• Title, Summary, Keyword: Intrusion detection system

Search Result 664, Processing Time 0.039 seconds

Design Of Intrusion Detection System Using Background Machine Learning

  • Kim, Hyung-Hoon;Cho, Jeong-Ran
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.5
    • /
    • pp.149-156
    • /
    • 2019
  • The existing subtract image based intrusion detection system for CCTV digital images has a problem that it can not distinguish intruders from moving backgrounds that exist in the natural environment. In this paper, we tried to solve the problems of existing system by designing real - time intrusion detection system for CCTV digital image by combining subtract image based intrusion detection method and background learning artificial neural network technology. Our proposed system consists of three steps: subtract image based intrusion detection, background artificial neural network learning stage, and background artificial neural network evaluation stage. The final intrusion detection result is a combination of result of the subtract image based intrusion detection and the final intrusion detection result of the background artificial neural network. The step of subtract image based intrusion detection is a step of determining the occurrence of intrusion by obtaining a difference image between the background cumulative average image and the current frame image. In the background artificial neural network learning, the background is learned in a situation in which no intrusion occurs, and it is learned by dividing into a detection window unit set by the user. In the background artificial neural network evaluation, the learned background artificial neural network is used to produce background recognition or intrusion detection in the detection window unit. The proposed background learning intrusion detection system is able to detect intrusion more precisely than existing subtract image based intrusion detection system and adaptively execute machine learning on the background so that it can be operated as highly practical intrusion detection system.

Robust Real-time Intrusion Detection System

  • Kim, Byung-Joo;Kim, Il-Kon
    • Journal of Information Processing Systems
    • /
    • v.1 no.1
    • /
    • pp.9-13
    • /
    • 2005
  • Computer security has become a critical issue with the rapid development of business and other transaction systems over the Internet. The application of artificial intelligence, machine learning and data mining techniques to intrusion detection systems has been increasing recently. But most research is focused on improving the classification performance of a classifier. Selecting important features from input data leads to simplification of the problem, and faster and more accurate detection rates. Thus selecting important features is an important issue in intrusion detection. Another issue in intrusion detection is that most of the intrusion detection systems are performed by off-line and it is not a suitable method for a real-time intrusion detection system. In this paper, we develop the real-time intrusion detection system, which combines an on-line feature extraction method with the Least Squares Support Vector Machine classifier. Applying the proposed system to KDD CUP 99 data, experimental results show that it has a remarkable feature extraction and classification performance compared to existing off-line intrusion detection systems.

The Design of Integrated Intrusion Detection System in Large Networks (대규모 네트워크를 위한 통합 침입탐지시스템 설계)

  • 정연서
    • Journal of the Korea Computer Industry Society
    • /
    • v.3 no.7
    • /
    • pp.953-956
    • /
    • 2002
  • The threat to the network is increasing due to explosive increasing use of the Internet. Current IDS(Intrusion Detection System) detects intrusion and does individual response in small area network. It is important that construction of infra to do response in all system environment through sharing information between different network domains. This paper provides a policy-based IDS management architecture enabling management of intrusion detection systems. The IIDS(Integrated Intrusion Detection System) is composed of IDAs(Intrusion Detection Agents). We describe requirements in design and the elements of function.

  • PDF

Design of Security Policy-based Intrusion Detection System Model (보안정책 기반 침입탐지 시스템 모델 설계)

  • Kim, Kang;Jeon, Jong-Sik
    • Journal of the Korea Society of Computer and Information
    • /
    • v.8 no.4
    • /
    • pp.81-86
    • /
    • 2003
  • Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of the use of internet. Therefore, Intrusion Detection System has been an active research area to reduce the risk from intruders. Especially, The paper proposes a new Security Policy-based Intrusion Detection System Model, which consists of several computer with Intrusion Detection System, based on Intrusion Detection System and describes design of the Security Policy-based Intrusion Detection System model and prototype implementation of it. The Security Policy-based Intrusion Detection Systems are distributed and if any of distributed Security Policy- based Intrusion Detection Systems detect anomaly system call among system call sequences generated by a privilege process, the anomaly system call can be dynamically shared with Security Policy-based Intrusion Detection Systems, This makes the Security Policy - based Intrusion Detection Systems improve the ability of countermeasures for new intruders.

