• Title/Summary/Keyword: Intrusion error

Search Result 48, Processing Time 0.033 seconds

A Study on Intrusion Detection Using Deep Learning-based Weight Measurement with Multimode Fiber Speckle Patterns

  • Hyuek Jae Lee
    • Current Optics and Photonics
    • /
    • v.8 no.5
    • /
    • pp.508-514
    • /
    • 2024
  • This paper presents a deep learning-based weight sensor, using optical speckle patterns of multimode fiber, designed for real-time intrusion detection. The weight sensor has been trained to identify 11 distinct speckle patterns, ranging in weight from 0.0 kg to 2.0 kg, with an interval of 200 g between each pattern. The estimation for untrained weights is based on the generalization capability of deep learning. This results in an average weight error of 243.8 g. Although this margin of error precludes accurate weight measurement, the system's ability to detect abrupt weight changes makes it a suitable choice for intrusion detection applications. The weight sensor is integrated with the Google Teachable Machine, and real-time intrusion notifications are facilitated by the ThingSpeakTM cloud platform, an open-source Internet of Things (IoT) application developed by MathWorks.

Design of Hybrid Network Probe Intrusion Detector using FCM

  • Kim, Chang-Su;Lee, Se-Yul
    • Journal of information and communication convergence engineering
    • /
    • v.7 no.1
    • /
    • pp.7-12
    • /
    • 2009
  • The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

An Intelligent Intrusion Detection Model Based on Support Vector Machines and the Classification Threshold Optimization for Considering the Asymmetric Error Cost (비대칭 오류비용을 고려한 분류기준값 최적화와 SVM에 기반한 지능형 침입탐지모형)

  • Lee, Hyeon-Uk;Ahn, Hyun-Chul
    • Journal of Intelligence and Information Systems
    • /
    • v.17 no.4
    • /
    • pp.157-173
    • /
    • 2011
  • As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. This means the fatal damage can be caused by these intrusions in the government agency, public office, and company operating various systems. For such reasons, there are growing interests and demand about the intrusion detection systems (IDS)-the security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. The intrusion detection models that have been applied in conventional IDS are generally designed by modeling the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. These kinds of intrusion detection models perform well under the normal situations. However, they show poor performance when they meet a new or unknown pattern of the network attacks. For this reason, several recent studies try to adopt various artificial intelligence techniques, which can proactively respond to the unknown threats. Especially, artificial neural networks (ANNs) have popularly been applied in the prior studies because of its superior prediction accuracy. However, ANNs have some intrinsic limitations such as the risk of overfitting, the requirement of the large sample size, and the lack of understanding the prediction process (i.e. black box theory). As a result, the most recent studies on IDS have started to adopt support vector machine (SVM), the classification technique that is more stable and powerful compared to ANNs. SVM is known as a relatively high predictive power and generalization capability. Under this background, this study proposes a novel intelligent intrusion detection model that uses SVM as the classification model in order to improve the predictive ability of IDS. Also, our model is designed to consider the asymmetric error cost by optimizing the classification threshold. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, when considering total cost of misclassification in IDS, it is more reasonable to assign heavier weights on FNE rather than FPE. Therefore, we designed our proposed intrusion detection model to optimize the classification threshold in order to minimize the total misclassification cost. In this case, conventional SVM cannot be applied because it is designed to generate discrete output (i.e. a class). To resolve this problem, we used the revised SVM technique proposed by Platt(2000), which is able to generate the probability estimate. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 1,000 samples from them by using random sampling method. In addition, the SVM model was compared with the logistic regression (LOGIT), decision trees (DT), and ANN to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell 4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on SVM outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that our model reduced the total misclassification cost compared to the ANN-based intrusion detection model. As a result, it is expected that the intrusion detection model proposed in this paper would not only enhance the performance of IDS, but also lead to better management of FNE.

