• Journal of Intelligence and Information Systems
• /
• v.6 no.2
• /
• pp.15-27
• /
• 2000

The paper proposes a hybrid fire fighting control intelligent system(H-FFIS) using rules and cases to detect fire in Integrated Platform Management System. By far most conventional systems have been based on rule-based system in which expert knowledges are expressed with production rules. It is hard to express the knowledges to detect fire with production rules only. The knowledges of fire detection are often based on previously encountered situations of fires. For improvement of system capability renewing and adding of rules is needed in an already build-up system and such adding and renewing procedures could hinder users from fluent utilization of the system. We design and implement H-FFIS. Compared with rule-based FFIS(Fire Fighting control Intelligent System), H-FFIS extended with case-based reasoning shows that the system proposed here can lead to an improvement in fire detection rate.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.57-69
• /
• 2011

Many heterogeneous Intrusion Detection Systems(IDSs) based in misuse detection technique including the self-developed IDS are now operating in Defense-ESM(Enterprise Security Management System). IDS based on misuse detection may have different capability in the intrusion detection process according to the frequency and quality of its signature update. This makes the integration and collaboration with other IDSs more difficult. In this paper, with the purpose of creating the proper foundation for integration and collaboration between heterogeneous IDSs being operated in Defense-ESM, we propose an effective mechanism that can enable one IDS to propagate its new detection rules to other IDSs and receive updated rules from others. We also prove the performance of rule exchange and application possibility to defense environment through the implementation and experiment.

• Journal of Communications and Networks
• /
• v.12 no.4
• /
• pp.375-381
• /
• 2010

A flooding attack, such as DoS or Worm, can be easily created or even downloaded from the Internet, thus, it is one of the main threats to servers on the Internet. This paper presents an online real-time network response system, which can determine whether a LAN is suffering from a flooding attack within a very short time unit. The detection engine of the system is based on the incremental mining of fuzzy association rules from network packets, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The incremental mining approach makes the system suitable for detecting, and thus, responding to an attack in real-time. This system is evaluated by 47 flooding attacks, only one of which is missed, with no false positives occurring. The proposed online system belongs to anomaly detection, not misuse detection. Moreover, a mechanism for dynamic firewall updating is embedded in the proposed system for the function of eliminating suspicious connections when necessary.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.20 no.1
• /
• pp.109-118
• /
• 2024

Recently, a social issue has arisen involving RDDoS attacks following the sending of threatening emails to security administrators of companies and institutions. According to a report published by the Korea Internet & Security Agency and the Ministry of Science and ICT, survey results indicate that DDoS attacks are increasing. However, the top response in the survey highlighted the difficulty in countering DDoS attacks due to issues related to security personnel and costs. In responding to DDoS attacks, administrators typically detect anomalies through traffic monitoring, utilizing security equipment and programs to identify and block attacks. They also respond by employing DDoS mitigation solutions offered by external security firms. However, a challenge arises from the initial failure in early response to DDoS attacks, leading to frequent use of detection and mitigation measures. This issue, compounded by increased costs, poses a problem in effectively countering DDoS attacks. In this paper, we propose a system that creates detection rules, periodically collects traffic using mail detection and IDS, notifies administrators when rules match, and Based on predefined threshold, we use IPS to block traffic or DDoS mitigation. In the absence of DDoS mitigation, the system sends urgent notifications to administrators and suggests that you apply for and use of a cyber shelter or DDoS mitigation. Based on this, the implementation showed that network traffic was reduced from 400 Mbps to 100 Mbps, enabling DDoS response. Additionally, due to the time and expense involved in modifying detection and blocking rules, it is anticipated that future research could address cost-saving through reduced usage of DDoS mitigation by utilizing artificial intelligence for rule creation and modification, or by generating rules in new ways.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.1
• /
• pp.123-131
• /
• 2011

