• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.855-864
• /
• 2005

In this paper, we propose an intrusion detection system(IDS) architecture which can detect and respond against the generation of abnormal traffic such as malicious code and Internet worms. We model the system, design and implement a simulator using OPNET Modeller, for the performance analysis on the response capacity of alert information in the proposed system. At first, we model the arrival process of alert information resulted from abnormal traffic. In order to model the situation in which alert information is intensively produced, we apply the IBP(Interrupted Bernoulli Process) which may represent well the burstiness of traffic. Then we perform the simulation in order to gain some quantitative understanding of the system for our performance parameters. Based on the results of the performance analysis, we analyze factors which may hinder in accelerating the speed of security node, and would like to present some methods to enhance performance.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.12
• /
• pp.714-723
• /
• 2003

In order to guarantee system survivability against attacks based on new methodology, we need a solution to recognize important resources for essential services and to adapt the urgent situation properly. In this paper, we present a dynamic resource reallocation scheme which is one of the core technologies for the implementation of intrusion tolerant systems. By means of resource reallocation within a node, this scheme enables the essential services to survive even after the occurrence of a system attack. If the settlement does not work within the node, resource reallocation among nodes takes places, thus the essential services are transferred to another prepared server node. Experimental result obtained on a testbed reveals the validity of the proposed scheme for resource reallocation. This scheme may work together with IDS(Intrusion Detection System) to produce effective responsive mechanism against attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2000.10a
• /
• pp.439-447
• /
• 2000

현재 방범 시스템은 적외선, 초음파 둥의 I-지기의 신호에 의존하여 외부로부터의 침입을 감지하고 있으나 방범 시스템이 설치된 환경에 따라 이런 감지기의 정확성이 달라지므로 오 동작의 가능성을 포함하며 신뢰성이 저하되고 있다. 실제 외부로부터의 침입을 확인하기 위해서는 화상과 음성 그리고 감지기의 신호를 조합하여 정확한 판단이 가능하지만 화상을 전송하기 위해서는 고가의 회선비용을 부담해야만 한다. 하지만 인터넷을 이용하여 화상을 전송하는 제품들이 출시되면서 Real-time 화상감시가 가능해졌다. 이런 화상감시 제품들은 Netscape, MS Explorer와 같은 표준 Web Browser을 통해 Real-time으르 전세계 어디서나 화상을 감시할 수 있다는 장점을 가지고 있다. 적용분야는 호텔주변, 관광지의 여러 명소에 설치 후 홈페이지에 링크시켜 홍보용으로 사용하거나 공장 주요시설, 교통상황 둥의 중요지역의 Monitoring에 활용하고 있다. 그러나 방범 시스템에 적용하기에는 감지기의 확장성, 방범 관제센터 시스템과의 연동이 부족하여 본 고에서는 현재 출시된 화상감시 시스템과 기존 방범시스템을 Integration하여 방범의 최종 목표인 화상과 감지기 신호의 조합에 따른 정확한 방범시스템의 구현에 대해서 기술하고자 한다. 화상방범시스템의 구현은 크게 두 가지로 나누어지며 첫째는 화상감시 시스템과 방범시스템간의 통신을 설계하는 것으로 기존 대부분의 방범시스템이 사용하는 RS-485 통신 프로토콜을 재설계하여 화상감시 시스템과의 통신을 설계하였으며 둘째는 화상감시시스템과 관제센터 시스템간의 통신을 설계하는 것으로 현재 화상감시 시스템의 TCP/IP 프로토콜을 이용한 socket 통신으로 관제센터 시스템과의 실시간 데이터 전송을 가능하게 했다. 이 시스템을 활용할 경우 고객들은 반드시 관제센터시스템의 인증을 거쳐야 하므로 고객의 DataBase를 축적할수 있으며 이 정보를 활용하여 인터넷 화상방범 서비스 Potal Site구축이 가능하다는 장점이 있다.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.99-108
• /
• 2002

In this paper, I propose a reference image updating algorithm for Intruder Detection System using a difference image method that can reliably separate moving objects from noisy background in the image sequence received from a camera at the fixed position. The proposed algorithm consists of four process determines threshold value and quantization, segmentation of a moving object area, generation of adaptive temporary image that removes a moving object area, and updates reference image using median filtering. The test results show that the proposed algorithm can generate reference image very effectively in the noisy environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.2
• /
• pp.282-287
• /
• 2002

This paper action tracing by techniques to do image sequence component to watch invader based on Mobile internet use. First, detect frame in animation that film fixed area, and make use of image subtraction between two frame that adjoin, segment fixed backing and target who move. Segmentalized foreground object detected and did so that can presume middle value of gouge that is abstracted to position that is specified and watch invader by analyzing action gouge. Those watch information is stored, and made Mobile client send out SMS Message about situation of watch place to server being stored to sensed serial numbers, date, Image file with recording of time.

• Journal of Advanced Marine Engineering and Technology
• /
• v.38 no.3
• /
• pp.318-324
• /
• 2014

A Citadel is a designated pre-constructed space in the ship for the crew protection, in the event of imminent boarding by pirates. A Citadel is to be designed and constructed to resist for a certain period against pirate attack. A Citadel constructed in secret place of the ship based on the provisions of international and national requirements, is the last refuge from the pirates attack. This study try to identity identify the limitation and weakness of the current Citadel and suggest to applicable improvement on the Rules for Ship's Facilities for safer and more secure Citadel.

