• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.05a
• /
• pp.216-218
• /
• 2021

최근 침입 탐지 시스템은 기존 시그니처 기반이 아닌 AI 기반 연구로 많이 진행되고 있다. 이는 시그니처 기반의 한계인 이전에 보지 못한 악성 행위의 탐지가 가능하기 때문이다. 또한 로그 정보는 시스템의 중요 이벤트를 기록하여 시스템의 상태를 반영하고 있기 때문에 로그 정보를 사용한 침입 탐지 시스템에 대한 연구가 활발히 이루어지고 있다. 하지만 로그 정보는 시스템 상태의 일부분만 반영하고 있기 때문에, 회피하기 쉬우며, 이를 보완하기 위해 system call 정보를 사용한 멀티 모달 기반 침입 시스템을 제안한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.5
• /
• pp.125-130
• /
• 2017

Since field control equipment such as PLC has no function to log key event information in the log, it is difficult to analyze the accident. Therefore, it is necessary to secure information that can analyze when a cyber accident occurs by logging the main event information of the field control equipment such as PLC and IED. The protocol analyzer is required to analyze the field control device (the embedded device) communication protocol for event logging. However, the conventional analyzer, such as Wireshark is difficult to process the data identification and extraction of the large variety of protocols for event logging is difficult analysis of the payload data based and classification. In this paper, we developed a system for Big Data based on field control device communication protocol payload data extraction for event logging of large studies.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.351-359
• /
• 2014

The log data generated by security equipment have been synthetically analyzed on the ESM(Enterprise Security Management) base so far, but due to its limitations of the capacity and processing performance, it is not suited for big data processing. Therefore the another way of technology on the big data platform is necessary. Big Data platform can achieve a large amount of data collection, storage, processing, retrieval, analysis, and visualization by using Hadoop Ecosystem. Currently ESM technology has developed in the way of SIEM (Security Information & Event Management) technology, and to implement security technology in SIEM way, Big Data platform technology is essential that can handle large log data which occurs in the current security devices. In this paper, we have a big data platform Hadoop Ecosystem technology for analyzing the security log for sure how to implement the system model is studied.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2002.11b
• /
• pp.207-210
• /
• 2002

본 논문에서는 NT 서버가 제공하는 서비스에서 발생하는 이벤트와 서비스를 실시간으로 감시하고 보고하는 접근 감시시스템을 설계하였다. 서버시스템으로 들어오는 패킷을 분석하고, 웹서버에 남겨지는 로그, 레지스트리 정보, 네트워크 연결 세션 정보를 통하여 불법적인 접근이 발생했는지를 분석한다. 또한 그로 인한 피해가 발생했을 경우 시스템의 어느 서비스에서 불법적인 접근이 발생했고, 어떠한 피해가 발생했는지를 분석하여 신속하고 정확한 대응을 할 수 있도록 정보를 제공한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.970-972
• /
• 2004

최근 들어 웜 바이러스의 출현과 더불어, 인터넷 대란과 같은 서비스 거부 공격의 피해 사례가 급증하고 있다. 이에 따라 네트워크 보안이 많은 관심을 받고 있는데, 보안의 여러 분야 가운데에서도 특히 침입탐지와 대응에 관한 연구가 활발히 이루어지고 있다. 또한 이러한 작업들을 자동화하기 위한 도구들이 개발되고 있지만 그 정확성이 아직 신뢰할 만한 수준에 이르지 못하고 있는 것이 지금의 현실이다. 본 논문에서는 이벤트 로그를 분석하여 침입 패턴을 예측하고, 이를 기반으로 자동화된 침입 탐지 및 대응을 구현할 수 있는 String Matching 알고리즘을 제안하고자 한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.12B
• /
• pp.1509-1521
• /
• 2011

