시그니처 기반 모델과 흐름 기반 모델의 상호 보완을 통한 지능형 침입 탐지 및 방지 시스템

Vol. 34, No. 6, pp. 1501-1516, 12월. 2024
10.13089/JKIISC.2024.34.6.1501, Full Text:
Keywords: Network Security, IDS/IPS, Random Forest, Anomaly Detection
Abstract

As network usage has increased, the frequency and sophistication of cyber-attacks through networks have also increased. Although security devices exist to mitigate these attacks, they generally rely on static rules, which limits their flexibility in responding to attacks beyond predefined rules. To address this issue, this paper proposes an intelligent intrusion detection and prevention system by complementing signature-based and flow-based models. Leveraging Random Forest and TranAD, our system analyzes individual packets and their sequential flows to identify both known and unknown attacks. Additionally, the system automatically updates packet filtering rules based on the detection results, allowing for immediate responses to attacks. Experiments with the system prototype demonstrates high accuracy ,showing its potential as a next-generation security solution.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
문성수, 박태준, 김수연, 나유경, "Intelligent Intrusion Detection and Prevention System byComplementing Signature-Based and Flow-Based Models," Journal of The Korea Institute of Information Security and Cryptology, vol. 34, no. 6, pp. 1501-1516, 2024. DOI: 10.13089/JKIISC.2024.34.6.1501.

[ACM Style]
문성수, 박태준, 김수연, and 나유경. 2024. Intelligent Intrusion Detection and Prevention System byComplementing Signature-Based and Flow-Based Models. Journal of The Korea Institute of Information Security and Cryptology, 34, 6, (2024), 1501-1516. DOI: 10.13089/JKIISC.2024.34.6.1501.