• IEIE Transactions on Smart Processing and Computing
• /
• 제5권3호
• /
• pp.169-177
• /
• 2016

To realize high-speed intrusion detection by accommodating many regular expression (regex)-based signatures and growing network link capacities, we propose the Service TimE-Aware Load-balancing (STEAL) algorithm. This work is motivated from the observation that utilization of a many-core network intrusion detection system (NIDS) is influenced by unfair computational distribution among many-core NIDS nodes. To avoid such unfair computational distribution, STEAL is designed to dynamically distribute a large volume of traffic among many-core NIDS nodes based on packet service time, which is represented by the deep packet time in many-core NIDS nodes. From experiments, we show that compared to the commonly used load-balancing algorithm based on arrival rate, STEAL increases the number of received packets (i.e., decreases the number of dropped packets) in many-core NIDS. Specifically, by integrating an open source NIDS (i.e. Bro) with STEAL, we show that even under attack-dominant traffic and with many signatures, STEAL can rapidly improve the performance of many-core NIDS to realize high-speed intrusion detection.

• International Journal of Computer Science & Network Security
• /
• 제24권1호
• /
• pp.107-118
• /
• 2024

With the seamless growth of the technology, network usage requirements are expanding day by day. The majority of electronic devices are capable of communication, which strongly requires a secure and reliable network. Network-based intrusion detection systems (NIDS) is a new method for preventing and alerting computers and networks from attacks. Machine Learning is an emerging field that provides a variety of ways to implement effective network intrusion detection systems (NIDS). Bagging and Boosting are two ensemble ML techniques, renowned for better performance in the learning and classification process. In this paper, the study provides a detailed literature review of the past work done and proposed a novel ensemble approach to develop a NIDS system based on the voting method using bagging and boosting ensemble techniques. The test results demonstrate that the ensemble of bagging and boosting through voting exhibits the highest classification accuracy of 99.98% and a minimum false positive rate (FPR) on both datasets. Although the model building time is average which can be a tradeoff by processor speed.

• Journal of Information Processing Systems
• /
• 제19권5호
• /
• pp.688-701
• /
• 2023

The conventional methods of network intrusion detection system (NIDS) cannot measure the trend of intrusiondetection targets effectively, which lead to low detection accuracy. In this study, a NIDS method which based on a deep neural network in a big-data environment is proposed. Firstly, the entire framework of the NIDS model is constructed in two stages. Feature reduction and anomaly probability output are used at the core of the two stages. Subsequently, a convolutional neural network, which encompasses a down sampling layer and a characteristic extractor consist of a convolution layer, the correlation of inputs is realized by introducing bidirectional long short-term memory. Finally, after the convolution layer, a pooling layer is added to sample the required features according to different sampling rules, which promotes the overall performance of the NIDS model. The proposed NIDS method and three other methods are compared, and it is broken down under the conditions of the two databases through simulation experiments. The results demonstrate that the proposed model is superior to the other three methods of NIDS in two databases, in terms of precision, accuracy, F1- score, and recall, which are 91.64%, 93.35%, 92.25%, and 91.87%, respectively. The proposed algorithm is significant for improving the accuracy of NIDS.

• 한국산업정보학회논문지
• /
• 제8권1호
• /
• pp.75-82
• /
• 2003

인터넷의 대중화로 인한 네트워크의 급속한 팽창으로 보안관리가 중요하게 인식되고 있다. 특히, 이상패킷을 이용한 공격들은 비정상적인 패킷들을 통하여 침입탐지 시스템이나 침입차단 시스템을 우회하여 공격하기 때문에 탐지해 내기가 어렵다. 본 논문에서는 이상패킷을 이용한 공격들을 실시간에 효율적으로 탐지할 수 있는 네트워크 기반의 침입탐지 시스템을 설계하고 구현한다. 침입탐지 시스템을 설계하기 위하여 먼저 침입 탐지를 위한 패턴을 분류하고 이를 기반으로 해싱기법이 적용된 룰트리를 생성한다. 생성된 룰트리를 기반으로 제안한 시스템은 이상패킷 공격을 효율적으로 실시간에 탐지한다.

• International journal of advanced smart convergence
• /
• 제11권4호
• /
• pp.10-19
• /
• 2022

AI-based Network Intrusion Detection Systems (AI-NIDS) detect network attacks using machine learning and deep learning models. Recently, unsupervised AI-NIDS methods are getting more attention since there is no need for labeling, which is crucial for building practical NIDS systems. This paper aims to test the impact of designing autoencoder models that can be applied to unsupervised an AI-NIDS in real network systems. We collected security events of legacy network security system and carried out an experiment. We report the results and discuss the findings.