  • PDF

An Application of Blackboard Architecture for the Coordination among the Security Systems (보안 모델의 연동을 위한 블랙보드구조의 적용)

  • 서희석;조대호
    • Journal of the Korea Society for Simulation
    • /
    • v.11 no.4
    • /
    • pp.91-105
    • /
    • 2002
  • The attackers on Internet-connected systems we are seeing today are more serious and technically complex than those in the past. So it is beyond the scope of amy one system to deal with the intrusions. That the multiple IDSes (Intrusion Detection System) coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (BlackBoard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (BlackBoard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete EVent system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses these detection information.

  • PDF

Quality Evaluation Model for Intrusion Detection System based on Security and Performance (보안성과 성능에 따른 침입탐지시스템의 품질평가 모델)

  • Lee, Ha-Young;Yang, Hae-Sool
    • Journal of Digital Convergence
    • /
    • v.12 no.6
    • /
    • pp.289-295
    • /
    • 2014
  • Intrusion detection system is a means of security that detects abnormal use and illegal intension in advance in real time and reenforce the security of enterprises. Performance of intrusion detection system is judged by information collection, intrusion analysis, intrusion response, review and protection of intrusion detection result, reaction, loss protection that belong to the area of intrusion detection. In this paper, we developed a evaluation model based on the requirements of intrusion detection system and ISO international standard about software product evaluation.

Intrusion Detection System Using the Correlation of Intrusion Signature (침입신호 상관성을 이용한 침입 탐지 시스템)

  • Na Guen-Sik
    • Journal of Internet Computing and Services
    • /
    • v.5 no.2
    • /
    • pp.57-67
    • /
    • 2004
  • In this paper we present the architecture of intrusion detection system that enhances the performance of system and the correctness of intrusion detection. A network intrusion is usually composed of several steps of action taken by the attackers. Each action in the steps can be characterized by its signature. But normal and non-intrusive action can also include the same signature, It can result in incorrect detection. The presented system uses the correlation of series of signatures that consist of an intrusion. So Its decision on an intrusion is highly reliable. And variations of known intrusions can easily be detected without any knowledge of the variations.

  • PDF

Coordination among the Security Systems using the Blackboard Architecture (블랙보드구조를 활용한 보안 모델의 연동)

  • 서희석;조대호
    • Journal of Institute of Control, Robotics and Systems
    • /
    • v.9 no.4
    • /
    • pp.310-319
    • /
    • 2003
  • As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.

Mining Regular Expression Rules based on q-grams

  • Lee, Inbok
    • Smart Media Journal
    • /
    • v.8 no.3
    • /
    • pp.17-22
    • /
    • 2019
  • Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires considerable knowledge of various fields. Attackers may modify previous attempts to escape intrusion detection rules. In this paper, we deal with the problem of detecting modified attacks based on previous intrusion detection rules. We show a simple method of reporting approximate occurrences of at least one of the network intrusion detection rules, based on q-grams and the longest increasing subsequences. Experimental results showed that our approach could detect modified attacks, modeled with edit operations.

A Study for Feature Selection in the Intrusion Detection System (침입탐지시스템에서의 특징 선택에 대한 연구)

  • Han, Myung-Mook
    • Convergence Security Journal
    • /
    • v.6 no.3
    • /
    • pp.87-95
    • /
    • 2006
  • An intrusion can be defined as any set of actors that attempt to compromise the integrity, confidentiality and availability of computer resource and destroy the security policy of computer system. The Intrusion Detection System that detects the intrusion consists of data collection, data reduction, analysis and detection, and report and response. It is important for feature selection to detect the intrusion efficiently after collecting the large set of data of Intrusion Detection System. In this paper, the feature selection method using Genetic Algorithm and Decision Tree is proposed. Also the method is verified by the simulation with KDD data.

  • PDF