• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.3
• /
• pp.1722-1741
• /
• 2017

Intrusion detection techniques based on virtual machine introspection (VMI) provide high temper-resistance in comparison with traditional in-host anti-virus tools. However, the presence of semantic gap also leads to the performance and compatibility problems. In order to map raw bits of hardware to meaningful information of virtual machine, detailed knowledge of different guest OS is required. In this work, we present VDSM, a lightweight and general approach based on driver separation mechanism: divide semantic view reconstruction into online driver of view generation and offline driver of semantics extraction. We have developed a prototype of VDSM and used it to do intrusion detection on 13 operation systems. The evaluation results show VDSM is effective and practical with a small performance overhead.

• Journal of IKEEE
• /
• v.27 no.4
• /
• pp.524-530
• /
• 2023

This paper proposes an efficient algorithm to detect CAN (Controller Area Network) bus attack based on a lightweight CNN (Convolutional Neural Network), and an IDS(Intrusion Detection System) was designed, implemented, and verified with FPGA. Compared to conventional CNN-based IDS, the proposed IDS detects CAN bus attack on a frame-by-frame basis, enabling accurate and rapid response. Furthermore, the proposed IDS can significantly reduce hardware since it exploits only one convolutional layer, compared to conventional CNN-based IDS. Simulation and implementation results show that the proposed IDS effectively detects various attacks on the CAN bus.

• Journal of IKEEE
• /
• v.27 no.4
• /
• pp.531-536
• /
• 2023

This paper proposes a sliding window method with frame feature insertion for immediate attack detection on in-vehicle networks. This method guarantees real-time attack detection by labeling based on the attack status of the current frame. Experiments show that the proposed method improves detection performance by giving more weight to the current frame in CNN computation. The proposed model was designed based on a lightweight LeNet-5 architecture and it achieves 100% detection for DoS attacks. Additionally, by comparing the complexity with conventional models, the proposed model has been proven to be more suitable for resource-constrained devices like ECUs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.41-56
• /
• 2007

In this paper, we propose a specification-based intrusion detection system for WIPI(Wireless Internet Platform for Interoperability). In proposing the system, we focused on providing lightweight code, supporting multiple languages and hardware independence. The proposed system is based on an algorithm which detects an intrusion to main API of WIPI-HAL(Handset Adaptation Layer) and defines the prototype of mIDS(mobile IDS) API group that it can be added on the HAL. Moreover, we prove apply possibility through a WIPI emulator using java library.

• Review of Korea Contents Association
• /
• v.14 no.1
• /
• pp.38-43
• /
• 2016

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06a
• /
• pp.134-137
• /
• 2008

A novel Intrusion Detection and Response System (IDRS) for IP based Ubiquitous Sensor Networks (IP-USN) is proposed. According to the best of our knowledge this is the first security framework for any kind of IP based sensor devices. The proposed scheme is fast, lightweight in terms of computation and memory, which make it appropriate for resource constrained sensor devices.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.12
• /
• pp.3904-3922
• /
• 2022

As a research hotspot, pedestrian detection has a wide range of applications in the field of computer vision in recent years. However, current pedestrian detection methods have problems such as insufficient detection accuracy and large models that are not suitable for large-scale deployment. In view of these problems mentioned above, a lightweight pedestrian detection and early warning method using a new model called you only look once (Yolov5) is proposed in this paper, which utilizing advantages of Yolov5s model to achieve accurate and fast pedestrian recognition. In addition, this paper also optimizes the loss function of the batch normalization (BN) layer. After sparsification, pruning and fine-tuning, got a lot of optimization, the size of the model on the edge of the computing power is lower equipment can be deployed. Finally, from the experimental data presented in this paper, under the training of the road pedestrian dataset that we collected and processed independently, the Yolov5s model has certain advantages in terms of precision and other indicators compared with traditional single shot multiBox detector (SSD) model and fast region-convolutional neural network (Fast R-CNN) model. After pruning and lightweight, the size of training model is greatly reduced without a significant reduction in accuracy, and the final precision reaches 87%, while the model size is reduced to 7,723 KB.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.1-7
• /
• 2016

As new information and communication technologies evolve, security threats are also becoming increasingly intelligent and advanced. In this paper, we analyze the time series data continuously entered through a series of periods from the network device or lightweight IoT (Internet of Things) devices by using the statistical technique and propose a system to detect abnormal behaviors of the device or abnormality based on the analysis results. The proposed system performs the first level abnormal detection by using previously entered data set, thereafter performs the second level anomaly detection according to the trust bound configured by using stored time series data based on time attribute or group attribute. Multi-level analysis is able to improve reliability and to reduce false positives as well through a variety of decision data set.

• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.13-20
• /
• 2009

Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.269-272
• /
• 2006

최근 들어, 유비쿼터스 홈네트워크에 대한 관심이 높아지고 있지만, 기능 구현에 초점을 맞추고 있다. 이러한 홈네트워크는 단일 서비스가 아닌 다양한 서비스 집합으로서의 성격이 강하므로 세분화된 보안 요구사항과 제한된 자원에서의 원활한 서비스를 위해 시스템 경량화는 필수적 요소이다. 이에 본 논문에서는 유비쿼터스 홈네트워크 환경에서 요구하는 보안성 및 경량화를 고려한 새로운 침입탐지 모델을 제안한다.