Phuong Do

Bio: Phuong Do is an academic researcher from Konkuk University. The author has contributed to research in topics: Intrusion detection system & Incremental decision tree. The author has an hindex of 2, co-authored 3 publications receiving 4 citations.

Improved signature based intrusion detection using clustering rule for decision tree

Abstract: Malicious network data are becoming more and more serious nowadays. To deal with this problem, IDSs are used popularly as a security technology that helps to discover, determine and identify unauthorized use of information systems. However, the attacking technologies are becoming more complicated and require more time to detect. In order to make sure that IDS can work efficiently and accurately, novel algorithms need to be applied to adapt to the quick change of attacking technologies. There are many algorithms that are proposed to work on the matching process. Kruegel et al. generated a decision tree that is utilized to find malicious input items using as few redundant comparisons as possible [1].In this paper, we improve Kruegel's algorithm by changing the clustering strategy for building the decision tree. The experiments show that the quality of the output decision tree could be significantly improved.

Improving a hierarchical pattern matching algorithm using cache-aware Aho-Corasick automata

Abstract: Enhanced Hierarchical Multipattern Matching Algorithm (EHMA) is an efficient pattern matching algorithm that divides the matching process into two phases so that it may reduce the number of the external memory accesses. But when the number of the patterns increases, the algorithm may not work well. In this paper we propose a method to solve this problem by combining EHMA algorithm with the Aho-Corasick algorithm. We also take into consideration the effect of cache memory in the network equipment by implementing a cache-aware algorithm that exploits the frequency of the characters in the network payload and the transition probability of links in the Aho-Corasick automata. The experiments show that our improvement can help to significantly reduce the number of the external memory access, compared to the original EHMA.

Measuring similarities among intrusion detection rules on the MapReduce environment

Abstract: In this paper, we define the problem of measuring similarities among intrusion detection rules written as regular expression. It is related to the efficiency of the intrusion detection systems. To avoid complex computation related to regular expression, we propose a simple heuristic of considering them as strings and computing the distances among them. We implemented this idea on MapReduce environment.

A New Logging-based IP Traceback Approach using Data Mining Techniques.

Abstract: IP Traceback is a way to search for sources of damage to the network or host computer. IP Traceback method consists of reactive and proactive methods, and the proactive method induces a serious storage overhead. However, a system capable of solving these problems through cluster-based mass storage, digestible packets and hierarchical collections was designed. It not only performs traceback but also communicates with analysis data of other security systems by using the logging methods. It is capable of performing an effective traceback operation by using data mining in order to perform vast amount of traceback operation with the use of massive data. In addition, the results can be used as basic data to generate new rules for intrusion detection systems.

Secure intrusion detection system for mobile adhoc networks

Abstract: These are the networks which are formed by Mobile hand held devices like cell phones, laptops etc Nodes in these networks are mobile in nature Mobile adhoc networks are very useful in the situations such as military operations, disaster management etc These networks do not require special additional fixed infrastructure but with the existing infrastructure all mobile nodes can cooperate and reach on some consensus about the intrusion into the systems Since data moves in open wireless environment, nodes are frequently joining and going away and they are used in very crucial situations, so there security is of major concerns

Rancang Bangun Plugin WordPress Penghitung Kepadatan Kata Kunci

Abstract: In optimizing a website, web owners are required to write articles that relate to the keywords and put into the website Therefore is needed a keyword density plugin app to calculate keywords and suggest an article content writer to add or subtract keywords in the article The keyword density counter is an app that counts keywords in an article The results obtained from this application is the ratio of keywords to existing words of the pages of websites or articles The benefits of using keyword density counters are content writers becoming aware that articles already have enough density, according Google's recommendation keywords density is 2-3% of article, then the article will give a signal to search engines Results obtained is the same for validation plugin calculations after Compared to other similar plugins Keyword density counters have been created with 5085% faster than other similar plugins

Dynamic Updating of Signatures for Improving the Performance of IDS

Abstract: Signature-based intrusion detection system has the limitation that it will see only well-known attacks; it will not detect zero-day attacks. Due to the pattern matching operation, existing signature-based IDSs have large execution time and memory utilization overheads. As a result, an efficient system must be designed to reduce overhead and detect zero-day attacks. Many systems carry out the matching by comparing each input event to all rules. First, we define the proposed intrusion detection system using a decision tree as evaluated using real network traces. The proposed system with a decision tree received an accuracy of 96.96%. After this, if the signature-based system cannot detect an attack, then control goes to the anomaly-based module. It uses a deep learning algorithm to detect anomalies from the packets missed from the signature-based system due to fixed rules, generate signatures from anomalies detected, and dynamically update the signatures into Signature Ruleset, improving the overall accuracy of 98.98%. So next time the same kind of attack occurs, it is possible to detect it easily.

Evaluating Snort Alerts as a Classification Features Set

Abstract: Nowadays, cyber-attacks are beginning to be smart and hard to be detected, these attacks can be classified as Advance Persistence Threat(APT), which are hard to be detected and need sophisticated mechanisms of cybersecurity detection systems to be implemented to detect these types of attacks. Snort is an Intrusion Detection System (IDS) open source application that gained a high level of trust from hundreds of companies by using it as an IDS sensor whether Host-based Intrusion Detection System (HIDS) or Network Intrusion Detection System (NIDS) mode. Snort is depending on rules that are predefined to detect known attacks where if there is a new attack released and have not been registered to CheckPoint as an attack, then Snort will not detect it as an attack and the attack will bypass. The main problem that stands with traditional IDS (Snort) is the rate of false positive alerts. A new technique has been revealed by understanding the behavior of the traffic flow and deciding if the traffic flow matches the attributes that have abnormal activities that the traditional misuse IDS cannot detect. The new technique is a machine learning process that depending on training and testing the data of the traffic after converting the PCAP file to CSV file through an application that calls CICFlowMeter. it is an open source machine learning application that used as GUI mode calls Weka. After the PCAP file converted through CICFlowMeter, a dataset end with CSV extension will be generated with 80 plus attributes that Weka will learn as the training phase after that the testing phase will determine the matched traffic if they are normal or abnormal.