• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.2-4
• /
• 2023

Sequence data plays an important role in the field of intelligence, especially for industrial control, traffic control and other aspects. Finding abnormal parts in sequence data has long been an application field of AI technology. In this paper, we propose an anomaly detection method for sequence data using a diffusion model. The diffusion model has two major advantages: interpretability derived from rigorous mathematical derivation and unrestricted selection of backbone models. This method uses the diffusion model to predict and reconstruct the sequence data, and then detects the abnormal part by comparing with the real data. This paper successfully verifies the feasibility of the diffusion model in the field of anomaly detection. We use the combination of MLP and diffusion model to generate data and compare the generated data with real data to detect anomalous points.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.11
• /
• pp.449-456
• /
• 2021

An intrusion detection system is a technology that detects abnormal behaviors that violate security, and detects abnormal operations and prevents system attacks. Existing intrusion detection systems have been designed using statistical analysis or anomaly detection techniques for traffic patterns, but modern systems generate a variety of traffic different from existing systems due to rapidly growing technologies, so the existing methods have limitations. In order to overcome this limitation, study on intrusion detection methods applying various machine learning techniques is being actively conducted. In this study, a comparative study was conducted on data preprocessing techniques that can improve the accuracy of anomaly detection using NGIDS-DS (Next Generation IDS Database) generated by simulation equipment for traffic in various network environments. Padding and sliding window were used as data preprocessing, and an oversampling technique with Adversarial Auto-Encoder (AAE) was applied to solve the problem of imbalance between the normal data rate and the abnormal data rate. In addition, the performance improvement of detection accuracy was confirmed by using Skip-gram among the Word2Vec techniques that can extract feature vectors of preprocessed sequence data. PCA-SVM and GRU were used as models for comparative experiments, and the experimental results showed better performance when sliding window, skip-gram, AAE, and GRU were applied.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2003.09a
• /
• pp.224-227
• /
• 2003

The Intrsuion Detecion Systems(IDS) are required the accuracy, the adaptability, and the expansion in the information society to be changed quickly. Also, it is required the more structured, and intelligent IDS to protect the resource which is important and maintains a secret in the complicated network environment. The research has the purpose to build the model for the intelligent IDS, which creates the intrusion patterns. The intrusion pattern has extracted from the vast amount of data. To manage the large size of data accurately and efficiently, the link analysis and sequence analysis among the data mining techniqes are used to build the model creating the intrusion patterns. The model is consist of "Time based Traffic Model", "Host based Traffic Model", and "Content Model", which is produced the different intrusion patterns with each model. The model can be created the stable patterns efficiently. That is, we can build the intrusion detection model based on the intelligent systems. The rules prodeuced by the model become the rule to be represented the intrusion data, and classify the normal and abnormal users. The data to be used are KDD audit data.

• Journal of Communications and Networks
• /
• v.10 no.1
• /
• pp.89-97
• /
• 2008

Anomaly detection systems playa significant role in protection mechanism against attacks launched on a network. The greatest challenge in designing systems detecting anomalous exploits is defining what to measure. Effective yet simple, Shannon entropy metrics have been successfully used to detect specific types of malicious traffic in a number of commercially available IDS's. We believe that Renyi entropy measures can also adequately describe the characteristics of a network as a whole as well as detect abnormal traces in the observed traffic. In addition, Renyi entropy metrics might boost sensitivity of the methods when disambiguating certain anomalous patterns. In this paper we describe our efforts to understand how Renyi mutual information can be applied to anomaly detection as an offline computation. An initial analysis has been performed to determine how well fast spreading worms (Slammer, Code Red, and Welchia) can be detected using our technique. We use both synthetic and real data audits to illustrate the potentials of our method and provide a tentative explanation of the results.

• Proceedings of the KSR Conference
• /
• 2003.10c
• /
• pp.145-150
• /
• 2003

The national subway went under construction in 1971, and after three years of endeavor, Seoul subway line number one opened for traffic in 1974. Line number two went under construction in 1978 and it opened for traffic in 1984. With the use of safety operation for more than 20 years, the life cycle nearly came to an end. Therefore the improvements for the safety operation are unavoidable. The total system should not be affected when the new and conventional systems are overlapped, the system operation is in the initial stage, and it confronts the situation of abnormal operation. However, there is a total lack of experience in construction and improvement for the trains that are in the use of large transport and density headway. In this paper, we propose an improvement method of the subway signalling system using ATO (Automatic Train Operation control scheme) to which the latest Digital ATC is applied, and examine the first application model of ATO system.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.159-168
• /
• 2021

