• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.4-6
• /
• 2002

네트워크의 광역화와 새로운 공격 유형의 발생으로 침입 탐지 시스템에서 새로운 시퀀스의 추가나 침입탐지 모델 구축의 수동적인 접근부분이 문제가 되고 있다. 특히 기존의 침입탐지 시스템들은 대량의 네트워크 하부구조를 가진 네트워크 정보를 수집 및 분석하는데 있어 각각 전담 시스템들이 담당하고 있다. 따라서 침입탐지 시스템에서 증가하는 많은 양의 감사데이터를 분석하여 다양한 공격 유형들에 대해서 능동적으로 대처할 수 있도록 하는 것이 필요하다. 최근, 침입 탐지 시스템에 데이터 마이닝 기법을 적용하여 능동적인 침입탐지시스템을 구축하고자 하는 연구들이 활발히 이루어지고 있다. 이 논문에서는 대량의 감사 데이터를 정확하고 효율적으로 분석하기 위한 마이닝 시스템을 설계하고 구현한다. 감사데이터는 트랜잭션데이터베이스와는 다른 특성을 가지는 데이터이므로 이를 고려한 마이닝 시스템을 설계하였다. 구현된 마이닝 시스템은 연관규칙 기법을 이용하여 감사데이터 속성간의 연관성을 탐사하고, 빈발 에피소드 기법을 적용하여 주어진 시간 내에서 상호 연관성 있게 발생한 이벤트들을 모음으로써 연속적인 시간간격 내에서 빈번하게 발생하는 사건들의 발견과 알려진 사건에서 시퀀스의 행동을 예측하거나 기술할 수 있는 규칙을 생성한 수 있다. 감사데이터의 마이닝 결과 생성된 규칙들은 능동적인 보안정책을 구축하는데 활용필 수 있다. 또한 데이터양의 감소로 침입 탐지시간을 최소화하는데도 기여한 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1123-1129
• /
• 2015

Macro(automatic hunting) of mobile game is a program that touch the screen by defined rules like a game bot in PC online games, and it is used by make various ways like android application or windows application program. This gives honest users deprivation and make to lose their interest. Finally they would leave the game and gradually game life would be shorten. Although many studies to prevent these problems in PC online game are conducted, applying mobile game to PC's way is difficult because mobile games are limited to use the network and device performance is different with PC. In this paper, we propose a framework for macro detection by using the touch event information. A touch event on the mobile game is a necessary control command to the game. Because macro touches the screen with the same pattern, there is a difference between normal user's behavior and macro's operation. In mobile games that casual games are mostly, Touch event is the best difference that identify normal user against macro for a short period of time. As a result of detecting macros used in real mobile game by using the proposed framework it showed 100% accuracy and 0% false positive rate.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.5
• /
• pp.913-919
• /
• 2011

In this paper, we present a new efficient event detection algorithm for sensor networks with faults. We focus on multi-attributed events, which are sets of data points that correspond to interesting or unusual patterns in the underlying phenomenon that the network monitors. Conventional algorithms cannot detect some events because they treat only their own sensor readings which can be affected easily by environmental or physical problem. Our approach exploits spatio-temporal correlation of sensor readings. Sensor nodes exchange a fault-tolerant code encoded their own readings with neighbors, organize virtual sensor readings which have spatio-temporal correlation, and determine a result for multi-attributed events from them. In the result, our proposed algorithm provides improvement of detecting multi-attributed events and reduces the number of false-negatives due to negative environmental effects.

• Journal of Advanced Navigation Technology
• /
• v.14 no.3
• /
• pp.343-350
• /
• 2010

Wireless Sensor Network is an event-driven system that a large number of micro sensor nodes are collected, giving and Wing information. Congestion can take place easily since a great number of sensor nodes are sensing data and transferring them to sink nodes when an event occurs, comparing to the existing wired network. Current internet transport protocol is TCP/UDP, however, this is not proper for wireless sensor network event-driven ESRT, STCP and CODA are being studied for reliable data transport in the wireless sensor network. Congestion are being detected local buffer and channel loading with these techniques. Broadcasting is mainly used and can avoid congestion when one happens. The way that combining local buffer and channel loading information and detecting congestion is being studied in this paper. When congestion occurs, buffering state is divided into three in order to lessen the broadcasting sending the message on congestion control to the node having frequent channel loading. Thus they have advantage of decreasing network's loading.

