• Journal of Korea Water Resources Association
• /
• v.51 no.8
• /
• pp.703-711
• /
• 2018

Water distribution system (WDS) pipe bursts are caused from excessive pressure, pipe aging, and ground shift from temperature change and earthquake. Prompt detection of and response to the failure event help prevent large-scale service interruption and catastrophic sinkhole generation. To that end, this study proposes a improved Western Electric Company (WECO) method to improve the detection effectiveness and efficiency of the original WECO method. The original WECO method is an univariate Statistical Process Control (SPC) technique used for identifying any non-random patterns in system output data. The improved WECO method multiples a threshold modifier (w) to each threshold of WECO sub-rules in order to control the sensitivity of anomaly detection in a water distribution network of interest. The Austin network was used to demonstrated the proposed method in which normal random and abnormal pipe flow data were generated. The best w value was identified from a sensitivity analysis, and the impact of measurement frequency (dt = 5, 10, 15 min etc.) was also investigated. The proposed method was compared to the original WECO method with respect to detection probability, false alarm rate, and averaged detection time. Finally, this study provides a set of guidelines on the use of the WECO method for real-life WDS pipe burst detection.

• Journal of Satellite, Information and Communications
• /
• v.11 no.3
• /
• pp.51-57
• /
• 2016

Many kinds of telemetry should be monitored to check the state of spacecraft and it leads the time consumption. However, it is very important to define the status of satellite in short time because the contact number and time of low earth orbit satellite is limited. Also, on-board fault management should be prepared for non-contact operation because of the sever space environment. In this paper, on-board and ground autonomous operation method for the safety enhancement is described. Immediate fault detection and response is possible in ground by explicit anomaly detection through satellite event and error information. Also, satellite operation assistant system is proposed for ground autonomy that collect event sequence in accordance with related telemetry and recommend or execute an appropriate action for abnormal state. Critical parameter monitoring method with checking rate, mode and threshold is developed for on-board autonomous fault management. If the value exceeds the limit, pre-defined command sequence is executed.

• Journal of The Korean Astronomical Society
• /
• v.51 no.6
• /
• pp.197-206
• /
• 2018

We present the analysis of KMT-2016-BLG-0212, a low flux-variation ($I_{flux-var}{\sim}20mag$) microlensing event, which is in a high-cadence (${\Gamma}=4hr^{-1}$) field of the three-telescope Korea Microlensing Telescope Network (KMTNet) survey. The event shows a short anomaly that is incompletely covered due to the brief visibility intervals that characterize the early microlensing season when the anomaly occurred. We show that the data are consistent with two classes of solutions, characterized respectively by low-mass brown-dwarf (q = 0.037) and sub-Neptune (q < $10^{-4}$) companions. Future high-resolution imaging should easily distinguish between these solutions.

• Proceedings of the Korean Society for Cognitive Science Conference
• /
• 2000.05a
• /
• pp.61-67
• /
• 2000

본고는 텍스트로 제시된 한국어 문장의 형태통사론적 오류와 의미적 논항결합시 하위범주화요건을 위배하는 논항선택 오류의 인식 및 판단에 따른 ERP(Event-Related Potential)를 검출하여, 이에 대한 문장이해과정의 시간추이적 양상을 연구의 대상으로 하였다. 참여한 피험자로부터 각각의 유형에 대한 통계분석 결과, 통사적 오류 추출에서 의미적 오류 추출에 이르기까지 기존의 연구에서 제시된 오류패턴 요소들(ELAN, N400, P600)을 확인하였으며, 아울러 한국어 문장이해과정의 특이성을 관찰할 수 있었다. 이를 통해 문장묵독시 일어나는 여러 종류의 문법오류에 대한 개별적 성격규명과 함께, 이들의 문법틀 내에서의 상호관계에 대한 일련의 가설설정이 이루어질 수 있으며, 또한 문장이해 메커니즘의 신경적 기전의 특성 규명으로 부수될 인간지능 모사가능성에 생리학적 토대가 더해 질 것으로 추정되는 바, 언어이해와 대뇌기전지형을 결정짓는 또 다른 규준이 될 것이다.

