• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.05a
• /
• pp.619-622
• /
• 2002

IDS has been studied mainly in the field of the detection derision and collecting of audit data. The detection decision should decide whether successive behaviors are intrusions or not , the collecting of audit data needs ability that collects precisely data for intrusion decision. Artificial methods such as rule based system and neural network are recently introduced in order to solve this problem. However, these methods have simple host structures and defects that can't detect transformed intrusion patterns. So, we propose the method using data mining agent that can retrieve and estimate the patterns and retrieval of user's behavior in the distributed different hosts.

• Transactions of the Korean Society of Machine Tool Engineers
• /
• v.17 no.4
• /
• pp.15-21
• /
• 2008

Secondary electron detectors used in scanning electron microscope accept secondary electrons emitted from the specimen and convert them to an electrical signal that, after amplification, is used to modulate the gray-level intensities on a cathode ray tube, producing an image of the specimen. In order to acquire images with good qualities, as many secondary electrons as possible should be reached to the detector. To realize this it is very important to select an appropriate mounting position and angle of the detector inside the chamber of scanning electron microscope. In this paper, a number of numerical simulations are performed to explore the relationships between detection rates of secondary electrons and the values of some parameters, such as distances between the detector and sample, relative mounting positions of scintillator positioned inside the detector with respect to detector cover, two types of mounting angles of the detector. The relationships between detection rates and applied voltages to corona ring and faraday cage, and energies of secondary electrons are investigated as well.

• Journal of IKEEE
• /
• v.14 no.4
• /
• pp.291-296
• /
• 2010

This paper handles, pitching and rolling posture change detection using the visual image changes due to the road slope conditions. When the moving vehicle is slanted to a direction, the objects in the visual images of the vehicle are moving to up or down and right or left. This is similar to the human's balancing behavior depending on the visual image change detection as well as the vestibular organs and semicircular canal in the ear. The proposes method shows the visual image through the camera can be used for the image information itself and for the posture change detection through the experiments.

• Computers and Concrete
• /
• v.13 no.2
• /
• pp.209-220
• /
• 2014

Vibration based damage detection is very popular in the civil engineering area. Especially, special structures like dams, long-span bridges and high-rise buildings, need continues monitoring in terms of mechanical properties of material, static and dynamic behavior. It has been stated in the International Commission on Large Dams that more than half of the large concrete dams were constructed more than 50 years ago and the old dams have subjected to repeating loads such as earthquake, overflow, blast, etc.,. So, some unexpected failures may occur and catastrophic damages may be taken place because of theloss of strength, stiffness and other physical properties of concrete. Therefore, these dams need repairs provided with global damage evaluation in order to preserve structural integrity. The paper aims to show the effectiveness of the model updating method for global damage detection on a laboratory arch dam model. Ambient vibration test is used in order to determine the experimental dynamic characteristics. The initial finite element model is updated according to the experimentally determined natural frequencies and mode shapes. The web thickness is selected as updating parameter in the damage evaluation. It is observed from the study that the damage case is revealed with high accuracy and a good match is attained between the estimated and the real damage cases by model updating method.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.851-865
• /
• 2021

Enterprise networks in the PyeongChang Winter Olympics were hacked in February 2018. According to a domestic security company's analysis report, attackers destroyed approximately 300 hosts with the aim of interfering with the Olympics. Enterprise have no choice but to rely on digital vaccines since it is overwhelming to analyze all programs executed in the host used by ordinary users. However, traditional vaccines cannot protect the host against variant or new malware because they cannot detect intrusions without signatures for malwares. To overcome this limitation of signature-based detection, there has been much research conducted on the behavior analysis of malwares. However, since most of them rely on a sandbox where only analysis target program is running, we cannot detect malwares intruding the host where many normal programs are running. Therefore, this study proposes a method to detect malware variants in the host through logs rather than the sandbox. The proposed method extracts common behaviors from variants group and finds characteristic behaviors optimized for querying. Through experimentation on 1,584,363 logs, generated by executing 6,430 malware samples, we prove that there exist the common behaviors that variants share and we demonstrate that these behaviors can be used to detect variants.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.321-330
• /
• 2019

