• Title/Summary/Keyword: Network anomaly

Search Result 274, Processing Time 0.034 seconds

Detection of Abnormal CAN Messages Using Periodicity and Time Series Analysis (CAN 메시지의 주기성과 시계열 분석을 활용한 비정상 탐지 방법)

  • Se-Rin Kim;Ji-Hyun Sung;Beom-Heon Youn;Harksu Cho
    • The Transactions of the Korea Information Processing Society
    • /
    • v.13 no.9
    • /
    • pp.395-403
    • /
    • 2024
  • Recently, with the advancement of technology, the automotive industry has seen an increase in network connectivity. CAN (Controller Area Network) bus technology enables fast and efficient data communication between various electronic devices and systems within a vehicle, providing a platform that integrates and manages a wide range of functions, from core systems to auxiliary features. However, this increased connectivity raises concerns about network security, as external attackers could potentially gain access to the automotive network, taking control of the vehicle or stealing personal information. This paper analyzed abnormal messages occurring in CAN and confirmed that message occurrence periodicity, frequency, and data changes are important factors in the detection of abnormal messages. Through DBC decoding, the specific meanings of CAN messages were interpreted. Based on this, a model for classifying abnormalities was proposed using the GRU model to analyze the periodicity and trend of message occurrences by measuring the difference (residual) between the predicted and actual messages occurring within a certain period as an abnormality metric. Additionally, for multi-class classification of attack techniques on abnormal messages, a Random Forest model was introduced as a multi-classifier using message occurrence frequency, periodicity, and residuals, achieving improved performance. This model achieved a high accuracy of over 99% in detecting abnormal messages and demonstrated superior performance compared to other existing models.

Design of Multi-Level Abnormal Detection System Suitable for Time-Series Data (시계열 데이터에 적합한 다단계 비정상 탐지 시스템 설계)

  • Chae, Moon-Chang;Lim, Hyeok;Kang, Namhi
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.16 no.6
    • /
    • pp.1-7
    • /
    • 2016
  • As new information and communication technologies evolve, security threats are also becoming increasingly intelligent and advanced. In this paper, we analyze the time series data continuously entered through a series of periods from the network device or lightweight IoT (Internet of Things) devices by using the statistical technique and propose a system to detect abnormal behaviors of the device or abnormality based on the analysis results. The proposed system performs the first level abnormal detection by using previously entered data set, thereafter performs the second level anomaly detection according to the trust bound configured by using stored time series data based on time attribute or group attribute. Multi-level analysis is able to improve reliability and to reduce false positives as well through a variety of decision data set.

A survey and categorization of anomaly detection in online games (온라인 게임에서의 이상 징후 탐지 기법 조사 및 분류)

  • Kwak, Byung Il;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1097-1114
    • /
    • 2015
  • As the online game market grows, illegal activities such as cheating play using game bots or game hack programs, running private servers, hacking game companies' system and network, and account theft are also increasing. There are various security measures for online games to prevent illegal activities. However, the current security measures are not enough to prevent all highly evolving game attacks and frauds. Some security measure can do harm game players usability, game companies need to develop usable security measure that is well fit to game genre and contents design. In this study, we surveyed the recent trend of various security measure applied in online games. This research also classified illegal activities and their related countermeasure for detection and prevention.

On the Hybrid Intrusion Detection System based Biometric Efficiency (생체 면역 기반의 하이브리드 침입 탐지 시스템에 관하여)

  • 양은목;이상용;서창호;김석우
    • Convergence Security Journal
    • /
    • v.1 no.1
    • /
    • pp.57-68
    • /
    • 2001
  • Computer security is considered important because of the side effect generated from the expansion of computer network and rapid increase of the use of computer. Intrusion Detection System(IDS) has been an active research area to reduce the risk from intruders. In this paper, the Hybrid Intrusion Detection System(HIDS) based biometric immuntiy collects and filters audit data by misuse detection is innate immune, and anomaly detection is acquirement immune in multi-hosts. Since, collect and detect audit data from one the system in molt-hosts, it is design and implement of the intrusion detection system which has the immuntiy the detection intrusion in one host possibly can detect in multi-hosts and in the method of misuses detection subsequently.

  • PDF

ANNs on Co-occurrence Matrices for Mobile Malware Detection

  • Xiao, Xi;Wang, Zhenlong;Li, Qi;Li, Qing;Jiang, Yong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.7
    • /
    • pp.2736-2754
    • /
    • 2015
  • Android dominates the mobile operating system market, which stimulates the rapid spread of mobile malware. It is quite challenging to detect mobile malware. System call sequence analysis is widely used to identify malware. However, the malware detection accuracy of existing approaches is not satisfactory since they do not consider correlation of system calls in the sequence. In this paper, we propose a new scheme called Artificial Neural Networks (ANNs) on Co-occurrence Matrices Droid (ANNCMDroid), using co-occurrence matrices to mine correlation of system calls. Our key observation is that correlation of system calls is significantly different between malware and benign software, which can be accurately expressed by co-occurrence matrices, and ANNs can effectively identify anomaly in the co-occurrence matrices. Thus at first we calculate co-occurrence matrices from the system call sequences and then convert them into vectors. Finally, these vectors are fed into ANN to detect malware. We demonstrate the effectiveness of ANNCMDroid by real experiments. Experimental results show that only 4 applications among 594 evaluated benign applications are falsely detected as malware, and only 18 applications among 614 evaluated malicious applications are not detected. As a result, ANNCMDroid achieved an F-Score of 0.981878, which is much higher than other methods.