• Proceedings of the Korean Information Science Society Conference
• /
• 1999.10c
• /
• pp.306-308
• /
• 1999

사회분야 전반이 전산화되면서 전산시스템에 대한 효과적인 침입방지와 탐지가 중요한 문제로 대두되었다. 침입행위도 정상사용행위와 마찬가지로 전산시스템 서비스를 사용하므로 호출된 서비스의 순서로 나타난다. 본 논문에서는 정상사용행위에 대한 서비스 호출순서를 모델링 한 후 사용자의 사용패턴을 정상행위와 비교해서 비정상행위(anomaly)를 탐지하는 접근방식을 사용한다. 정상 행위 모델링에는 순서정보를 통계적으로 모델링하고 펴가하는데 널리 쓰이고 있는 HMM(Hidden Markov Model)을 사용하였다. Sun사의 BSM 모듈로 얻어진 3명 사용자의 사용로그에 대하여 본 시스템을 적용한 결과, 학습되지 않은 u2r 침입에 대해 2.95%의 false-positive 오류에서 100%의 탐지율을 보여주었다.

• Journal of Information Technology Applications and Management
• /
• v.29 no.5
• /
• pp.27-37
• /
• 2022

This study intends to link agricultural machine history data with related organizations or collect them through IoT sensors, receive input from agricultural machine users and managers, and analyze them through AI algorithms. Through this, the goal is to track and manage the history data throughout all stages of production, purchase, operation, and disposal of agricultural machinery. First, LSTM (Long Short-Term Memory) is used to estimate oil consumption and recommend maintenance from historical data of agricultural machines such as tractors and combines, and C-LSTM (Convolution Long Short-Term Memory) is used to diagnose and determine failures. Memory) to build a deep learning algorithm. Second, in order to collect historical data of agricultural machinery, IoT sensors including GPS module, gyro sensor, acceleration sensor, and temperature and humidity sensor are attached to agricultural machinery to automatically collect data. Third, event-type data such as agricultural machine production, purchase, and disposal are automatically collected from related organizations to design an interface that can integrate the entire life cycle history data and collect data through this.

• Journal of KIISE:Information Networking
• /
• v.36 no.3
• /
• pp.173-183
• /
• 2009

We present a real-time monitoring system for detecting anomalous network events using the entropy. The entropy accounts for the effects of disorder in the system. When an abnormal factor arises to agitate the current system the entropy must show an abrupt change. In this paper we deliberately model the Internet to measure the entropy. Packets flowing between these two networks may incur to sustain the current value. In the proposed system we keep track of the value of entropy in time to pinpoint the sudden changes in the value. The time-series data of entropy are transformed into the two-dimensional domains to help visually inspect the activities on the network. We examine the system using network traffic traces containing notorious worms and DoS attacks on the testbed. Furthermore, we compare our proposed system of time series forecasting method, such as EWMA, holt-winters, and PCA in terms of sensitive. The result suggests that our approach be able to detect anomalies with the fairly high accuracy. Our contributions are two folds: (1) highly sensitive detection of anomalies and (2) visualization of network activities to alert anomalies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1887-1898
• /
• 2018

In this paper, a method to classify insider threat activity is introduced. The internal threats help detecting anomalous activity in the procedure performed by the user in an organization. When an anomalous value deviating from the overall behavior is displayed, we consider it as an inside threat for classification as an inside intimidator. To solve the situation, Markov Chain Model is employed. The Markov Chain Model shows the next state value through an arbitrary variable affected by the previous event. Similarly, the current activity can also be predicted based on the previous activity for the insider threat activity. A method was studied where the change items for such state are defined by a transition probability, and classified as detection of anomaly of the inside threat through values for a probability variable. We use the properties of the Markov chains to list the behavior of the user over time and to classify which state they belong to. Sequential data sets were generated according to the influence of n occurrences of Markov attribute and classified by machine learning algorithm. In the experiment, only 15% of the Cert: insider threat dataset was applied, and the result was 97% accuracy except for NaiveBayes. As a result of our research, it was confirmed that the Markov Chain Model can classify insider threats and can be fully utilized for user behavior classification.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.5
• /
• pp.303-314
• /
• 2018

In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.25-38
• /
• 2017

Many security threats are occurring around the world due to the characteristics of industrial control systems that can cause serious damage in the event of a security incident including major national infrastructure. Therefore, the industrial control system network traffic should be analyzed so that it can identify the attack in advance or perform incident response after the accident. In this paper, we research the visualization technique as network forensics to enable reasonable suspicion of all possible attacks on DNP3 control system protocol, and define normal action based rules and derive visualization requirements. As a result, we developed a visualization tool that can detect sudden network traffic changes such as DDoS and attacks that contain anormal behavior from captured packet files on industrial control system network. The suspicious behavior in the industrial control system network can be found using visualization tool with Digital Bond packet.