• Review of KIISC
• /
• v.32 no.4
• /
• pp.7-17
• /
• 2022

운전자 보조 시스템을 통한 차량의 전자적인 제어를 위하여, 최근 차량에 탑재된 전자 제어 장치 (ECU; Electronic Control Unit)의 개수가 급증하고 있다. ECU는 효율적인 통신을 위해서 차량용 내부 네트워크인 CAN(Controller Area Network)을 이용한다. 하지만 CAN은 기밀성, 무결성, 접근 제어, 인증과 같은 보안 메커니즘이 고려되지 않은 상태로 설계되었기 때문에, 공격자가 네트워크에 쉽게 접근하여 메시지를 도청하거나 주입할 수 있다. 악의적인 메시지 주입은 차량 운전자 및 동승자의 안전에 심각한 피해를 안길 수 있기에, 최근에는 주입된 메시지를 식별하기 위한 침입 탐지 시스템(IDS; Intrusion Detection System)에 대한 연구가 발전해왔다. 특히 최근에는 AI(Artificial Intelligence) 기술을 이용한 IDS가 다수 제안되었다. 그러나 제안되는 기법들은 특정 공격 데이터셋에 한하여 평가되며, 각 기법에 대한 탐지 성능이 공정하게 평가되었는지를 확인하기 위한 평가 프레임워크가 부족한 상황이다. 따라서 본 논문에서는 machine learning/deep learning에 기반하여 제안된 차랑용 IDS 5가지를 선정하고, 기존에 공개된 데이터셋을 이용하여 제안된 기법들에 대한 비교 및 평가를 진행한다. 공격 데이터셋에는 CAN의 대표적인 4가지 공격 유형이 포함되어 있으며, 추가적으로 본 논문에서는 메시지 주기 유형을 활용한 공격 유형을 제안하고 해당 공격에 대한 탐지 성능을 평가한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.251-254
• /
• 2020

매년 1인 가구를 대상으로 한 범죄가 증가하고 있다. 이에 따라 지문인식, 스마트키와 같은 도어록 제품들이 출시되었지만 오히려 범죄에 악용되는 사례들이 발생하였다. 본 논문에서는 얼굴인식장치(face identifier, FI)를 통해 객체를 인식하고, 원격 도어록 관리자(remote door lock manager, RDM)를 통해 잠금제어부(locking control unit, LCU)를 관리하는 긴급 상황 인식 스마트 도어록을 제안한다. 사용자의 얼굴을 얼마나 빠르고 정확하게 인식하는지 속도와 신뢰도에 대한 테스트를 진행하였고, 긴급 상황 시 사용자가 안전하게 집으로 들어갈 수 있음을 확인하였다. 본 제품을 통해 주거 침입, 스토킹 등 1인 가구 대상 범죄율과 도어록 악용 범죄율이 낮아질 것으로 사료된다.

• Journal of Intelligence and Information Systems
• /
• v.17 no.4
• /
• pp.157-173
• /
• 2011

As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. This means the fatal damage can be caused by these intrusions in the government agency, public office, and company operating various systems. For such reasons, there are growing interests and demand about the intrusion detection systems (IDS)-the security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. The intrusion detection models that have been applied in conventional IDS are generally designed by modeling the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. These kinds of intrusion detection models perform well under the normal situations. However, they show poor performance when they meet a new or unknown pattern of the network attacks. For this reason, several recent studies try to adopt various artificial intelligence techniques, which can proactively respond to the unknown threats. Especially, artificial neural networks (ANNs) have popularly been applied in the prior studies because of its superior prediction accuracy. However, ANNs have some intrinsic limitations such as the risk of overfitting, the requirement of the large sample size, and the lack of understanding the prediction process (i.e. black box theory). As a result, the most recent studies on IDS have started to adopt support vector machine (SVM), the classification technique that is more stable and powerful compared to ANNs. SVM is known as a relatively high predictive power and generalization capability. Under this background, this study proposes a novel intelligent intrusion detection model that uses SVM as the classification model in order to improve the predictive ability of IDS. Also, our model is designed to consider the asymmetric error cost by optimizing the classification threshold. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, when considering total cost of misclassification in IDS, it is more reasonable to assign heavier weights on FNE rather than FPE. Therefore, we designed our proposed intrusion detection model to optimize the classification threshold in order to minimize the total misclassification cost. In this case, conventional SVM cannot be applied because it is designed to generate discrete output (i.e. a class). To resolve this problem, we used the revised SVM technique proposed by Platt(2000), which is able to generate the probability estimate. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 1,000 samples from them by using random sampling method. In addition, the SVM model was compared with the logistic regression (LOGIT), decision trees (DT), and ANN to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell 4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on SVM outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that our model reduced the total misclassification cost compared to the ANN-based intrusion detection model. As a result, it is expected that the intrusion detection model proposed in this paper would not only enhance the performance of IDS, but also lead to better management of FNE.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.80-85
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.