Detecting cyber-attacks using machine learning or deep learning is being studied and applied widely in network intrusion detection systems. We noticed that the application of deep learning algorithms yielded many good results. However, because each deep learning model has different architecture and characteristics with certain advantages and disadvantages, so those deep learning models are only suitable for specific datasets or features. In this paper, in order to optimize the process of detecting cyber-attacks, we propose the idea of building a new deep learning network model based on the association and combination of individual deep learning models. In particular, based on the architecture of 2 deep learning models: Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM), we combine them into a combined deep learning network for detecting cyber-attacks based on network traffic. The experimental results in Section IV.D have demonstrated that our proposal using the CNN-LSTM deep learning model for detecting cyber-attacks based on network traffic is completely correct because the results of this model are much better than some individual deep learning models on all measures.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.11
• /
• pp.1082-1089
• /
• 2012

Recent malicious attempts in Cyber space are intended to emerge national threats such as Suxnet as well as to get financial benefits through a large pool of comprised botnets. The evolved botnets use the Domain Name System(DNS) to communicate with the C&C server and zombies. DNS is one of the core and most important components of the Internet and DNS traffic are continually increased by the popular wireless Internet service. On the other hand, domain names are popular for malicious use. This paper studies on DNS-based cyber threats domain detection by data classification based on supervised learning. Furthermore, the developed cyber threats domain detection system using DNS traffic analysis provides collection, analysis, and normal/abnormal domain classification of huge amounts of DNS data.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.142-148
• /
• 2023

In Modern days, Self-driving for modern people is an absolute necessity for transportation and many other reasons. Additionally, after the outbreak of COVID-19, driving by oneself is preferred over other means of transportation for the prevention of infection. However, due to the constant exposure to stressful situations and chronic fatigue one experiences from the work or the traffic to and from it, modern drivers often drive under drowsiness which can lead to serious accidents and fatality. To address this problem, we propose a drowsy driving prevention learning model which detects a driver's state of drowsiness. Furthermore, a method to sound a warning message after drowsiness detection is also presented. This is to use MoveNet to quickly and accurately extract the keypoints of the body of the driver and Dense Neural Network(DNN) to train on real-time driving behaviors, which then immediately warns if an abnormal drowsy posture is detected. With this method, we expect reduction in traffic accident and enhancement in overall traffic safety.

• The Journal of the Acoustical Society of Korea
• /
• v.37 no.6
• /
• pp.469-474
• /
• 2018

As urban population increases, research on urban environmental noise is getting more attention. In this study, we classify the abnormal noise occurring in traffic situation by using a deep learning algorithm which shows high performance in recent environmental noise classification studies. Specifically, we classify the four classes of tire skidding sounds, car crash sounds, car horn sounds, and normal sounds using convolutional neural networks. In addition, we add three environmental noises, including rain, wind and crowd noises, to our training data so that the classification model is more robust in real traffic situation with environmental noises. Experimental results show that the proposed traffic sound classification model achieves better performance than the existing algorithms, particularly under harsh conditions with environmental noises.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1185-1188
• /
• 2005

비정상 행위에 대한 true/false 방식의 공격 탐지 및 대응방법은 높은 오탐지율(false-positive)을 나타내기 때문에 이를 대체할 새로운 공격 탐지방법과 공격 대응방법이 연구되고 있다. 대표적인 연구로는 트래픽 제어 기술을 이용한 단계적 대응방법으로, 이 기술은 비정상 트래픽에 대해 단계적으로 대응함으로써 공격의 오탐지로 인하여 정상 서비스를 이용하는 트래픽이 차단되지 않도록 하는 기술이다. 비정상 트래픽 중 포트스캔 공격은 네트워크 기반 공격을 위해 공격대상 호스트의 서비스 포트를 찾아내는 공격으로 이 공격을 탐지하기 위해서는 일정 시간동안 특정 호스트의 특정 포트에 보내지는 패킷 수를 모니터링 하여 임계치와 비교하는 방식의 true/false 방식의 공격 탐지방법이 주로 사용되었다. 비정상 트래픽 제어 프레임워크(Abnormal Traffic Control Framework)는 true/false 방식의 공격 탐지방법을 이용하여 공격이 탐지되었을 때, 처음에는 트래픽 제어로 대응하고 같은 공격이 재차 탐지되었을때, 차단하여 기존의 true-false 방식의 공격 탐지 및 대응방법이 가지는 높은 오탐지율을 낮춘다. 하지만 포트스캔 공격의 특성상, 공격이 탐지된 후 바로 차단하지 못하였을 경우, 이미 공격자가 원하는 모든 정보를 유출하게 되는 문제가 있다. 본 논문에서는 기존의 True/False 방식의 포트스캔 공격 탐지방법에 퍼지 로직 개념을 추가하여 공격 탐지의 정확성을 높이고 기존의 탐지방법을 이용하였을 때보다 신속한 트래픽 제어 및 차단을 할 수 있는 방법을 제안한다.