• Journal of Digital Contents Society
• /
• v.19 no.4
• /
• pp.711-717
• /
• 2018

The breakthrough in computer and network has facilitated a variety of information exchange. However, at the same time, malicious users and groups are attacking vulnerable systems. Intrusion Detection System(IDS) detects malicious behaviors through network packet analysis. However, it has a burden of processing a large amount of packets in a short time. Therefore, in order to solve these problem, we propose a network intrusion detection system that operates at kernel level to improve detection performance at user level. In fact, we confirmed that the network intrusion detection system implemented at kernel level improves packet analysis and detection performance.

• Korean Journal of Remote Sensing
• /
• v.32 no.5
• /
• pp.539-550
• /
• 2016

Detection of water bodies in land surface is an essential part of disaster monitoring, such as flood, storm surge, and tsunami, and plays an important role in analyzing spatial and temporal variation of water cycle. In this study, a quantitative comparison of different thresholding-based methods for water body detection and their applicability to Kompsat-5 SAR data were presented. In addition, the effect of speckle filtering on the detection result was analyzed. Furthermore, the variations of threshold values by the proportion of the water body area in the whole image were quantitatively evaluated. In order to improve the binary classification performance, a new water body detection algorithm based on the bimodality test and the majority filtering is presented.

• Korean Journal of Remote Sensing
• /
• v.37 no.2
• /
• pp.177-198
• /
• 2021

Existing change detection researches have been focused on changes of land use and land cover (LULC), damaged areas, or large vegetated and water regions. On the other hands, increased temporal and spatial resolution of satellite images are strongly suggesting the feasibility of change detection of small objects such as vehicles and ships. In order to check the feasibility, this paper analyzes the performance of existing pixel-based change detection methods over small objects. We applied pixel differencing, PCA (principal component analysis) analysis, MAD (Multivariate Alteration Detection), and IR-MAD (Iteratively Reweighted-MAD) to Kompsat-3A and Google Map images taken within 10 days. We extracted ground references for changed and non-changed small objects from the images and used them for performance analysis of change detection results. Our analysis showed that MAD and IR-MAD, that are known to perform best over LULC and large areal changes, offered best performance over small object changes among the methods tested. It also showed that the spectral band with high reflectivity of the object of interest needs to be included for change analysis.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.10 no.5
• /
• pp.786-795
• /
• 1999

To detect the precise of arrival of target signal in real ocean environments, Inverse beamformnig(IBF) solutions to the Inverse beamforming integral equation are surveyed theoretically and the performance properties of the IBF are analyzed with simulations. IBF-Cardioid beamforming algorithm is proposed for port/starboard discrimination and the performance gains are studied with simulations. It is shown that IBF has a 3 dB array noise gain advantage over CBF under ideal conditions. This 3 dB array noise gain advantage is proven by theocratical studies and simulations. This array noise gain advantage leads to a minimum detectable level advantage for IBF output compared with CBF output. The fact that the IBF beamwidth is narrower than the CBF beamwidth by a factor of 0.68 proves the performance of detection and spatial resolution improvement. Comparing the simulation results of IBF-Cardioid beamforming and Conventional Cardioid beamforming, it is shown that IBF-Cardioid beamformer have performance enhancement in minimum detection level, detection accuracy and resolution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.775-784
• /
• 2019

Malware infringement attacks are continuously increasing in various environments such as mobile, IOT, windows and mac due to the emergence of new and variant malware, and signature-based countermeasures have limitations in detection of malware. In addition, analytical performance is deteriorating due to obfuscation, packing, and anti-VM technique. In this paper, we propose a system that can detect malware based on machine learning by using similarity hashing-based pattern detection technique and static analysis after file classification according to packing. This enables more efficient detection because it utilizes both pattern-based detection, which is well-known malware detection, and machine learning-based detection technology, which is advantageous for detecting new and variant malware. The results of this study were obtained by detecting accuracy of 95.79% or more for benign sample files and malware sample files provided by the AI-based malware detection track of the Information Security R&D Data Challenge 2018 competition. In the future, it is expected that it will be possible to build a system that improves detection performance by applying a feature vector and a detection method to the characteristics of a packed file.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.869-872
• /
• 2002

네트워크 기반 침입탐지시스템은 연속적으로 발생하는 패킷의 무손실 축소와, 패킷으로 정상 또는 비정상 행위패턴을 정확히 모델링한 모델 생성이 전체성능을 판단하는 중요한 요소가 된다. 네트워크 기반 비정상행위 판정 침입탐지시스템에서는 이러한 탐지모델 구축을 위해 주로 감독학습 알고리즘을 사용한다. 본 논문은 탐지모델 구축에 사용하는 감독 학습 방식이 가지는 문제점을 지적하고, 그에 대한 대안으로 비감독 학습방식의 학습알고리즘을 제안한다. 감독 학습을 사용하여 탐지모델을 구축하기 위해서는 정상행위의 패킷을 취합해야 하는 사전 부담이 있는 반면에 비감독 학습을 사용하게 되면 이러한 사전작업 없이 탐지모델을 구축할 수 있다. 본 논문에서는 비감독학습 알고리즘을 비교 분석하기 위해서 COBWEB, k-means, Autoclass 알고리즘을 사용했으며, 성능을 평가하기 위해서 비정상행위도(Abnormal Behavior Level)를 계산하여 에러율을 구하였다.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.22 no.4
• /
• pp.1-11
• /
• 2019

