• Journal of the Korea Society for Simulation
• /
• v.13 no.1
• /
• pp.51-63
• /
• 2004

Current distributed systems are attacked from the outside as well as in which new intrusions are occurred. In particular there is a growing but largely unnoticed intrusion threat due to the emerging middleware technologies such as CORBA, WAP, XML support, and enterprise application integrators. In order to cope with these attacks, intrusion tolerance technology is introduced. Intrusion tolerance technology means that it can provide services normally although attacks are occurred into system. There are intrusion tolerance architectures such as ITUA, HACQIT, SITAR, and so on as a part of DARPA project. In this paper, we analyze and discuss existing intrusion tolerance architectures with respect to intrusion tolerance technology. Also, we extract intrusion tolerant requirements, which are required to develop ,intrusion tolerant system. We propose UML-IT(Intrusion Tolerance) profiles and specify intrusion tolerant software by applying UML-IT profiles.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.5
• /
• pp.149-156
• /
• 2019

The existing subtract image based intrusion detection system for CCTV digital images has a problem that it can not distinguish intruders from moving backgrounds that exist in the natural environment. In this paper, we tried to solve the problems of existing system by designing real - time intrusion detection system for CCTV digital image by combining subtract image based intrusion detection method and background learning artificial neural network technology. Our proposed system consists of three steps: subtract image based intrusion detection, background artificial neural network learning stage, and background artificial neural network evaluation stage. The final intrusion detection result is a combination of result of the subtract image based intrusion detection and the final intrusion detection result of the background artificial neural network. The step of subtract image based intrusion detection is a step of determining the occurrence of intrusion by obtaining a difference image between the background cumulative average image and the current frame image. In the background artificial neural network learning, the background is learned in a situation in which no intrusion occurs, and it is learned by dividing into a detection window unit set by the user. In the background artificial neural network evaluation, the learned background artificial neural network is used to produce background recognition or intrusion detection in the detection window unit. The proposed background learning intrusion detection system is able to detect intrusion more precisely than existing subtract image based intrusion detection system and adaptively execute machine learning on the background so that it can be operated as highly practical intrusion detection system.

• Smart Media Journal
• /
• v.8 no.3
• /
• pp.17-22
• /
• 2019

Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires considerable knowledge of various fields. Attackers may modify previous attempts to escape intrusion detection rules. In this paper, we deal with the problem of detecting modified attacks based on previous intrusion detection rules. We show a simple method of reporting approximate occurrences of at least one of the network intrusion detection rules, based on q-grams and the longest increasing subsequences. Experimental results showed that our approach could detect modified attacks, modeled with edit operations.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.11 no.6
• /
• pp.619-626
• /
• 2016

Intrusion detection model detects a intrusion when intrusion behaviour occurred. The model analyzes a variety of intrusion pattern and supports a modeling method to represent for a intrusion pattern efficiently. Particularly, the model defines classes of intrusion pattern and supports modeling method that detects a network level intrusion through multiple hosts for multiple intrusions. In this paper, proposes a multiple intrusion detection model that support a verification method for intrusion detection systems and verifies a safeness of proposed model and compares with other models.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.1
• /
• pp.81-87
• /
• 2012

Intrusion Detection System that protects system safely is necessary as network technology is developed rapidly and application division is wide. Intrusion Detection System among others can construct system without participation of other severs. But it has weakness that big load in system happens and it has low efficient because every traffics are inspected in case that mass traffic happen. In this study, Distributed Intrusion Detection System based on protocol is proposed to reduce traffic of intrusion detection system and provide stabilized intrusion detection technique even though mass traffic happen. It also copes to attack actively by providing automatic update of using rules to detect intrusion in sub Intrusion Detection System.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.5
• /
• pp.1332-1341
• /
• 1999

Rapid expansion of network and increment of computer system access cause computer security to be an important issue. Hence, the researches in intrusion detection system(IDS)are active to reduce the risk from hackers. Considering IDS, we propose a new IDS model(DABIDS : Distributed Agent Based Intelligent intrusion Detection System) based on distributed intrusion detecting agents. The DABIDS dynamically collects intrusion behavior knowledge from each agents when some doubtable behaviors of users are detected and make new agents codes using intrusion scenario data base, and broadcast the detector codes to the distributed intrusion detecting agent of all node. This DABIDS can efficiently solve the problem to reduce the overhead for training detecting agent for intrusion behavior patterns.

• Journal of Internet Computing and Services
• /
• v.5 no.2
• /
• pp.57-67
• /
• 2004

In this paper we present the architecture of intrusion detection system that enhances the performance of system and the correctness of intrusion detection. A network intrusion is usually composed of several steps of action taken by the attackers. Each action in the steps can be characterized by its signature. But normal and non-intrusive action can also include the same signature, It can result in incorrect detection. The presented system uses the correlation of series of signatures that consist of an intrusion. So Its decision on an intrusion is highly reliable. And variations of known intrusions can easily be detected without any knowledge of the variations.

• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.622-627
• /
• 2022

This paper proposes an intrusion detection system for in-vehicle network to improve detection performance considering attack counts and attack types. In intrusion detection system, both FNR (False Negative Rate), where intrusion frame is misjudged as normal frame, and FPR (False Positive Rate), where normal frame is misjudged as intrusion frame, seriously affect vechicle safety. This paper proposes a novel intrusion detection algorithm to improve both FNR and FPR, where data frame previously detected as intrusion above certain attack counts is automatically detected as intrusion and the automatic intrusion detection method is adaptively applied according to attack types. From the simulation results, the propsoed method effectively improve both FNR and FPR in DoS(Denial of Service) attack and spoofing attack.

• The Journal of Information Systems
• /
• v.15 no.4
• /
• pp.211-224
• /
• 2006

This study investigates the application of data mining techniques such as artificial neural networks, rough sets, and induction teaming to the intrusion detection systems. To maximize the effectiveness of data mining for intrusion detection systems, we introduced the asymmetric costs with false positive errors and false negative errors. And we present a method for intrusion detection systems to utilize the asymmetric costs of errors in data mining. The results of our empirical experiment show our intrusion detection model provides high accuracy in intrusion detection. In addition the approach using the asymmetric costs of errors in rough sets and neural networks is effective according to the change of threshold value. We found the threshold has most important role of intrusion detection model for decreasing the costs, which result from false negative errors.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.9-13
• /
• 2005

Computer security has become a critical issue with the rapid development of business and other transaction systems over the Internet. The application of artificial intelligence, machine learning and data mining techniques to intrusion detection systems has been increasing recently. But most research is focused on improving the classification performance of a classifier. Selecting important features from input data leads to simplification of the problem, and faster and more accurate detection rates. Thus selecting important features is an important issue in intrusion detection. Another issue in intrusion detection is that most of the intrusion detection systems are performed by off-line and it is not a suitable method for a real-time intrusion detection system. In this paper, we develop the real-time intrusion detection system, which combines an on-line feature extraction method with the Least Squares Support Vector Machine classifier. Applying the proposed system to KDD CUP 99 data, experimental results show that it has a remarkable feature extraction and classification performance compared to existing off-line intrusion detection systems.