• 제목/요약/키워드: network intrusion detection

검색결과 567건 처리시간 0.023초

윈도우즈 커널 기반 침입탐지시스템의 탐지 성능 개선 (An Improved Detection Performance for the Intrusion Detection System based on Windows Kernel)

  • 김의탁;류근호
    • 디지털콘텐츠학회 논문지
    • /
    • 제19권4호
    • /
    • pp.711-717
    • /
    • 2018
  • 컴퓨터와 네트워크의 비약적인 발전은 다양한 정보 교환을 쉽게 하였다. 하지만, 그와 동시에 다양한 위험 요소를 발생시켜 악의적 목적을 가진 사용자와 그룹은 취약한 시스템을 대상으로 공격을 하고 있다. 침입탐지시스템은 네트워크 패킷 분석을 통해 악의적인 행위를 탐지한다. 하지만, 많은 양의 패킷을 짧은 시간 내에 처리해야 하는 부담이 있다. 따라서, 이 문제를 해결하기 위하여 우리는 User Level에서 동작하는 네트워크 침입탐지시스템의 탐지 성능 향상을 위해 Kernel Level에서 동작하는 시스템을 제안한다. 실제로, kernel level에서 동작하는 네트워크 침입탐지시스템을 구현함으로써 패킷 분석 및 탐지 성능을 향상함을 확인하였다.

무선네트워크 상에서의 침입탐지 에이전트 설계 (Intrusion detection agents on the wireless network design)

  • 윤동식
    • 융합보안논문지
    • /
    • 제13권1호
    • /
    • pp.59-70
    • /
    • 2013
  • 무선 네트워크(Wireless Network) 기술의 급속한 발전과 함께, 안전한 무선 통신을 위한 보안문제가 중요한 이슈로 대두되고 있다. 무선 네트워크에서 침입탐지 시스템을 운영하기 위해서는 탐지 에이전트가 각 무선 노드에 설치되어야 한다. Ad-hoc 네트워크 구조는 무선 네트워크상에서 AP가 없이 흩어져 있는 노드들에게 통신이 가능하도록 연결시키는 구조이다. 침입탐지 에이전트를 노드에 설치 할 경우 이에 해당하는 에너지 소모가 발생하여 생존기간이 줄어들게 된다. 또한 침입탐지 효과의 증대를 위해서는 많은 트래픽을 감시할 수 있는 노드에 침입탐지 에이전트가 배치되어야 한다. 따라서 본 논문에서는 Ad-hoc구조를 활용하여 무선 네트워크에서 네트워크의 생존기간을 최대로 하면서 침입탐지의 효과성을 동시에 고려한 침입탐지 에이전트 설치를 위한 방안을 제안하고자 한다. 또한 각 네트워크상에서 데이터 집계 시스템을 설계하여 데이터 중복을 줄이고 네트워크 에너지 소모량을 줄여 네트워크의 부하를 줄여 시스템 성능을 향상 시키고자한다.

모바일 에드혹네트워크를 위한 효과적인 침입 탐지 시스템 (An Effective Intrusion Detection System for MobileAdHocNetwork)

  • ;박규진;박광채;최동유;한승조
    • 한국정보통신학회:학술대회논문집
    • /
    • 한국해양정보통신학회 2008년도 춘계종합학술대회 A
    • /
    • pp.271-276
    • /
    • 2008
  • The intrusion detection system is one of the active fields of research in wireless networks. Intrusion detection in wireless mobile Ad hoc network is challenging because the network topologies is dynamic, lack centralization and are vulnerable to attacks. This paper is about the effective enhancement of the IDS technique that is being implemented in the mobile ad hoc network and deals with security and vulnerabilities issues which results in the better performance and detection of the intrusion.

  • PDF

Mining Regular Expression Rules based on q-grams

  • Lee, Inbok
    • 스마트미디어저널
    • /
    • 제8권3호
    • /
    • pp.17-22
    • /
    • 2019
  • Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires considerable knowledge of various fields. Attackers may modify previous attempts to escape intrusion detection rules. In this paper, we deal with the problem of detecting modified attacks based on previous intrusion detection rules. We show a simple method of reporting approximate occurrences of at least one of the network intrusion detection rules, based on q-grams and the longest increasing subsequences. Experimental results showed that our approach could detect modified attacks, modeled with edit operations.

인간 면역 체계를 이용한 네트워크 탐지기술 연구 (A Study on Network detection technique using Human Immune System)

  • 김정원;;정길호;최종욱
    • 한국데이타베이스학회:학술대회논문집
    • /
    • 한국데이타베이스학회 1999년도 춘계공동학술대회: 지식경영과 지식공학
    • /
    • pp.307-313
    • /
    • 1999
  • This paper reviews and assesses the analogy between the human immune system and network intrusion detection systems. The promising results from a growing number of proposed computer immune models for intrusion detection motivate this work. The paper begins by briefly introducing existing intrusion detection systems (IDS's). A set of general requirements for network-based IDS's and the design goals to satisfy these requirements are identified by a careful examination of the literature. An overview of the human immune system is presented and its salient features that can contribute to the design of competent network-based IDS's are analysed. The analysis shows that the coordinated actions of several sophisticated mechanisms of the human immune system satisfy all the identified design goals. Consequently, the paper concludes that the design of a novel network-based IDS based on the human immune system is promising for future network-based IDS's

