• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.5 no.3
• /
• pp.158-163
• /
• 2012

This paper proposes an FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) design that detects anomaly and misuse attacks by using a Naive Bayesian algorithm, Data Mining, and Fuzzy Logic. The NB-AAD(Naive Bayesian based Anomaly Attack Detection) technique using a Naive Bayesian algorithm within the FHIDS detects anomaly attacks. The DM-MAD(Data Mining based Misuse Attack Detection) technique using Data Mining within it analyzes the correlation rules among packets and detects new attacks or transformed attacks by generating the new rule-based patterns or by extracting the transformed rule-based patterns. The FLD(Fuzzy Logic based Decision) technique within it judges the attacks by using the result of the NB-AAD and DM-MAD. Therefore, the FHIDS is the hybrid attack detection system that improves a transformed attack detection ratio, and reduces False Positive ratio by making it possible to detect anomaly and misuse attacks.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.525-532
• /
• 2003

This paper describes intrusion detection rule management using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed approach, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2 (Network Simulator) with respect to time.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.8
• /
• pp.781-790
• /
• 2004

This paper describes intrusion detection rule mangement using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed appraoch, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2(Network Simulator) with respect to time.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.1-8
• /
• 2008

The pattern matching part of Intrusion Detection System based on misuse-detection mechanism needs much processing time and resources, and it has become a bottleneck in system performance. Moreover, it derives denial-of-service attack. In this paper, we propose (1) framework architecture that is strong against denial-of-service attack and (2) efficient pattern matching method especially for web server system. By using both of these 2 methods, we can maintain web server system efficiently secure against attacks including denial-of-service.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.1
• /
• pp.1-12
• /
• 2010

Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks,from 0.62 to 0.84 about 35%.

• The KIPS Transactions:PartC
• /
• v.11C no.3
• /
• pp.301-308
• /
• 2004

Misuse IDS is known to have an acceptable accuracy but suffers from high rates of false alarms. We show a behavior based alarm reduction with a memory-based machine learning technique. Our extended form of IBL, (XIBL) examines SNORT alarm signals if that signal is worthy sending signals to security manager. An experiment shows that there exists an apparent difference between true alarms and false alarms with respect to XIBL behavior This gives clear evidence that although an attack in the network consists of a sequence of packets, decisions over Individual packet can be used in conjunction with misuse IDS for better performance.

• Journal of Communications and Networks
• /
• v.12 no.4
• /
• pp.375-381
• /
• 2010

A flooding attack, such as DoS or Worm, can be easily created or even downloaded from the Internet, thus, it is one of the main threats to servers on the Internet. This paper presents an online real-time network response system, which can determine whether a LAN is suffering from a flooding attack within a very short time unit. The detection engine of the system is based on the incremental mining of fuzzy association rules from network packets, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The incremental mining approach makes the system suitable for detecting, and thus, responding to an attack in real-time. This system is evaluated by 47 flooding attacks, only one of which is missed, with no false positives occurring. The proposed online system belongs to anomaly detection, not misuse detection. Moreover, a mechanism for dynamic firewall updating is embedded in the proposed system for the function of eliminating suspicious connections when necessary.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.65-76
• /
• 2006

This paper deals with an effective algerian aimed at improving the port scan detection in an intrusion detection system (IDS). In particular, a detection correlation algerian is proposed to maximize the detection capability in the network-based IDS whereby the 'misuse' is flagged for analysis to establish intrusion profile in relation to the overall port scan detection process. In addition, we establish an appropriate system maintenance policy for port scan detection as preprocessor for improved port scan in IDS, thereby achieving minimum false positive in the misuse detection engine while enhancing the system performance.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.199-207
• /
• 2010

Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks, from 0.62 to 0.84 about 35%.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.245-248
• /
• 2011

Voice over Internet protocol(VoIP) is call's contents using the existing internet. Thus, in common with the Internet service has the same vulnerability. In addition, unlike traditional PSTN remotely without physical access to hack through the eavesdropping is possible. Cyber terrorism by anti-state groups take place when the agency's computer network and telephone system at the same time work is likely to get upset. In this paper is penetration testing for security threats(Call interception, eavesdropping, misuse of services) set out in the NIS in the VoIP. In addition, scenario writing and penetration testing, hacking through the Voice over Internet protocol at the examination center will study discovered vulnerabilities. Vulnerability discovered in Voice over Internet protocol presents an attack and defense plan.