• Journal of Korea Multimedia Society
• /
• v.15 no.7
• /
• pp.910-919
• /
• 2012

We have observed huge success in social network services like Facebook and Twitter, and many researchers have done their analysis on these services. As massive data observed by users is produced on Twitter, many researchers have been conducting research to detect an event on Twitter. Some of them developed a system to detect the earthquakes or to find the local festivals. However, they did not consider the credibility of location information on Twitter although their systems were using the location information. In this paper, we analyze the credibility of the profile location and the correlation between the spatial attributes on Twitter as the preliminary research of the event detection system on Twitter. We analyzed 0.5 million Twitter users in Korea and 2.8 million users around the world. 49.73% of the users in Korea and 90.64% of the users in the world posted tweets in their profile locations. This paper will be helpful to understand the credibility of the spatial attributes on Twitter when the researchers develop an application using them.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.9
• /
• pp.1120-1131
• /
• 2016

In this paper, we propose a smoker recognition algorithm, detecting smokers in a video sequence in order to prevent fire accidents. We use description-based method in hierarchical approaches to recognize smoker's activity, the algorithm consists of background subtraction, object detection, event search, event judgement. Background subtraction generates slow-motion and fast-motion foreground image from input image using Gaussian mixture model with two different learning-rate. Then, it extracts object locations in the slow-motion image using chain-rule based contour detection. For each object, face is detected by using Haar-like feature and smoke is detected by reflecting frequency and direction of smoke in fast-motion foreground. Hand movements are detected by motion estimation. The algorithm examines the features in a certain interval and infers that whether the object is a smoker. It robustly can detect a smoker among different objects while achieving real-time performance.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06d
• /
• pp.139-141
• /
• 2006

무선 센서 네트워크에서 이벤트 영역을 탐지하는데 있어 이동성을 가진 target objects의 첫 boundary information을 탐지하는 것도 중요하지만 탐지 후 변화하는 boundary information을 지속적으로 반영하는 것 또한 매우 중요하다. 따라서 본 논문에서는 boundary information의 지속적인 반영방법에 대해, Event의 발생빈도수에 따른 clustering update 모델링과 특정 상황에 따른 cluster를 재구성해야 하는 방안을 비교 분석한 후 이에 대한 클러스터링의 에너지 효율적인 방법에 대해서 제안하고 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.638-639
• /
• 2013

Anymon Plus(ver 3.0)은 통합 로그 분석 시스템으로 대용량 로그 및 빅데이터의 실시간 수집 저장 분석할 수 있는 제품(초당 40,000 이벤트 처리)으로서, 방화벽 로그 분석을 통한 비정상 네트워크 행위 탐지, 웹 로그 분석을 통한 사용 패턴 분석, 인터넷 쇼핑몰 사기 주문 분석 및 탐지, 내부 정부 유출 분석 및 탐지 등과 같은 다양한 분야로 응용이 확대되고 있다. 본 논문에서는 보안관련 인프라 로그를 분석하고 예측하여 예상 보안사고 시기에 집중적 경계를 통한 선제적 대응을 모색하기 위해 통계적 이론에 기반한 통합 로그 분석 시스템을 개발하기 위해, 회귀분석 및 시계열 분석이 가능한 예측 엔진 시스템을 설계하고 구현한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.1
• /
• pp.60-69
• /
• 2014

Footstep detection using seismic sensors for security is a very meaningful task, but readings can easily fluctuate due to noise in outdoor environment. We propose NSSC method based on nonlinear spectral subtraction and cross-correlation using prime footstep model signal as a footstep signal refining process that enhances the signal-to-noise ratio (SNR) and attenuates noise. After de-noising, a detection event classification method is presented as further refining process to ensure that the detection result is a footstep. To validate the proposed algorithm, representative experiments including sunny and rainy-day cases are demonstrated.

• Journal of Industrial Convergence
• /
• v.20 no.7
• /
• pp.65-71
• /
• 2022

With the development of ICT, as the era of the 4th industrial revolution arrives, the amount of data is enormous, and as big data technologies emerge, technologies for processing, storing, and processing data are becoming important. In this paper, we propose a system that detects events through monitoring and judges them using hash values because the damage to important files in case of leakage in industries and public places is serious nationally and property. As a research method, an optional event method is used to compare the hash value registered in advance after performing the encryption operation in the event of a file leakage, and then determine whether it is an important file. Monitoring of specific events minimizes system load, analyzes the signature, and determines it to improve accuracy. Confidentiality is improved by comparing and determining hash values pre-registered in the database. For future research, research on security solutions to prevent file leakage through networks and various paths is needed.