• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.271-276
• /
• 2008

The intrusion detection system is one of the active fields of research in wireless networks. Intrusion detection in wireless mobile Ad hoc network is challenging because the network topologies is dynamic, lack centralization and are vulnerable to attacks. This paper is about the effective enhancement of the IDS technique that is being implemented in the mobile ad hoc network and deals with security and vulnerabilities issues which results in the better performance and detection of the intrusion.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 1999.03a
• /
• pp.373-379
• /
• 1999

This pqer investigates the subject of intrusion detection over networks. Existing network-based IDS's are categorised into three groups and the overall architecture of each group is summarised and assessed. A new methodology to this problem is then presented, which is inspired by the human immune system and based on a novel artificial immune model. The architecture of the model is presented and its characteristics are compared with the requirements of network-based IDS's. The paper concludes that this new approach shows considerable promise for future network-based IDS's.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.676-679
• /
• 2001

As network security is coning up with significant problem after the major Internet sites were hacked nowadays, IDS(Intrusion Detection System) is considered as a next generation security solution for more reliable network and system security rather than firewall. In this paper, we propose the new IDS model which tan detect intrusion in different systems as well as which ran make real-time detection of intrusion in the expanded distributed environment in host level of drawback of existing IDS. We implement its prototype and verify its validity. We use pattern extraction agent so that we can extract automatically audit file needed in distributed intrusion detection even in other platforms.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.5819-5840
• /
• 2018

Considering the topology of hierarchical tree structure, each cluster in WSNs is faced with various attacks launched by malicious nodes, which include network eavesdropping, channel interference and data tampering. The existing intrusion detection algorithm does not take into consideration the resource constraints of cluster heads and sensor nodes. Due to application requirements, sensor nodes in WSNs are deployed with approximately uncorrelated security weights. In our study, a novel and versatile intrusion detection system (IDS) for the optimal defense strategy is primarily introduced. Given the flexibility that wireless communication provides, it is unreasonable to expect malicious nodes will demonstrate a fixed behavior over time. Instead, malicious nodes can dynamically update the attack strategy in response to the IDS in each game stage. Thus, a multi-stage intrusion detection game (MIDG) based on Bayesian rules is proposed. In order to formulate the solution of MIDG, an in-depth analysis on the Bayesian equilibrium is performed iteratively. Depending on the MIDG theoretical analysis, the optimal behaviors of rational attackers and defenders are derived and calculated accurately. The numerical experimental results validate the effectiveness and robustness of the proposed scheme.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.57-69
• /
• 2011

Many heterogeneous Intrusion Detection Systems(IDSs) based in misuse detection technique including the self-developed IDS are now operating in Defense-ESM(Enterprise Security Management System). IDS based on misuse detection may have different capability in the intrusion detection process according to the frequency and quality of its signature update. This makes the integration and collaboration with other IDSs more difficult. In this paper, with the purpose of creating the proper foundation for integration and collaboration between heterogeneous IDSs being operated in Defense-ESM, we propose an effective mechanism that can enable one IDS to propagate its new detection rules to other IDSs and receive updated rules from others. We also prove the performance of rule exchange and application possibility to defense environment through the implementation and experiment.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1577-1580
• /
• 2005

With remarkable growth of using Internet, attempts to try intrusions on network are now increasing. Intrusion Detection System is a security system which detects and copes illegal intrusions. Especially with increasing dispersive attacks through network, concerns for this Distributed Intrusion Detection are also rising. The previous Intrusion Detection System has difficulty in coping cause it detects intrusions only on particular network and only same segment. About same attacks, system lacks capacity of combining information and related data. Also it lacks cooperations against intrusions. Systematic and general security controls can make it possible to detect intrusions and deal with intrusions and predict. This paper considers Distributed Intrusion Detection preventing attacks and suggests the way sending active packets between nodes safely and performing in corresponding active node certainly. This study suggested improved E-IDS system which prevents service attacks and also studied sending messages safely by encoding. Encoding decreases security attacks in active network. Also described effective ways of dealing intrusions when misuses happens thorough case study. Previous network nodes can't deal with hacking and misuses happened in the middle nodes at all, cause it just encodes ends. With above suggested ideas, problems caused by security services can be improved.

• Journal of the Speleological Society of Korea
• /
• no.80
• /
• pp.11-19
• /
• 2007

Most studies in the past in testing and benchmarking on Intrusion Detection System (IDS) were conducted as comparisons, rather than evaluation, on different IDSs. This paper presents the evaluation of the performance of one of the open source IDS, snort, in an inexpensive high availability system configuration. Redundancy and fault tolerance technology are used in deploying such IDS, because of the possible attacks that can make snort exhaust resources, degrade in performance and even crash. Several test data are used in such environment and yielded different results. CPU speed, Disk usage, memory utilization and other resources of the IDS host are also monitored. Test results with the proposed system configuration environment shows much better system availability and reliability, especially on security systems.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.727-738
• /
• 2003

Much research efforts are being exerted for the study of intrusion detection system(IDS). However little work has been for the communication medels and performance eveluation of the IDS. Here we present a communication framework for doing hybrid intrusion detection in which agents are used for local intrusion detections with a centralized data anaysis componenta for a global intrusion detection at multiple domains environment. We also assume the combination of host-based and network-based intrusion detection systems in the oberall framework. From the local domain, a set of information such as alert, and / or log data are reported to the upper level. At the root of the hierarchy, there is a global manager where data coalescing is performed. The global manager delivers a security policy to its lower levels as the result of aggregation and correlation of intrusion detection alerts. In this paper, we model the communication mechanisms for the hybrid IDS and develop a simular using OPNET modeller for the performance evaluation of transmission capabillities for the delivery of data and policy. We present and compare simulation results based on several scenarios focuding on communication delay.

• The Journal of the Korea Contents Association
• /
• v.9 no.4
• /
• pp.131-141
• /
• 2009

An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. This paper proposes an intrusion detection system based outflow traffic analysis. Many research efforts and commercial products have focused on preventing intrusion by filtering known exploits or unknown ones exploiting known vulnerabilities. Complementary to these solutions, the proposed IDS can detect intrusion of unknown new mal ware before their signatures are widely distributed. The proposed IDS is consists of a outflow detector, user monitor, process monitor and network monitor. To infer user intent, the proposed IDS correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. As a complement to existing prevention system, proposed IDS decreases the danger of information leak and protects computers and networks from more severe damage.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.642-645
• /
• 2012

MANET has disadvantage for information intrusion caused from non-infra structure. That is based on mixed problems caused from terminal devices has no capability of various resources using abilities to run intrusion prevention function, and also from difficulty of no easy using infra structural server like as firewall. In this paper, transmission performances, be effected from information intrusion and IDS(Intrusion Detection System), are analyzed for large scale MANET, and weakness from information intrusion of MANET are studied. This study is for large scale MANET which has some large communication area and lots of nodes, voice traffic, based on VoIP protocols, is considered as application services be transmitted over MANETs. Computer simulation using NS-2 is used to measure and show MOS and call connection ratios.