• Nuclear Engineering and Technology
• /
• v.52 no.12
• /
• pp.2687-2698
• /
• 2020

Most of the machine learning-based intrusion detection tools developed for Industrial Control Systems (ICS) are trained on network packet captures, and they rely on monitoring network layer traffic alone for intrusion detection. This approach produces weak intrusion detection systems, as ICS cyber-attacks have a real and significant impact on the process variables. A limited number of researchers consider integrating process measurements. However, in complex systems, process variable changes could result from different combinations of abnormal occurrences. This paper examines recent advances in intrusion detection algorithms, their limitations, challenges and the status of their application in critical infrastructures. We also introduce the discussion on the similarities and conflicts observed in the development of machine learning tools and techniques for fault diagnosis and cybersecurity in the protection of complex systems and the need to establish a clear difference between them. As a case study, we discuss special characteristics in nuclear power control systems and the factors that constraint the direct integration of security algorithms. Moreover, we discuss data reliability issues and present references and direct URL to recent open-source data repositories to aid researchers in developing data-driven ICS intrusion detection systems.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.595-604
• /
• 2004

By the help of expansion of computer network and rapid growth of Internet, the information infrastructure is now able to provide a wide range of services. Especially open architecture - the inherent nature of Internet - has not only got in the way of offering QoS service, managing networks, but also made the users vulnerable to both the threat of backing and the issue of information leak. Thus, people recognized the importance of both taking active, prompt and real-time action against intrusion threat, and at the same time, analyzing the similar patterns of in-trusion already known. There are now many researches underway on Intrusion Detection System(IDS). The paper carries research on the in-trusion detection system which hired supervised learning algorithm and Fuzzy membership function especially with Neuro-Fuzzy model in order to improve its performance. It modifies tansigmoid transfer function of Neural Networks into fuzzy membership function, so that it can reduce the uncertainty of anomaly intrusion detection. Finally, the fuzzy logic suggested here has been applied to a network-based anomaly intrusion detection system, tested against intrusion data offered by DARPA 2000 Intrusion Data Sets, and proven that it overcomes the shortcomings that Anomaly Intrusion Detection usually has.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.8
• /
• pp.4021-4037
• /
• 2018

In network intrusion detection research, two characteristics are generally considered vital to building efficient intrusion detection systems (IDSs): an optimal feature selection technique and robust classification schemes. However, the emergence of sophisticated network attacks and the advent of big data concepts in intrusion detection domains require two more significant aspects to be addressed: employing an appropriate big data computing framework and utilizing a contemporary dataset to deal with ongoing advancements. As such, we present a comprehensive approach to building an efficient IDS with the aim of strengthening academic anomaly detection research in real-world operational environments. The proposed system has the following four characteristics: (i) it performs optimal feature selection using information gain and branch-and-bound algorithms; (ii) it employs machine learning techniques for classification, namely, Logistic Regression, Naïve Bayes, and Random Forest; (iii) it introduces bulk synchronous parallel processing to handle the computational requirements of large-scale networks; and (iv) it utilizes a real-time contemporary dataset generated by the Information Security Centre of Excellence at the University of Brunswick (ISCX-UNB) to validate its efficacy. Experimental analysis shows the effectiveness of the proposed framework, which is able to achieve high accuracy, low computational cost, and reduced false alarms.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.680-683
• /
• 2001

As the rapid information communication technique, internet users have been continuously increasing every year, but on the other hand many damages have occurred on the internet because of dysfunction for computer system intrusion. To reduce damages, network and system security mechanism is variously developed by researcher, IDS(Intrusion Detection System) is commercialized to security technique. In this paper we describe for intrusion detection based on network, we design and implement IDS to detect illegal intrusion using misuse detection model. Implemented IDS can detect various intrusion types. When IDS detected illegal intrusion, we implemented for administrator to be possible management and control through mechanisms of alert message transmission, mail transmission, mail at the remote.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.1
• /
• pp.138-140
• /
• 2020

