• 한국지능시스템학회:학술대회논문집
• /
• 한국퍼지및지능시스템학회 2003년도 ISIS 2003
• /
• pp.660-663
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

• Journal of information and communication convergence engineering
• /
• 제7권1호
• /
• pp.7-12
• /
• 2009

The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2007년도 춘계학술발표대회
• /
• pp.1093-1095
• /
• 2007

As the networking and data communication technology is making progress, there has been an augmented concern about the security. Intrusion Detection and Prevention Systems have long being providing a reliable layer in the field of Network Security. Intrusion Detection System works on analyzing the traffic and finding a known intrusion or attack pattern in that traffic. But as the new technology provides betterment for the world of the Internet; it also provides new and efficient ways for hacker to intrude in the system. Hence, these patterns on which IDS & IPS work need to be updated. For detecting the power and knowledge of attackers we sometimes make use of Honey-pots. In this paper, we propose a Honey-pot architecture that automatically updates the Intrusion's Signature Knowledge Base of the IDS in a Network.

• 한국전자통신학회논문지
• /
• 제16권2호
• /
• pp.363-370
• /
• 2021

외곽 침입감지 시스템은 물리 보안에 있어서 중요한 비중을 차지하고 있다. 본 연구에서는 외곽 침입감지를 위해 IoT 환경에서 적용할 수 있는 MEMS 센서를 활용한 초소형 스마트 디바이스를 개발하고 그 성능을 평가하였다. 본 연구에서 개발한 스마트 디바이스를 적용한 외곽 침입감지 시스템은 다양한 재질, 형태의 철조망이 도심, 바닷가, 산속 등 다양한 설치환경에 설치되어 외부의 침입과 그 위치를 감지할 수 있을 뿐 아니라, 오경보율과 구축비용 등을 최소화할 수 있는 스마트 센서로 국가 및 민간 주요 시설의 외각 침입 감지 위해 활용될 수 있을 것으로 기대한다.

• 한국지능시스템학회논문지
• /
• 제13권4호
• /
• pp.491-498
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using FCM(Fuzzy Cognitive Maps) that can detect intrusion by the DoS attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The SPuF(Syn flooding Preventer using Fussy cognitive maps) model captures and analyzes the packet informations to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance comparison, the "KDD′99 Competition Data Set" made by MIT Lincoln Labs was used. The result of simulating the "KDD′99 Competition Data Set" in the SPuF model shows that the probe detection rates were over 97 percentages.

• Journal of Information Processing Systems
• /
• 제12권3호
• /
• pp.489-501
• /
• 2016

As interest in the Internet increases, related technologies are also quickly progressing. As smart devices become more widely used, interest is growing in words are missing here like "improving the" or "figuring out how to use the" future Internet to resolve the fundamental issues of transmission quality and security. The future Internet is being studied to improve the limits of existing Internet structures and to reflect new requirements. In particular, research on words are missing here like "finding new forms of" or "applying new forms of" or "studying various types of" or "finding ways to provide more" reliable communication to connect the Internet to various services is in demand. In this paper, we analyze the security threats caused by malicious activities in the future Internet and propose a human behavior analysis-based security service model for malware detection and intrusion prevention to provide more reliable communication. Our proposed service model provides high reliability services by responding to security threats by detecting various malware intrusions and protocol authentications based on human behavior.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2013년도 추계학술대회
• /
• pp.666-668
• /
• 2013

모바일 기기의 활성화로 인해 무선 네트워크 환경이 확산되고, 이로 인해 무선 네트워크를 악용하는 사례도 증가했다. 네트워크 보안 및 침입 탐지는 기존 유선뿐만 아니라 무선에도 주목 받고 있으며, 활발하게 연구가 진행되고 있다. Snort 기반의 침입 탐지 시스템(Intrusion Detection System)은 기존 유선 네트워크에서 악의적인 활동 탐지를 위해 널리 사용되고 있는 검증된 오픈 소스 시스템이며, Snort Wireless는 802.11 무선 탐지 기능을 활성화하기 위해 개발되었다. 본 논문에서는 Snort Wireless Rule을 분석하고, 향후 연구 진행방향을 제시한다.

• 정보보호학회논문지
• /
• 제21권4호
• /
• pp.39-46
• /
• 2011

본 논문은 다양한 네트워크 보안장비들이 갖는 고유의 보안정책들을 하나의 시스템 내에 단일 알고리즘으로 구현함으로써 네트워크를 기반으로 하는 공격 발생 시 최적의 통합 보안정책에 대한 연구이다. 실험을 위한 정책들은 Firewall, VPN(Virtual Private Network), IDS(Intrusion Detection System), IPS(Intrusion Prevention System)가 갖는 고유의 방어정책을 상호 조합하는 과정을 통해 최적의 보안 시스템을 구현하기 위한 실험을 한다. 또한, 보안정책 설정에 따른 시스템 부하와 빠른 탐지, 신속하고 효율적인 방어를 위한 통합 메커니즘 설계 및 네트워크 인프라 구현 기반을 확보하는데 의의가 있다.

• 융합보안논문지
• /
• 제4권2호
• /
• pp.1-7
• /
• 2004

정보통신망의 빠른 발달과 이로 인한 인터넷 사용의 급증으로 인하여 해킹, 바이러스 등의 정보통신 역기능 또한 빠르게 발전하고 있다 이를 방지하기 위해 F/W, IDS, VPN 등의 보안 제품이 많이 사용되고 있다. 그러나, 1.25 인터넷 대란에서 알 수 있듯이 현 상황은 관리자가 보안 제품들에서 발생하는 경고 메시지를 확인하고 해당 내용을 대응할 수 없을 정도로 빠른 시간에 확산된다. 따라서, IDS와 더불어 자동 대응 기능을 갖추고 있는 침입방지시스템(IPS)이 절실히 요구되어지고 있고, 널리 사용되어지고 있다. 본 논문에서는 linux 운영 체제 환경에서의 공개된 도구인 snort와 iptables를 이용하여 시스템 구축 비용이 최소화될 수 있는 방향으로 설계되었다. 또한, snort에서 발생시킨 경보 메시지를 iptables와 연계하여 자동 대응을 수행하도록 구성되었으며, 이를 통하여 관리자 개입을 최소화하고 해킹사고에 대한 피해를 최소화 할 수 있도록 제안되었다.

• 한국시뮬레이션학회논문지
• /
• 제10권1호
• /
• pp.83-92
• /
• 2001

For the prevention of the network intrusion from damaging the system, both IDS (Intrusion Detection System) and Firewall are frequently applied. The collaboration of IDS and Firewall efficiently protects the network because of making up for the weak points in the each demerit. A model has been constructed based on the DEVS (Discrete Event system Specification) formalism for the simulation of the system that consists of IDS and Firewall. With this model we can simulation whether the intrusion detection, which is a core function of IDS, is effectively done under various different conditions. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network where the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. If an agent detects intrusions, it transfers attacker's information to a Firewall. Using this mechanism attacker's packets detected by IDS can be prevented from damaging the network.