• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.41-59
• /
• 2015

Information systems has been developed and used in various business area, therefore there are abundance of history data (log data) stored, and subsequently, it is required to analyze those log data. Previous studies have been focusing on the discovering of relationship between events and no identification of anomaly instances. Previously, anomaly instances are treated as noise and simply ignored. However, this kind of anomaly instances can occur repeatedly. Hence, a new methodology to detect the anomaly instances is needed. In this paper, we propose a methodology of LAPID (Local Anomaly Process Instance Detection) for discriminating an anomalous process instance from the log data. We specified a distance metric from the activity relation matrix of each instance, and use it to detect API (Anomaly Process Instance). For verifying the suggested methodology, we discovered characteristics of exceptional situations from log data. To demonstrate our proposed methodology, we performed our experiment on real data from a domestic port terminal.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.67-73
• /
• 2006

The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. a general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.5
• /
• pp.193-204
• /
• 2019

The explosion of data due to the improvement of sensor technology and computing performance has become the basis for analyzing the situation in the industrial fields, and various attempts to detect events based on such data are increasing recently. In particular, sound signals collected from sensors are used as important information to classify events in various application fields as an advantage of efficiently collecting field information at a relatively low cost. However, the performance of sound-event classification in the field cannot be guaranteed if noise can not be removed. That is, in order to implement a system that can be practically applied, robust performance should be guaranteed even in various noise conditions. In this study, we propose a system that can classify the sound event after generating the enhanced sound signal based on the deep learning algorithm. Especially, to remove noise from the sound signal itself, the enhanced sound data against the noise is generated using SEGAN applied to the GAN with a VAE technique. Then, an end-to-end based sound-event classification system is designed to classify the sound events using the enhanced sound signal as input data of CNN structure without a data conversion process. The performance of the proposed method was verified experimentally using sound data obtained from the industrial field, and the f1 score of 99.29% (railway industry) and 97.80% (livestock industry) was confirmed.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.1-6
• /
• 2005

Today the malicious approach and information threat against a network system increase and, the demage about this spread to persnal user from company. The product which provides only unit security function like an infiltration detection system and an infiltration interception system reached the limits about the composition infiltration which is being turn out dispersion anger and intelligence anger Necessity of integrated security civil official is raising its head using various security product about infiltration detection, confrontation and reverse tracking of hacker. Because of the quantity to be many analysis of the event which is transmitted from the various security product and infiltration alarm, analysis is difficult. So server is becoming the charge of their side. Consequently the dissertation will research the method to axis infiltration alarm data to solve like this problem.

• The Journal of the Korea Contents Association
• /
• v.21 no.10
• /
• pp.59-66
• /
• 2021

In this paper, an improved integrated security control procedure is newly proposed by applying artificial intelligence technology to integrated security control and unifying the existing security control and AI security control response procedures. Current cyber security control is highly dependent on the level of human ability. In other words, it is practically unreasonable to analyze various logs generated by people from different types of equipment and analyze and process all of the security events that are rapidly increasing. And, the signature-based security equipment that detects by matching a string and a pattern has insufficient functions to accurately detect advanced and advanced cyberattacks such as APT (Advanced Persistent Threat). As one way to solve these pending problems, the artificial intelligence technology of supervised and unsupervised learning is applied to the detection and analysis of cyber attacks, and through this, the analysis of logs and events that occur innumerable times is automated and intelligent through this. The level of response has been raised in the overall aspect by making it possible to predict and block the continuous occurrence of cyberattacks. And after applying AI security control technology, an improved integrated security control service model was newly proposed by integrating and solving the problem of overlapping detection of AI and SIEM into a unified breach response process(procedure).

• Journal of the Korea Convergence Society
• /
• v.8 no.4
• /
• pp.19-24
• /
• 2017

The growing number of electronic financial transactions (e-banking) has entailed the rapid increase in security threats such as extortion and falsification of financial transaction data. Against such background, rigid security and countermeasures to hedge against such problems have risen as urgent tasks. Thus, this study aims to implement an improved case model by applying the Fraud Detection System (hereinafter, FDS) in a financial corporation 'A' using big data technique (e.g. the function to collect/store various types of typical/atypical financial transaction event data in real time regarding the external intrusion, outflow of internal data, and fraud financial transactions). As a result, There was reduction effect in terms of previous scenario detection target by minimizing false alarm via advanced scenario analysis. And further suggest the future direction of the enhanced FDS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.373-385
• /
• 2021

To provide convenience and safety of drivers, the recent vehicles are being equipped with a number of electronic control units (ECUs). Multiple ECUs construct a network inside a vehicle to share information related to the vehicle's status; in addition, the CAN protocol is normally applied. As the modern vehicles provide highly convenient and safe services, it provides many types of attack surfaces; as a result, it makes them vulnerable to cyber attacks. The automotive IDS (Intrusion Detection System) is one of the promising techniques for securing vehicles. However, the existing methods for automotive IDS are able to analyze only periodic messages. If someone attacks on non-periodic messages, the existing methods are not able to properly detect the intrusion. In this paper, we present a method to detect intrusions including an attack using non-periodic messages. Moreover, we evaluate our method on the real vehicles, where we show that our method has 0% of FPR and 0% of FNR under our attack model.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.283-285
• /
• 2020

본 논문에서는 시스템이 비정상적인 상태에 진입하였는지를 판단하여 공격에 대한 탐지를 효율적으로 수행할 수 있는 하드웨어 기반 보안 모니터링 기술에 대해 소개한다. 먼저 이벤트 기반으로 커널을 보호하는 모니터링 기법들에 대해 알아볼 것이다. 최종적으로 다양한 이벤트를 유연하게 모니터링할 수 있는 기법을 살펴보고, 이를 바탕으로 보안 하드웨어 모니터링 기법의 향후 연구방향을 모색하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.217-219
• /
• 2021

With the development of ICT, the amount of data increases, and the technology of storing and processing becomes important. In this study, we study real-time file copy leakage prevention system to prevent leakage of important data in enterprises, public places, etc. As a research method, we propose a system that detects events in real time to prevent data leakage after analyzing data leakage cases and problems. The file leakage prevention system compares and analyzes with the existing EDLP system, and the proposed system reduces load and detects events. Future research requires research on the prevention of leaks through networks and various channels.

• Korean Journal of Remote Sensing
• /
• v.36 no.2_2
• /
• pp.379-399
• /
• 2020

The detection of illegal ship is one of the key factors in building a marine surveillance system. Effective marine surveillance requires the means for continuous monitoring over a wide area. In this study, the possibility of ship detection monitoring based on satellite SAR, HF radar, UAV and AIS integration was investigated. Considering the characteristics of time and spatial resolution for each platform, the ship monitoring scenario consisted of a regular surveillance system using HFR data and AIS data, and an event monitoring system using satellites and UAVs. The regular surveillance system still has limitations in detecting a small ship and accuracy due to the low spatial resolution of HF radar data. However, the event monitoring system using satellite SAR data effectively detects illegal ships using AIS data, and the ship speed and heading direction estimated from SAR images or ship tracking information using HF radar data can be used as the main information for the transition to UAV monitoring. For the validation of monitoring scenario, a comprehensive field experiment was conducted from June 25 to June 26, 2019, at the west side of Hongwon Port in Seocheon. KOMPSAT-5 SAR images, UAV data, HF radar data and AIS data were successfully collected and analyzed by applying each developed algorithm. The developed system will be the basis for the regular and event ship monitoring scenarios as well as the visualization of data and analysis results collected from multiple platforms.