An Integrated Model based on Genetic Algorithms for Implementing Cost-Effective Intelligent Intrusion Detection Systems (비용효율적 지능형 침입탐지시스템 구현을 위한 유전자 알고리즘 기반 통합 모형)

  • Lee, Hyeon-Uk;Kim, Ji-Hun;Ahn, Hyun-Chul
    • Journal of Intelligence and Information Systems
    • /
    • v.18 no.1
    • /
    • pp.125-141
    • /
    • 2012
  • These days, the malicious attacks and hacks on the networked systems are dramatically increasing, and the patterns of them are changing rapidly. Consequently, it becomes more important to appropriately handle these malicious attacks and hacks, and there exist sufficient interests and demand in effective network security systems just like intrusion detection systems. Intrusion detection systems are the network security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. Conventional intrusion detection systems have generally been designed using the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. However, they cannot handle new or unknown patterns of the network attacks, although they perform very well under the normal situation. As a result, recent studies on intrusion detection systems use artificial intelligence techniques, which can proactively respond to the unknown threats. For a long time, researchers have adopted and tested various kinds of artificial intelligence techniques such as artificial neural networks, decision trees, and support vector machines to detect intrusions on the network. However, most of them have just applied these techniques singularly, even though combining the techniques may lead to better detection. With this reason, we propose a new integrated model for intrusion detection. Our model is designed to combine prediction results of four different binary classification models-logistic regression (LOGIT), decision trees (DT), artificial neural networks (ANN), and support vector machines (SVM), which may be complementary to each other. As a tool for finding optimal combining weights, genetic algorithms (GA) are used. Our proposed model is designed to be built in two steps. At the first step, the optimal integration model whose prediction error (i.e. erroneous classification rate) is the least is generated. After that, in the second step, it explores the optimal classification threshold for determining intrusions, which minimizes the total misclassification cost. To calculate the total misclassification cost of intrusion detection system, we need to understand its asymmetric error cost scheme. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, total misclassification cost is more affected by FNE rather than FPE. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 10,000 samples from them by using random sampling method. Also, we compared the results from our model with the results from single techniques to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell R4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on GA outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that the proposed model outperformed all the other comparative models in the total misclassification cost perspective. Consequently, it is expected that our study may contribute to build cost-effective intelligent intrusion detection systems.

The Hybrid Model using SVM and Decision Tree for Intrusion Detection (SVM과 의사결정트리를 이용한 혼합형 침입탐지 모델)

  • Um, Nam-Kyoung;Woo, Sung-Hee;Lee, Sang-Ho
    • The KIPS Transactions:PartC
    • /
    • v.14C no.1 s.111
    • /
    • pp.1-6
    • /
    • 2007
  • In order to operate a secure network, it is very important for the network to raise positive detection as well as lower negative detection for reducing the damage from network intrusion. By using SVM on the intrusion detection field, we expect to improve real-time detection of intrusion data. However, due to classification based on calculating values after having expressed input data in vector space by SVM, continuous data type can not be used as any input data. Therefore, we present the hybrid model between SVM and decision tree method to make up for the weak point. Accordingly, we see that intrusion detection rate, F-P error rate, F-N error rate are improved as 5.6%, 0.16%, 0.82%, respectively.

Design of NePID using Anomaly Traffic Analysis and Fuzzy Cognitive Maps (비정상 트래픽 분석과 퍼지인식도를 이용한 NePID 설계)

  • Kim, Hyeock-Jin;Ryu, Sang-Ryul;Lee, Se-Yul
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.10 no.4
    • /
    • pp.811-817
    • /
    • 2009
  • The rapid growth of network based IT systems has resulted in continuous research of security issues. Probe intrusion detection is an area of increasing concerns in the internet community. Recently, a number of probe intrusion detection schemes have been proposed based on various technologies. However, the techniques, which have been applied in many systems, are useful only for the existing patterns of probe intrusion. They can not detect new patterns of probe intrusion. Therefore, it is necessary to develop a new Probe Intrusion Detection technology that can find new patterns of probe intrusion. In this paper, we proposed a new network based probe intrusion detector(NePID) using anomaly traffic analysis and fuzzy cognitive maps that can detect intrusion by the denial of services attack detection method utilizing the packet analyses. The probe intrusion detection using fuzzy cognitive maps capture and analyze the packet information to detect syn flooding attack. Using the result of the analysis of decision module, which adopts the fuzzy cognitive maps, the decision module measures the degree of risk of denial of service attack and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.094% and the max-average false negative rate of 2.936%. The true positive error rate of the NePID is similar to that of Bernhard's true positive error rate.

