An Efficient Intrusion Detection System (IDS) Node Selection for Congested Systems in Wireless Mesh Networks

“This research was supported by the Ministry of Knowledge Economy, Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Advancement)”(IITA-2008-C1090-0801-0016

무선 메쉬 네트워크에서 혼잡상황을 고려한 효율적인 침입탐지 시스템 배치

학위논문(석사) - 한국과학기술원 : 산업및시스템공학과, 2009. 8., [ iv, 42 p. ]Wireless networks are notably vulnerable to intrusions, as they operate in open medium and don’t have any centralized security systems. In contrast to wired networks, wireless networks need a special method to detect intrusions. An Intrusion Detection System (IDS) for wireless networks is widely employed for security purpose to detect illegal intrusions. However, a node acted as an IDS node which overhears and analyses all packets within monitoring range consumes additional resources. Since wireless network resources such as battery and bandwidth are limited, an efficient monitoring node selection scheme efficiently utilizing these resources is needed in wireless networks. In this thesis, we apply an IDS node selection scheme to a wireless mesh network (WMN). The WMN is a promising wireless technology that supply wired infrastructure (Internet Gateway, IGW) with wireless backbone (Mesh Router, MR) to mobile users. We propose an efficient IDS MR placement in WMNs using collected information by the IGW. Existing IDS node selection schemes only consider either network lifetime or battery consumption of the whole network. However, we suggest an efficient monitoring node selection method considering both enhancement of network lifetime and reduction of total battery consumption. To guarantee enough network lifetime and reduce the battery consumption of the whole network, we apply a set covering problem (SCP) to monitoring node distribution problem. Furthermore, we focus on congestion of monitored packets in a buffer of IDS using queuing theory. Packet congestion in IDS node causes the decline of detection rate and the high energy consumption of IDS due to excessive monitoring tasks. Therefore, it is important to avoid the congestion of monitoring tasks. In congested network, our proposed scheme has superior performance than other existing schemes한국과학기술원 : 산업및시스템공학과

안전한 인터넷 서비스를 위한 기계 학습 기법에 관한 연구

학위논문(박사) - 한국과학기술원 : 산업및시스템공학과, 2013.2, [ vii, 98 p. ]In these days, various kinds of Internet services provide many conveniences, such as information search, e-commerce, e-health, e-education and social network services. As the Internet services have become an important part of people’s lives, attacks have also increased in recent years. In this thesis, we focus on machine learning approaches for secure Internet services. This study mainly focuses on detecting malicious web pages based on machine learning approaches. First, we propose an efficient filtering method for detecting malicious web pages using cost sensitive analysis. There are ways to detect malicious web pages, two of which are dynamic detection and static detection. Dy-namic detection has a high detection rate but uses a high amount of resources and takes a long time, whereas static analysis only uses a small amount of resources but its detection rate is low. To minimize the weaknesses of these two methods, Canali et al. suggest a filtering method, Prophiler, which uses static analysis first to filter normal web pages and then uses dynamic analysis to test only the remaining suspicious web pages. In this filtering method, if a page is classified as normal at the filtering stage, it is not being tested any more. Consequently, there should not be any malicious pages among the web pages classified as normal. However, Prophiler does not consider this problem. In this study, to solve this problem, our proposed filtering method utilizes a cost-sensitive method. Also, to increase the efficiency of the filter, features are grouped as 3 subsets depending on the difficulty of the extraction. The efficiency of the proposed filter can be increased, as our method only uses the necessary feature subset according to the characteristics of the web pages. An experiment showed that the load of the dynamic analysis decreased significantly when using the proposed method and that the proposed method shows fewer false negatives and greater efficiency than an existing fi...한국과학기술원 : 산업및시스템공학과