In this paper, modeling and design of a distributed detection system are considered for an active sonar sensor network. The sensor network has a parallel configuration and it consists of a fusion center and a set of receiver nodes. A system with two receiver nodes is considered to investigate a theoretical aspect of design. To be specific, AND rule and OR rule are considered as the fusion rules of the sensor network. For the fusion rules, it is shown that a threshold rule of each sensor node has uniformly most powerful properties. Optimum threshold for each sensor is obtained that maximizes the probability of detection given probability of false alarm. Numerical experiments were also performed to investigate the detection characteristics of a distributed detection system with multiple sensor nodes. The experimental results show how signal strength, false alarm probability, and the distance between nodes in a sensor field affect the system detection performances.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.58 no.12
• /
• pp.2520-2528
• /
• 2009

In this paper, we proposed tracking detection methodology using information granulation-based fuzzy radial basis function neural networks (IG-FRBFNN). According to IEC 60112, tracking device is manufactured and utilized for experiment. We consider 12 features that can be used to decide whether tracking phenomenon happened or not. These features are considered by signal processing methods such as filtering, Fast Fourier Transform(FFT) and Wavelet. Such some effective features are used as the inputs of the IG-FRBFNN, the tracking phenomenon is confirmed by using the IG-FRBFNN. The learning of the premise and the consequent part of rules in the IG-FRBFNN is carried out by Fuzzy C-Means (FCM) clustering algorithm and weighted least squares method (WLSE), respectively. Also, Hierarchical Fair Competition-based Parallel Genetic Algorithm (HFC-PGA) is exploited to optimize the IG-FRBFNN. Effective features to be selected and the number of fuzzy rules, the order of polynomial of fuzzy rules, the fuzzification coefficient used in FCM are optimized by the HFC-PGA. Tracking inference engine is implemented by using the LabVIEW and loaded into embedded system. We show the superb performance and feasibility of the tracking detection system through some experiments.

• Proceedings of the KIEE Conference
• /
• 1997.07c
• /
• pp.1006-1008
• /
• 1997

This paper presents the logic based High Impedance Fault(HIF) detection rules for distribution lines. Due to the characteristics of HIF, which shows low current on relaying points, it is difficult to detect the fault occurred in distribution line by the conventional overcurrent relay(OCR) and/or harmonics relay. The HIF data were generated by using TACS in EMTP. In this paper, The harmonic index is defined as the ratio of harmonic component to fundamental component. The proposed HIF detection rules are obtained by analysing the difference between normal condition and HIF condition.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.

• Journal of information and communication convergence engineering
• /
• v.19 no.3
• /
• pp.142-147
• /
• 2021

In this paper, we propose an intelligent research fund management system that applies artificial intelligence technology to an integrated research fund management system. By defining research fund management rules as work rules, a detection model learned using deep learning is designed, through which the disapproval status is presented for each research fund usage history. The disapproval detection system of the RCMS implemented in this study predicts whether the newly registered usage details are recognized or disapproved using an artificial intelligence model designed based on the use of an 8.87 million research fund registered in the RCMS. In addition, the item-detail recommendation system described herein presents the usage details according to the usage history item newly registered by the artificial intelligence model through a correlation between the research cost usage details and the item itself. The accuracy of the recommendation was shown to be 97.21%.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.1007-1014
• /
• 2005

A generation of rules or patterns for detecting attacks from network is very difficult. Detection rules and patterns are usually generated by Expert's experiences that consume many man-power, management expense, time and so on. This paper proposes statistical methods that effectively detect intrusion and attacks without expert's experiences. The methods are to select useful measures in measures of network connection(session) and to detect attacks. We extracted the network session data of normal and each attack, and selected useful measures for detecting attacks using relative entropy. And we made probability patterns, and detected attacks using likelihood ratio testing. The detecting method controled detection rate and false positive rate using threshold. We evaluated the performance of the proposed method using KDD CUP 99 Data set. This paper shows the results that are to compare the proposed method and detection rules of decision tree algorithm. So we can know that the proposed methods are useful for detecting Intrusion and attacks.