• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.714-717
• /
• 2019

IOT는 복잡하고 이질적인 네트워크 환경이며 저전력 장치를 위한 새로운 라우팅 프로토콜의 존재로 인해 혁신적인 침입탐지 시스템이 필요하다. 특히 접근이 어려운 IOT 환경에서는 공격을 받았을 때 정확하고 빠른 탐지가 용이하여야 한다. 따라서 본 논문에서는 탐지의 정확성과 희소의 공격을 잘 탐지하기 위한 효과적인 특징 추출과 분류를 위한 SAR(Stacked Auto Encoder+Random Forest) 시스템을 제안한다.

• Journal of Korean Society for Geospatial Information Science
• /
• v.22 no.1
• /
• pp.23-29
• /
• 2014

The emergence of high resolution satellite images and the evolution of spatial resolution facilitate various studies using high resolution satellite images. Above all, target detection algorithms are effective for monitoring of traffic flow and military surveillance and reconnaissance because vehicles, airplanes, and ships on broad area could be detected easily using high resolution satellite images. Recently, many satellites are launched from global countries and the diversity of satellite images are also increased. On the contrary, studies on comparison about the spatial resolution or target detection, especially, are insufficient in domestic and foreign countries. Therefore, in this study, effects of spatial resolution on target detection are analyzed using the PSO target detection algorithm. The resampling techniques such as nearest neighbor, bilinear, and cubic convolution are adopted to resize the original image into 0.5m, 1m, 2m, 4m spatial resolutions. Then, accuracy of target detection is assessed according to not only spatial resolution but also resampling method. As a result of the study, the resolution of 0.5m and nearest neighbor among the resampling methods have the best accuracy. Additionally, it is necessary to satisfy the criteria of 2m and 4m resolution for the detection of airplane and ship, respectively. The detection of airplane need more high spatial resolution than ship because of their complexity of shape. This research suggests the appropriate spatial resolution for the plane and ship target detection and contributes to the criteria of satellite sensor design.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.33 no.4
• /
• pp.297-304
• /
• 2015

The change detection algorithms, based on remotely sensed satellite imagery, can be applied to various applications, such as the hazard/disaster analysis and the land monitoring. However, unchanged areas sometimes detected as the changed areas due to various errors in relief displacements and noise pixels, included in the original multi-temporal dataset at the application of unsupervised change detection algorithm. In this research, the object-based changed detection for the high-spatial resolution satellite images is applied by using the IR-MAD (Iteratively Reweighted- Multivariate Alteration Detection), which is one of those representative change detection algorithms. In additionally, we tried to increase the accuracy of change detection results with using the additional information, based on the cross-sharpening method. In the experiment, we used the KOMPSAT-2 satellite sensor, and resulted in the object-based IR-MAD algorithm, representing higher changed detection accuracy than that by the pixel-based IR-MAD. Also, the object-based IR-MAD, focused on cross-sharpened images, increased in accuracy of changed detection, compared to the original object-based IR-MAD. Through these experiments, we could conclude that the land monitoring and the change detection with the high-spatial-resolution satellite imagery can be accomplished efficiency by using the object-based IR-MAD algorithm.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.12
• /
• pp.63-71
• /
• 2020

In this paper, we propose a fire detection technology using YOLOv3 and EfficientDet, the most reliable artificial intelligence detection algorithm recently, an alert service that simultaneously transmits four kinds of notifications: text, web, app and e-mail, and an AWS system that links fire detection and notification service. There are two types of our highly accurate fire detection algorithms; the fire detection model based on YOLOv3, which operates locally, used more than 2000 fire data and learned through data augmentation, and the EfficientDet, which operates in the cloud, has conducted transfer learning on the pretrained model. Four types of notification services were established using AWS service and FCM service; in the case of the web, app, and mail, notifications were received immediately after notification transmission, and in the case of the text messaging system through the base station, the delay time was fast enough within one second. We proved the accuracy of our fire detection technology through fire detection experiments using the fire video, and we also measured the time of fire detection and notification service to check detecting time and notification time. Our AI fire detection and notification service system in this paper is expected to be more accurate and faster than past fire detection systems, which will greatly help secure golden time in the event of fire accidents.

• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.27-35
• /
• 2021

With the development of the Internet, various IT technologies such as IoT, Cloud, etc. have been developed, and various systems have been built in countries and companies. Because these systems generate and share vast amounts of data, they needed a variety of systems that could detect threats to protect the critical data contained in the system, which has been actively studied to date. Typical techniques include anomaly detection and misuse detection, and these techniques detect threats that are known or exhibit behavior different from normal. However, as IT technology advances, so do technologies that threaten systems, and these methods of detection. Advanced Persistent Threat (APT) attacks national or companies systems to steal important information and perform attacks such as system down. These threats apply previously unknown malware and attack technologies. Therefore, in this paper, we propose a hybrid intrusion detection system that combines anomaly detection and misuse detection to detect unknown threats. Two detection techniques have been applied to enable the detection of known and unknown threats, and by applying machine learning, more accurate threat detection is possible. In misuse detection, we applied Classification based on Association Rule(CBA) to generate rules for known threats, and in anomaly detection, we used One-Class SVM(OCSVM) to detect unknown threats. Experiments show that unknown threat detection accuracy is about 94%, and we confirm that unknown threats can be detected.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.24 no.1
• /
• pp.1-11
• /
• 2021

Detection of surface water features including river, wetland, reservoir from the satellite imagery can be utilized for sustainable management and survey of water resources. This research compared the water indices derived from the multispectral bands and the machine learning technique for detecting the surface water features from he Landsat-8 satellite image acquired in Daegu through the following steps. First, the NDWI(Normalized Difference Water Index) image and the MNDWI(Modified Normalized Difference Water Index) image were separately generated using the multispectral bands of the given Landsat-8 satellite image, and the two binary images were generated from these NDWI and MNDWI images, respectively. Then SVM(Support Vector Machine), the widely used machine learning techniques, were employed to generate the land cover image and the binary image was also generated from the generated land cover image. Finally the error matrices were used for measuring the accuracy of the three binary images for detecting the surface water features. The statistical results showed that the binary image generated from the MNDWI image(84%) had the relatively low accuracy than the binary image generated from the NDWI image(94%) and generated by SVM(96%). And some misclassification errors occurred in all three binary images where the land features were misclassified as the surface water features because of the shadow effects.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.4
• /
• pp.69-75
• /
• 2000

This paper proposes a network intrusion detection model which can detect the insertion and evasion attacks. These attacks can be prevented when some kind of information are available in the network intrusion detection system. We classified these information with three categories and used each category at setup phase and executing Phase. Within the proposed model, all necessary information which are related with networks and operating systems are maintained in the database and created as a table. This table is used during intrusion detection. The overheads of database and table may be simple in this model.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.229-231
• /
• 2001

최근들어 경제활동의 증가로 대부분의 성인들은 몇 장의 신용카드를 소지하고 있을 것이다. 이에 따른 신용카드의 도난 분실 사고는 카드사의 문제가 되고있다. 기존의 탐지 시스템은 도난신고 등의 일반적인 탐지와 갑작스런 사용 액수의 증가를 탐지하여 도난 분실 카드를 판별하였다. 이것은 소액의 부정거래탐지가 어렵다는 단점이 있다. 본 논문에서 제시하는 탐지 시스템은 outlier 기법을 사용하여 training set을 만들고 시간가중치와 거리기반 도표를 이용하여 도난 분실 카드를 탐지한다. 금액, 시간 도표에서 거래요구시간의 차를 계산하여 가중치를 주고 장소, 소비종류 도표에서는 training set에서 얻은 자료인 저녁 8시를 기준으로 소비종류의 배열을 바꾼다. 제안된 시스템은 소액의 부정거래 탐지에도 우수하고 이전의 시스템보다 정확함을 장점으로 한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.07a
• /
• pp.121-122
• /
• 2019

본 논문에서는 웹쉘을 탐지하기 위한 방법 중 하나로 슬라이딩윈도우 기반 머신러닝을 활용하는 방안을 제안하고자 한다. 웹 공격에 많이 활용되는 웹쉘의 탐지를 위하여 제안하는 슬라이딩윈도우 기반의 탐지 기법은 시간이 지남에 따라 발전해가는 웹쉘 탐지 우회 기술에 대응하여 보다 정확한 탐지를 제공하는 기술이며, 이를 기반으로 웹쉘의 다양한 변종 또한 탐지할 수 있다. 본제안의 경우 코드의 부분별 위험도를 측정 및 제공하여 보다 효과적으로 대응할 수 있을 것으로 전망된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.439-446
• /
• 2022

Document-type malicious codes are being actively distributed using attachments on websites or e-mails. Document-type malicious code is relatively easy to bypass security programs because the executable file is not executed directly. Therefore, document-type malicious code should be detected and prevented in advance. To detect document-type malicious code, we identified the document structure and selected keywords suspected of being malicious. We then created a dataset by converting the stream data in the document to ASCII code values. We specified the location of malicious keywords in the document stream data, and classified the stream as malicious by recognizing the adjacent information of the malicious keywords. As a result of detecting malicious codes by applying the CNN model, we derived accuracies of 0.97 and 0.92 in stream units and file units, respectively.