With the development of remote sensing sensor technology, it has become possible to acquire satellite images with various spectral information. In particular, since the hyperspectral image is composed of continuous and narrow spectral wavelength, it can be effectively used in various fields such as land cover classification, target detection, and environment monitoring. Change detection techniques using remote sensing data are generally performed through differences of data with same dimensions. Therefore, it has a disadvantage that it is difficult to apply to heterogeneous sensors having different dimensions. In this study, we have developed a change detection method applicable to hyperspectral image and high spat ial resolution satellite image with different dimensions, and confirmed the applicability of the change detection method between heterogeneous images. For the application of the change detection method, the dimension of hyperspectral image was reduced by using correlation analysis and principal component analysis, and the change detection algorithm used CVA. The ROC curve and the AUC were calculated using the reference data for the evaluation of change detection performance. Experimental results show that the change detection performance is higher when using the image generated by adequate dimensionality reduction than the case using the original hyperspectral image.

• Review of KIISC
• /
• v.15 no.2
• /
• pp.63-73
• /
• 2005

최근 들어 침입방지시스템이 차세대 보안 솔루션으로 자리를 굳히고 있다. 국내외의 보안 업체들이 IPS 발표하고 있는 가운데, 국내에서도 IPS의 고입에 대한 관심이 점차 증대되고 있다. 침입방지시스템은 침입탐지시스템을 이용한 보안관리의 한계를 극복하기 위하여 도입되었으나, 아직까지 침입방지시스템에 대한 정의고 명화하지 않고, 침입탐지시스템과의 파이도 확실히 규명되지 않은 실정이다. 따라서 본 논문에서는 침입방지기술에 대하여 분석하여 보고, 침입탐지시스템에 대하여 기술을 비교하여보고 성능평가 방안에 대하여 기술하고자 한다.

• Journal of Intelligence and Information Systems
• /
• v.29 no.3
• /
• pp.229-247
• /
• 2023

With the increasing emphasis on anomaly detection across various fields, diverse anomaly detection algorithms have been developed for various data types and anomaly patterns. However, the performance of anomaly detection algorithms is generally evaluated on publicly available datasets, and the specific performance of each algorithm on anomalies of particular types remains unexplored. Consequently, selecting an appropriate anomaly detection algorithm for specific analytical contexts poses challenges. Therefore, in this paper, we aim to investigate the types of anomalies and various attributes of data. Subsequently, we intend to propose approaches that can assist in the selection of appropriate anomaly detection algorithms based on this understanding. Specifically, this study compares the performance of anomaly detection algorithms for four types of anomalies: local, global, contextual, and clustered anomalies. Through further analysis, the impact of label availability, data quantity, and dimensionality on algorithm performance is examined. Experimental results demonstrate that the most effective algorithm varies depending on the type of anomaly, and certain algorithms exhibit stable performance even in the absence of anomaly-specific information. Furthermore, in some types of anomalies, the performance of unsupervised anomaly detection algorithms was observed to be lower than that of supervised and semi-supervised learning algorithms. Lastly, we found that the performance of most algorithms is more strongly influenced by the type of anomalies when the data quantity is relatively scarce or abundant. Additionally, in cases of higher dimensionality, it was noted that excellent performance was exhibited in detecting local and global anomalies, while lower performance was observed for clustered anomaly types.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.16-19
• /
• 2002

분산 침입 탐지시스템은 감시되는 호스트 수에 비례하여 데이터 분석이 다수의 위치에서 수행되는 시스템이다. 따라서, 침입 탐지를 위하여 구성된 컴포넌트 사이의 효율적인 정보 분배가 중요한 문제이며, 통신 메커니즘은 신뢰성, 효율성, 안전성 그리고 확장성이 요구된다. 분산 침입 탐지 시스템의 통신 형태를 나타내는 통신모델 중에서, 높은 확장성 때문에 고려되고 있는 모델로 피어 대 피어 통신 모델이 있다. 이 모델은 특정한 형태의 관심전파와 데이터 전달 방법에 따라 다시 계층적 구조와 직접 연결로 분류할 수 있다. 본 논문에서는, 분산 침입탐지에서 침입 탐지정보를 전달하는 두 가지 방법에 대하여 분석하고, 통신 메커니즘의 성능을 향상시키는 방안을 제시하고자 한다.