WfMC, which is one of the international standardization organizations leading the business process and workflow technologies, has been officially released the BPAF1.0 that is a standard format to record process instances' event logs according as the business process intelligence mining technologies have recently issued in the business process and workflow literature. The business process mining technologies consist of two groups of algorithms and their analysis techniques; one is to rediscover flow-oriented process-intelligence, such as control-flow, data-flow, role-flow, and actor-flow intelligence, from process instances' event logs, and the other has something to do with rediscovering relation-oriented process-intelligence like process-driven social networks and process-driven affiliation networks from the event logs. The current standardized format of BPAF1.0 aims at only supporting the control-flow oriented process-intelligence mining techniques, and so it is unable to properly support the relation-oriented process-intelligence mining techniques. Therefore, this paper tries to extend the BPAF1.0 so as to reasonably support the relation-oriented process-intelligence mining techniques, and the extended BPAF is termed BPAF2.0. Particularly, we have a plan to standardize the extended BPAF2.0 as not only the national standard specifications through the e-Business project group of TTA, but also the international standard specifications of WfMC.

• The Journal of Bigdata
• /
• v.5 no.1
• /
• pp.181-188
• /
• 2020

As the size of the airport terminal grows in line with the rapid growth of aviation passengers, the advanced baggage handling system that combines various data technologies has become an essential element in order to handle the baggage carried by passengers swiftly and accurately. Therefore, this study introduces the method of analyzing the baggage handling capacity of domestic airports through the latest data analysis methodology from the process point of view to advance the operation of the airport BHS and the main points based on event log data. By presenting an accurate load prediction method, it can lead to advanced BHS operation strategies in the future, such as the preemptive arrangement of resources and optimization of flight-carrousel scheduling. The data used in the analysis utilized the APIs that can be obtained by searching for "Korea Airports Corporation" in the public data portal. As a result of applying the method to the domestic airport BHS simulation model, it was possible to confirm a high level of predictive performance.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.223-232
• /
• 2012

Recently, the leakage of personal information and privacy piracy increase. The victimized case of the malicious object rapidlies increase. Most of users use the windows operating system. Recently, the Windows 7 operating system was announced. Therefore, we need to study for the intrusion response technique at the next generation operate system circumstances. The accident response technique developed till now was mostly implemented around the Windows XP or the Windows Vista. However, a new vulnerability problem will be happen in the breach process of reaction as the Windows 7 operating system is announced. In the windows operating system, the system incident event needs to be efficiently analyzed. For this, the event information generated in a system needs to be visually analyzed around the time information or the security threat weight information. Therefore, in this research, we analyzed visually about the system event information generated in the Windows 7 operating system. And the system analyzing the system incident through the visual event information analysis process was designed and implemented. In case of using the system developed in this study the more efficient accident analysis is expected to be possible.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.16 no.3
• /
• pp.401-406
• /
• 2021

Recently, mean-teacher models based on convolutional recurrent neural networks are popularly used in audio event detection. The mean-teacher model is an architecture that consists of two parallel CRNNs and it is possible to train them effectively on the weakly-labelled and unlabeled audio data by using the consistency learning metric at the output of the two neural networks. In this study, we tried to improve the performance of the mean-teacher model by using additional derivative features of the log-mel spectrum. In the audio event detection experiments using the training and test data from the Task 4 of the DCASE 2018/2019 Challenges, we could obtain maximally a 8.1% relative decrease in the ER(Error Rate) in the mean-teacher model using proposed derivative features.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.15 no.1
• /
• pp.86-98
• /
• 2019

Recently, the trend of building container-based PaaS (Platform-as-a-Service) is expanding. Container-based platform technology has been a core technology for realizing a PaaS. Containers have lower operating overhead than virtual machines, so hundreds or thousands of containers can be run on a single physical machine. However, recording and monitoring the storage logs for a large number of containers running in cloud computing environment occurs significant overhead. This work has identified two problems that occur when detecting a file system change event of a container running in a cloud computing environment. This work also proposes a system for container file system event detection in the environment by solving the problem. In the performance evaluation, this work performed three experiments on the performance of the proposed system. It has been experimentally proved that the proposed monitoring system has only a very small effect on the CPU, memory read and write, and disk read and write speeds of the container.