  • PDF

인간 면역 체계를 이용한 네트워크 탐지기술 연구 (A Study on Network detection technique using Human Immune System)

  • 김정원;;정길호;최종욱
    • 한국지능정보시스템학회:학술대회논문집
    • /
    • 한국지능정보시스템학회 1999년도 춘계공동학술대회-지식경영과 지식공학
    • /
    • pp.307-313
    • /
    • 1999
  • This paper reviews and assesses the analogy between the human immune system and network intrusion detection systems. The promising results from a growing number of proposed computer immune models for intrusion detection motivate this work. The paper begins by briefly introducing existing intrusion detection systems (IDS's). A set of general requirements for network-based IDS's and the design goals to satisfy these requirements are identified by a careful examination of the literature. An overview of the human immune system is presented and its salient features that can contribute to the design of competent network-based IDS's are analysed. The analysis shows that the coordinated actions of several sophisticated mechanisms of the human immune system satisfy all the identified design goals. Consequently, the paper concludes that the design of a network-based IDS based on the human immune system is promising for future network-based IDS's

  • PDF

MANET에서 규칙을 기반으로 한 계층형 침입 탐지에 관한 연구 (The Study of Hierarchical Intrusion Detection Based on Rules for MANET)

  • 정혜원
    • 디지털산업정보학회논문지
    • /
    • 제6권4호
    • /
    • pp.153-160
    • /
    • 2010
  • MANET composed mobile nodes without central concentration control like base station communicate through multi-hop route among nodes. Accordingly, it is hard to maintain stability of network because topology of network change at any time owing to movement of mobile nodes. MANET has security problems because of node mobility and needs intrusion detection system that can detect attack of malicious nodes. Therefore, system is protected from malicious attack of intruder in this environment and it has to correspond to attack immediately. In this paper, we propose intrusion detection system based on rules in order to more accurate intrusion detection. Cluster head perform role of monitor node to raise monitor efficiency of packet. In order to evaluate performance of proposed method, we used jamming attack, selective forwarding attack, repetition attack.

Anomaly-Based Network Intrusion Detection: An Approach Using Ensemble-Based Machine Learning Algorithm

  • Kashif Gul Chachar;Syed Nadeem Ahsan
    • International Journal of Computer Science & Network Security
    • /
    • 제24권1호
    • /
    • pp.107-118
    • /
    • 2024
  • With the seamless growth of the technology, network usage requirements are expanding day by day. The majority of electronic devices are capable of communication, which strongly requires a secure and reliable network. Network-based intrusion detection systems (NIDS) is a new method for preventing and alerting computers and networks from attacks. Machine Learning is an emerging field that provides a variety of ways to implement effective network intrusion detection systems (NIDS). Bagging and Boosting are two ensemble ML techniques, renowned for better performance in the learning and classification process. In this paper, the study provides a detailed literature review of the past work done and proposed a novel ensemble approach to develop a NIDS system based on the voting method using bagging and boosting ensemble techniques. The test results demonstrate that the ensemble of bagging and boosting through voting exhibits the highest classification accuracy of 99.98% and a minimum false positive rate (FPR) on both datasets. Although the model building time is average which can be a tradeoff by processor speed.

모바일 Ad Hoc 네트워크를 위한 안전한 침입 탐지 시스템 (A Secure Intrusion Detection System for Mobile Ad Hoc Network)

  • ;이상덕;최동유;한승조;이성주
    • 한국정보통신학회논문지
    • /
    • 제13권1호
    • /
    • pp.87-94
    • /
    • 2009
  • 침입 탐지 시스템은 무선 네트워크에서 활발한 연구 분야중의 하나이다. 네트워크 토폴로지 가 있기 때문에 무선 모바일 Ad-hoc 네트워크의 침입 탐지는 동적과 집중화 부족의 공격을 받기 쉽다. 참가하고 있는 노드가 앞의 보안연합을 가지고 있지 않고 열려 있는 Ad-hoc 네트워크의 악의적인 노드의 탐지는 이 논문에서 묘사하는 숫자에 직면한다. 이 논문이 모바일 Ad-hoc 네트워크의 중요한 조건에서 악의적인 노드를 결정하는 것에 대해 있고 보안과 더 좋은 실행과 침입의 탐지로 끝나는 취약점 이슈를 다룬다.

Deep Packet Inspection for Intrusion Detection Systems: A Survey

  • AbuHmed, Tamer;Mohaisen, Abedelaziz;Nyang, Dae-Hun
    • 정보와 통신
    • /
    • 제24권11호
    • /
    • pp.25-36
    • /
    • 2007
  • Deep packet inspection is widely recognized as a powerful way which is used for intrusion detection systems for inspecting, deterring and deflecting malicious attacks over the network. Fundamentally, almost intrusion detection systems have the ability to search through packets and identify contents that match with known attach. In this paper we survey the deep packet inspection implementations techniques, research challenges and algorithm. Finally, we provide a comparison between the different applied system.