A study on propagation of uncertainties for a mixing ratio calculation by seawater intrusion (해수침투 발생 시 혼합비 계산의 오차에 관한 연구)

  • Lee, Jeonghoon
    • Journal of the Geological Society of Korea
    • /
    • v.54 no.5
    • /
    • pp.579-584
    • /
    • 2018
  • It is crucial to determine a mixing ratio using an end-member mixing analysis when there is seawater intrusion. In this study, an error from the calculation of the mixing ratio between seawater and freshwater based on the principles of uncertainty was determined. I present the errors in the calculated mixing ratios as a function of the chemical difference between the mean seawater concentrations and standard deviations. The error is caused by: (1) the mixing ratio between seawater and freshwater; (2) the difference between the mean concentration and the standard deviation; and (3) the difference of the tracer concentration between freshwater and seawater (inversely). In particular, the error may determine hydrogeochemical process (either precipitation or dissolution) when a value of ionic delta (difference between measured and theoretical concentration) is close to zero during cation exchange by seawater intrusion.

The Design of Router Security Management System for Secure Networking

  • Jo, Su-Hyung;Kim, Ki-Young;Lee, Sang-Ho
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2005.06a
    • /
    • pp.1594-1597
    • /
    • 2005
  • A rapid development and a wide use of the Internet have expanded a network environment. Further, the network environment has become more complex due to a simple and convenient network connection and various services of the Internet. However, the Internet has been constantly exposed to the danger of various network attacks such as a virus, a hacking, a system intrusion, a system manager authority acquisition, an intrusion cover-up and the like. As a result, a network security technology such as a virus vaccine, a firewall, an integrated security management, an intrusion detection system, and the like are required in order to handle the security problems of Internet. Accordingly, a router, which is a key component of the Internet, controls a data packet flow in a network and determines an optimal path thereof so as to reach an appropriate destination. An error of the router or an attack against the router can damage an entire network. This paper relates to a method for RSMS (router security management system) for secure networking based on a security policy. Security router provides functions of a packet filtering, an authentication, an access control, an intrusion analysis and an audit trail in a kernel region. Security policy has the definition of security function against a network intrusion.

  • PDF

IKPCA-ELM-based Intrusion Detection Method

  • Wang, Hui;Wang, Chengjie;Shen, Zihao;Lin, Dengwei
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.7
    • /
    • pp.3076-3092
    • /
    • 2020
  • An IKPCA-ELM-based intrusion detection method is developed to address the problem of the low accuracy and slow speed of intrusion detection caused by redundancies and high dimensions of data in the network. First, in order to reduce the effects of uneven sample distribution and sample attribute differences on the extraction of KPCA features, the sample attribute mean and mean square error are introduced into the Gaussian radial basis function and polynomial kernel function respectively, and the two improved kernel functions are combined to construct a hybrid kernel function. Second, an improved particle swarm optimization (IPSO) algorithm is proposed to determine the optimal hybrid kernel function for improved kernel principal component analysis (IKPCA). Finally, IKPCA is conducted to complete feature extraction, and an extreme learning machine (ELM) is applied to classify common attack type detection. The experimental results demonstrate the effectiveness of the constructed hybrid kernel function. Compared with other intrusion detection methods, IKPCA-ELM not only ensures high accuracy rates, but also reduces the detection time and false alarm rate, especially reducing the false alarm rate of small sample attacks.

Tri-training algorithm based on cross entropy and K-nearest neighbors for network intrusion detection

  • Zhao, Jia;Li, Song;Wu, Runxiu;Zhang, Yiying;Zhang, Bo;Han, Longzhe
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.12
    • /
    • pp.3889-3903
    • /
    • 2022
  • To address the problem of low detection accuracy due to training noise caused by mislabeling when Tri-training for network intrusion detection (NID), we propose a Tri-training algorithm based on cross entropy and K-nearest neighbors (TCK) for network intrusion detection. The proposed algorithm uses cross-entropy to replace the classification error rate to better identify the difference between the practical and predicted distributions of the model and reduce the prediction bias of mislabeled data to unlabeled data; K-nearest neighbors are used to remove the mislabeled data and reduce the number of mislabeled data. In order to verify the effectiveness of the algorithm proposed in this paper, experiments were conducted on 12 UCI datasets and NSL-KDD network intrusion datasets, and four indexes including accuracy, recall, F-measure and precision were used for comparison. The experimental results revealed that the TCK has superior performance than the conventional Tri-training algorithms and the Tri-training algorithms using only cross-entropy or K-nearest neighbor strategy.