LSTM Model based on Session Management for Network Intrusion Detection (네트워크 침입탐지를 위한 세션관리 기반의 LSTM 모델)

  • Lee, Min-Wook
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.20 no.3
    • /
    • pp.1-7
    • /
    • 2020
  • With the increase in cyber attacks, automated IDS using machine learning is being studied. According to recent research, the IDS using the recursive learning model shows high detection performance. However, the simple application of the recursive model may be difficult to reflect the associated session characteristics, as the overlapping session environment may degrade the performance. In this paper, we designed the session management module and applied it to LSTM (Long Short-Term Memory) recursive model. For the experiment, the CSE-CIC-IDS 2018 dataset is used and increased the normal session ratio to reduce the association of mal-session. The results show that the proposed model is able to maintain high detection performance even in the environment where session relevance is difficult to find.

Anomaly Classification of Railway Point Machine Using Sound Information and DNN (소리정보와 DNN을 이용한 선로전환기의 비정상 상황 분류)

  • Noh, Byeongjoon;Lee, Jonguk;Park, Daihee;Chung, Yonghwa;Kim, Heeyoung;Yoon, SukHan
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2016.10a
    • /
    • pp.611-614
    • /
    • 2016
  • 최근 철도 산업의 비중이 증가함에 따라 열차의 안정적인 주행이 그 어느 때보다 중요한 이슈로 부각되고있다. 특히, 열차의 진로 변경을 위한 핵심 요소인 선로전환기의 결함은 열차의 사고와 직결되는 장비 중 하나로써, 그 이상 여부를 사전에 인지하여 선로전환기의 안정성을 확보하기 위한 유지보수의 지능화 시스템이 필요하다. 본 논문에서는 선로전환기의 작동 시 발생하는 소리정보를 활용하여 선로전환기의 비정상 상황을 분류하는 시스템을 제안한다. 제안하는 시스템은 먼저, 선로전환기의 상황별 소리를 수집하고, 다양한 소리정보를 추출하여 특징 벡터를 생성한다. 다음으로, 딥러닝 모델 중 하나인 DNN(Deep Neural Network)을 이용하여 선로전환기의 비정상 상황을 분류한다. 실제 선로전환기의 전환 시 발생하는 소리 데이터를 기반으로 DNN의 파라미터에 따른 다양한 실험을 수행한 결과, 약 93.10%의 정확도를 갖는 안정적인 DNN 모델을 설계하였다.

Effect of Climate Change on Water Quality in Seonakdong River Experimental Catchment (기후변화에 따른 서낙동강 시험유역에서의 수질영향 분석)

  • Kang, Ji Yoon;Kim, Jung Min;Kim, Young Do;Kang, Boo Sik
    • Journal of Korean Society of Water and Wastewater
    • /
    • v.27 no.2
    • /
    • pp.197-206
    • /
    • 2013
  • Recently, climate change causes climatic anomaly such as global warming, the typhoon and severe rain storm etc. and it brings damage frequently. Climate change and global warming are prevalent all over the world in this century and many researchers including hydrologists have studied on the climate change. In this study, Seonakdong river watershed in the Nakdong river basin was selected as a study area. Real-time monitoring system was used to draw the rating curves, which has 0.78 to 0.96 of $R^2$. To predict runoff change in Seonakdong river watershed caused by climate change, the change in hydrologic runoff were predicted using the watershed model, SWAT. As a result, the runoff from the Seonakdong river watershed was increased by up to 45 % in summer. Because of the non-point sources from the farmland and the urban area, the water quality will be affected by the climate change. In this study, the operating plan of the water gates in Seonakdong river will be suggested by considering the characteristics of the watershed runoff due to the climate change. The optimal watergate opening plan will solve the water pollution problems in the reservoir-like river.

A Study on the Intrusion Detection System's Nodes Scheduling Using Genetic Algorithm in Sensor Networks (센서네트워크에서 유전자 알고리즘을 이용한 침입탐지시스템 노드 스케줄링 연구)

  • Seong, Ki-Taek
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.15 no.10
    • /
    • pp.2171-2180
    • /
    • 2011
  • Security is a significant concern for many sensor network applications. Intrusion detection is one method of defending against attacks. However, standard intrusion detection techniques are not suitable for sensor networks with limited resources. In this paper, propose a new method for selecting and managing the detect nodes in IDS(intrusion detection system) for anomaly detection in sensor networks and the node scheduling technique for maximizing the IDS's lifetime. Using the genetic algorithm, developed the solutions for suggested optimization equation and verify the effectiveness of proposed methods by simulations.

DIntrusion Detection in WSN with an Improved NSA Based on the DE-CMOP

  • Guo, Weipeng;Chen, Yonghong;Cai, Yiqiao;Wang, Tian;Tian, Hui
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.11
    • /
    • pp.5574-5591
    • /
    • 2017
  • Inspired by the idea of Artificial Immune System, many researches of wireless sensor network (WSN) intrusion detection is based on the artificial intelligent system (AIS). However, a large number of generated detectors, black hole, overlap problem of NSA have impeded further used in WSN. In order to improve the anomaly detection performance for WSN, detector generation mechanism need to be improved. Therefore, in this paper, a Differential Evolution Constraint Multi-objective Optimization Problem based Negative Selection Algorithm (DE-CMOP based NSA) is proposed to optimize the distribution and effectiveness of the detector. By combining the constraint handling and multi-objective optimization technique, the algorithm is able to generate the detector set with maximized coverage of non-self space and minimized overlap among detectors. By employing differential evolution, the algorithm can reduce the black hole effectively. The experiment results show that our proposed scheme provides improved NSA algorithm in-terms, the detectors generated by the DE-CMOP based NSA more uniform with less overlap and minimum black hole, thus effectively improves the intrusion detection performance. At the same time, the new algorithm reduces the number of detectors which reduces the complexity of detection phase. Thus, this makes it suitable for intrusion detection in WSN.