment. Also, it is a lack of security because of no middle infrastructure. So, it is necessary to intrusion detection system which can track malicious attack. In this study, cluster was used to stable intrusion detection, and rule about various attacks was defined to detect accurately attack that seems like network problem. Proposed method through experience was confirmed that stable detection rate was showed although number of nodes increase.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.755-778
• /
• 2024

In recent years, the number of devices being connected to the internet has grown enormously, as has the intrusive behavior in the network. Thus, it is important for intrusion detection systems to report all intrusive behavior. Using deep learning and machine learning algorithms, intrusion detection systems are able to perform well in identifying attacks. However, the concern with these deep learning algorithms is their inability to identify a suitable network based on traffic volume, which requires manual changing of hyperparameters, which consumes a lot of time and effort. So, to address this, this paper offers a solution using the extended compact genetic algorithm for the automatic tuning of the hyperparameters. The novelty in this work comes in the form of modeling the problem of identifying attacks as a multi-objective optimization problem and the usage of linkage learning for solving the optimization problem. The solution is obtained using the feature map-based Convolutional Neural Network that gets encoded into genes, and using the extended compact genetic algorithm the model is optimized for the detection accuracy and latency. The CIC-IDS-2017 and 2018 datasets are used to verify the hypothesis, and the most recent analysis yielded a substantial F1 score of 99.23%. Response time, CPU, and memory consumption evaluations are done to demonstrate the suitability of this model in a fog environment.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.7-12
• /
• 2009

It is very difficult to completely block the DDoS attack, which paralyzes services by depleting resources or occupying the network bandwidth by transmitting a vast amount of traffic to the specific website or server from normal users' PCs that have been already infected by an outside attacker. In order to defense or endure the DDoS attack, we usually use various solutions such as IDS (Intrusion Detection System), IPS (Intrusion Prevention System), ITS (Intrusion Tolerance System), FW (Firewall), and the dedicated security equipment against DDoS attack. However, diverse types of security appliances cause the cost problem, besides, the full function of the equipments are not performed well owing to the unproper setting without considering connectivity among systems. In this paper, we present the effective connectivity of security equipments and countermeasure methodology against DDoS attack. In practice, it is approved by experimentation that this designed methdology is better than existing network structure in the efficiency of block and endurance. Therefore, we would like to propose the effective security control measures responding and enduring against discriminated DDoS attacks through this research.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.1
• /
• pp.87-94
• /
• 2009

The intrusion detection system is one of the active fields of research in wireless networks. Intrusion detection in wireless mobile Ad hoc network is challenging because the network topologies are dynamic, lack centralization and are vulnerable to attacks. Detection of malicious nodes in an open ad-hoc network in which participating nodes do not have previous security association has to face number of challenges which is described in this paper. This paper is about determining the malicious nodes under critical conditions in the mobile ad-hoc network and deals with security and vulnerabilities issues which results in the better performance and detection of the intrusion.

• International Journal of Contents
• /
• v.1 no.2
• /
• pp.22-25
• /
• 2005

Enterprise security management system: Enterprise Security Management (EMS) is centralized integrated management of other kind of security solutions such as intrusion cutoff system, intrusion detection system and virtual private network. With the system, it is possible to establish security policies for entire IT system through interlocking of solutions. A security system of company network is progressing as a ESM(Enterprise Security Management) in existing security solution foundation. The establishment of the security policy is occupying very important area in ESM of the security system. We tried to analyze existing ESM system for this and designed security solution structure for enhancing the inside security. We applied implementing directly IDS system and tested. This test set the focus about inside security