• International journal of advanced smart convergence
• /
• 제12권2호
• /
• pp.67-75
• /
• 2023

Recently, many studies have been conducted on ways to utilize AI technology in NIDS (Network Intrusion Detection System). In particular, CNN-based NIDS generally shows excellent performance. CNN is basically a method of using correlation between pixels existing in an image. Therefore, the method of generating an image is very important in CNN. In this paper, the performance comparison of CNN-based NIDS according to the image generation method was performed. The image generation methods used in the experiment are a direct conversion method and a one-hot encoding based method. As a result of the experiment, the performance of NIDS was different depending on the image generation method. In particular, it was confirmed that the method combining the direct conversion method and the one-hot encoding based method proposed in this paper showed the best performance.

• 한국컴퓨터정보학회논문지
• /
• 제8권3호
• /
• pp.156-162
• /
• 2003

네트워크 환경 및 사용자의 응용 서비스 증가로 인하여 정보보호분야 및 개인정보보호는 매우 중요한 분야가 되었다. 이와 더불어 불특정 미상신호에 대한 검출기법이 증대되어야 하지만 정보량 증가 및 정보매체의 다양화에 의하여 효율적인 미상신호 검출방법이 요구되어지고 있다. 그러므로 본 논문에서는 비인 가신호 또는 불법적인 외부접근등과 같은 미상신호의 검출을 위하여 입력정보로부터 미상신호를 효율적으로 구별할 수 있는 NIDS(network intrusion detection system)를 설계하였다. 설계된 NIDS는 기존 NIDS 신호구별에 사용되는 방법을 통합하여 보다 효율적인 성능을 가지도록 하였다. 제안된 시스템의 설계는 Synopsys Ver. 1999과 VHDL을 이용하였다. 제안된 NIDS는 대용량 데이터와 다양한 매체정보에 대하여 모두 적용되므로 시스템 자원의 활용을 극대화할 것으로 사료된다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제18권2호
• /
• pp.494-510
• /
• 2024

Internet users are exposed to sophisticated cyberattacks that intrusion detection systems have difficulty detecting. Therefore, research is increasing on intrusion detection methods that use artificial intelligence technology for detecting novel cyberattacks. Unsupervised learning-based methods are being researched that learn only from normal data and detect abnormal behaviors by finding patterns. This study developed an anomaly-detection method based on unsupervised machines and deep learning for a network intrusion detection system (NIDS). We present a hybrid anomaly detection approach based on unsupervised learning techniques using the autoencoder (AE), Isolation Forest (IF), and Local Outlier Factor (LOF) algorithms. An oversampling approach that increased the detection rate was also examined. A hybrid approach that combined deep learning algorithms and traditional machine learning algorithms was highly effective in setting the thresholds for anomalies without subjective human judgment. It achieved precision and recall rates respectively of 88.2% and 92.8% when combining two AEs, IF, and LOF while using an oversampling approach to learn more unknown normal data improved the detection accuracy. This approach achieved precision and recall rates respectively of 88.2% and 94.6%, further improving the detection accuracy compared with the hybrid method. Therefore, in NIDS the proposed approach provides high reliability for detecting cyberattacks.

• 한국정보과학회논문지:정보통신
• /
• 제31권4호
• /
• pp.363-374
• /
• 2004

본 논문은 ASIC에 상응하는 성능을 가지며 일반 프로세서에 상응하는 유연성을 지닌 네트워크 프로세서(NP: Network Processor)를 사용하여 인-라인 모드 네트워크 기반 침입탐지시스템(NIDS: Network-based Intrusion Detection System)을 제안한다. NP를 이용한 다양한 네트워크 응용들이 제안되고 있으나, NIDS에 직접 적용한 예는 아직 없다. 제안된 NIDS는 패킷 차단과 트래픽 미터링 뿐만 아니라 공격을 검출하기 위해 패킷 내용을 검색한다. 특히, 2-레벨 탐색 기법은 패킷 차단과 트래픽 미터링 기능을 복잡하고 많은 시간을 요하는 패킷 내용 검색 기능과 분리시킴으로서 인-라인 모드 시스템의 성능, 안전성, 그리고 확장성을 향상시켰다. 한편 PC 플랫폼과 Agere PayloadPlus (APP) 2.5G NP를 사용한 프로토-타입을 구현하였고, APP NP에 적용될 패킷 내용 검색 알고리즘을 제안하였다.

• International Journal of Computer Science & Network Security
• /
• 제24권4호
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.