As the IoT is applied to home and industrial networks, data generated by the IoT is being processed at the cloud edge. Intrusion detection function is very important because it can be operated by invading IoT devices through the cloud edge. Data delivered to the edge network in the cloud environment is traffic at the application layer. In order to determine the intrusion of the packet transmitted to the IoT, the intrusion should be detected at the application layer. This paper proposes the intrusion detection function at the application layer excluding normal traffic from IoT intrusion detection function. As the proposed method, we obtained the intrusion detection result by decision tree method and explained the detection result for each feature.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.42-49
• /
• 2021

As cyber attacks become more intelligent, there is difficulty in detecting advanced attacks in various fields such as industry, defense, and medical care. IPS (Intrusion Prevention System), etc., but the need for centralized integrated management of each security system is increasing. In this paper, we collect big data for intrusion detection and build an intrusion detection platform using deep learning and CNN (Convolutional Neural Networks). In this paper, we design an intelligent big data platform that collects data by observing and analyzing user visit logs and linking with big data. We want to collect big data for intrusion detection and build an intrusion detection platform based on CNN model. In this study, we evaluated the performance of the Intrusion Detection System (IDS) using the KDD99 dataset developed by DARPA in 1998, and the actual attack categories were tested with KDD99's DoS, U2R, and R2L using four probing methods.

• Journal of Digital Convergence
• /
• v.15 no.6
• /
• pp.391-398
• /
• 2017

In this paper, we compared the performance of "Network Intrusion Detection System based on attack feature selection using fuzzy control language"[1] and "Intelligent Intrusion Detection System Model for attack classification using RNN"[2]. In this paper, we compare the intrusion detection performance of two techniques using KDD CUP 99 dataset. The KDD 99 dataset contains data sets for training and test data sets that can detect existing intrusions through training. There are also data that can test whether training data and the types of intrusions that are not present in the test data can be detected. We compared two papers showing good intrusion detection performance in training and test data. In the comparative paper, there is a lack of performance to detect intrusions that exist but have no existing intrusion detection capability. Among the attack types, DoS, Probe, and R2L have high detection rate using fuzzy and U2L has a high detection rate using RNN.

• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.43-53
• /
• 2007

Intrusion detection system(IDS) has recently evolved while combining signature-based detection approach with anomaly detection approach. Although signature-based IDS tools have been commonly used by utilizing machine learning algorithms, they only detect network intrusions with already known patterns, Ideal IDS tools should always keep the signature database of your detection system up-to-date. The system needs to generate the signatures to detect new possible attacks while monitoring and analyzing incoming network data. In this paper, we propose a new outlier cluster detection algorithm with density (or influence) function, Our method assumes that an outlier is a kind of cluster with similar instances instead of a single object in the context of network intrusion, Through extensive experiments using KDD 1999 Cup Intrusion Detection dataset. we show that the proposed method outperform the conventional outlier detection method using Euclidean distance function, specially when attacks occurs frequently.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.67-74
• /
• 2022

One type of network security breach is the availability breach, which deprives legitimate users of their right to access services. The Denial of Service (DoS) attack is one way to have this breach, whereas using the Intrusion Detection System (IDS) is the trending way to detect a DoS attack. However, building IDS has two challenges: reducing the false alert and picking up the right dataset to train the IDS model. The survey concluded, in the end, that using a real dataset such as MAWILab or some tools like ID2T that give the researcher the ability to create a custom dataset may enhance the IDS model to handle the network threats, including DoS attacks. In addition to minimizing the rate of the false alert.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.4
• /
• pp.69-75
• /
• 2000

This paper proposes a network intrusion detection model which can detect the insertion and evasion attacks. These attacks can be prevented when some kind of information are available in the network intrusion detection system. We classified these information with three categories and used each category at setup phase and executing Phase. Within the proposed model, all necessary information which are related with networks and operating systems are maintained in the database and created as a table. This table is used during intrusion detection. The overheads of database and table may be simple in this model.