Prevention of corporate confidentiality leakage by insiders in enterprises is an essential task for the survival of enterprises. In order to prevent information leakage by insiders, companies have adopted security solutions, but there is a limit to effectively detect abnormal behavior of insiders with access privileges. In this study, we use the Unsupervised Learning algorithm of the machine learning technique to effectively and efficiently cluster the normal and abnormal access logs of the worker's work screen in the manufacturing information system, which includes the company's product manufacturing history and quality information. We propose an optimal feature selection model for anomaly detection by studying clustering methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.13-22
• /
• 2005

To improve the anomaly IDS using system calls, this study focuses on Neural Networks Learning using the Soundex algorithm which is designed to change feature selection and variable length data into a fixed length learning pattern. That is, by changing variable length sequential system call data into a fixed length behavior pattern using the Soundex algorithm, this study conducted neural networks learning by using a backpropagation algorithm with fuzzy membership function. The back-propagation neural networks and Neuro-Fuzzy technique are applied for anomaly intrusion detection of system calls using Sendmail Data of UNM to demonstrate its aspect of he complexity of time, space and MDL performance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.12
• /
• pp.4909-4926
• /
• 2020

Cyberattacks penetrate the server and perform various malicious acts such as stealing confidential information, destroying systems, and exposing personal information. To achieve this, attackers perform various malicious actions by infecting endpoints and accessing the internal network. However, the current countermeasures are only anti-viruses that operate in a signature or pattern manner, allowing initial unknown attacks. Endpoint Detection and Response (EDR) technology is focused on providing visibility, and strong countermeasures are lacking. If you fail to respond to the initial attack, it is difficult to respond additionally because malicious behavior like Advanced Persistent Threat (APT) attack does not occur immediately, but occurs over a long period of time. In this paper, we propose a technique that detects an unknown attack using an event log without prior knowledge, although the initial response failed with anti-virus. The proposed technology uses a combination of AutoEncoder and 1D CNN (1-Dimention Convolutional Neural Network) based on semi-supervised learning. The experiment trained a dataset collected over a month in a real-world commercial endpoint environment, and tested the data collected over the next month. As a result of the experiment, 37 unknown attacks were detected in the event log collected for one month in the actual commercial endpoint environment, and 26 of them were verified as malicious through VirusTotal (VT). In the future, it is expected that the proposed model will be applied to EDR technology to form a secure endpoint environment and reduce time and labor costs to effectively detect unknown attacks.

• Journal of Surface Science and Engineering
• /
• v.55 no.3
• /
• pp.156-163
• /
• 2022

An ammonium ion with a size and charge similar to that of potassium can bind to valinomycin, which is used as an ion carrier for potassium, and cause a meaningful interference effect on the detection of potassium ions. Currently, there are few ion sensors that correct the interference effect of ammonium ions, and there are few studies that specifically suggest the mechanism of the interference effect. By fabricating a SPCE-based potassium ion-selective electrode, the electromotive force was measured in the concentration range of potassium in the nutrient solution, and the linear range was measured to be 10^-5 to 10^-2 M, and the detection limit was 10^-5.19 M. And the interference phenomenon of the potassium sensor was investigated in the concentration range of ammonium ions present in the nutrient solution. Therefore, a data-based analysis strategy using deep learning was presented as a method to minimize the interference effect.

• ETRI Journal
• /
• v.44 no.2
• /
• pp.183-193
• /
• 2022

Smart cities are expected to provide residents with convenience via various agents such as CCTV, delivery robots, security robots, and unmanned shuttles. Environmental data collected by various agents can be used for various purposes, including advertising and security monitoring. This study suggests a surveillance map data framework for efficient and integrated multimodal data representation from multi-agents. The suggested surveillance map is a multilayered global information grid, which is integrated from the multimodal data of each agent. To confirm this, we collected surveillance map data for 4 months, and the behavior patterns of humans and vehicles, distribution changes of elevation, and temperature were analyzed. Moreover, we represent an anomaly detection algorithm based on a surveillance map for security service. A two-stage anomaly detection algorithm for unusual situations was developed. With this, abnormal situations such as unusual crowds and pedestrians, vehicle movement, unusual objects, and temperature change were detected. Because the surveillance map enables efficient and integrated processing of large multimodal data from a multi-agent, the suggested data framework can be used for various applications in the smart city.