• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.3
• /
• pp.965-983
• /
• 2014

Concurrent behaviors of multithreaded programs cannot be described effectively by automata-based models. Thus, concurrent program intrusion attempts cannot be detected. To address this problem, we proposed the process algebra-based detection model for multithreaded programs (PADMP). We generate process expressions by static binary code analysis. We then add concurrency operators to process expressions and propose a model construction algorithm based on process algebra. We also present a definition of process equivalence and behavior detection rules. Experiments demonstrate that the proposed method can accurately detect errors in multithreaded programs and has linear space-time complexity. The proposed method provides effective support for concurrent behavior modeling and detection.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.7
• /
• pp.1867-1876
• /
• 1999

In this paper, we ropose formalized method to create detection rules for known intrusion method and the fuzzy Petri-net using fuzzy theory to cope with varied attack. On producing the detection module for using intrusion detection, we can add new found pattern. And also, we use system call logging for increasing correctness of detection.

• Proceedings of the IEEK Conference
• /
• 2000.06d
• /
• pp.159-162
• /
• 2000

Selecting locally optimum thresholds, based on optimizing a criterion composed of the area variation rate and the compactness of the segmented shape, is presented. The method is shown to have the shape-resolving property in the subtraction image, so that overlapped objects may be resolved into bright and dark evidences characterizing each object. As an application a vehicle detection algorithm robust to the operating conditions could be realized by applying simple merging rules to the geometrically correlated bright and dark evidences obtained by this local thresholding.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.586-589
• /
• 2015

A computer presentation system by using hand-motion identification rules is proposed. To identify hand motions of a presenter, a face region is extracted first using haar classifier. A motion status(patterns) and position of hands is discriminated using the center of gravities of user's face and hand after segmenting the hand area on the YCbCr color model. User's hand is applied to the motion detection rules and then presentation control command is then executed. The proposed system utilizes the motion identification rules without the use of additional equipment and it is then capable of controlling the presentation and does not depend on the complexity of the background. The proposed algorithm confirmed the stable control operation via the presentation of the experiment in the dark illumination range of indoor atmosphere (lx) 15-20-30.

• Journal of Intelligence and Information Systems
• /
• v.20 no.3
• /
• pp.93-108
• /
• 2014

To support business decision making, interests and efforts to analyze and use transaction data in different perspectives are increasing. Such efforts are not only limited to customer management or marketing, but also used for monitoring and detecting fraud transactions. Fraud transactions are evolving into various patterns by taking advantage of information technology. To reflect the evolution of fraud transactions, there are many efforts on fraud detection methods and advanced application systems in order to improve the accuracy and ease of fraud detection. As a case of fraud detection, this study aims to provide effective fraud detection methods for auction exception agricultural products in the largest Korean agricultural wholesale market. Auction exception products policy exists to complement auction-based trades in agricultural wholesale market. That is, most trades on agricultural products are performed by auction; however, specific products are assigned as auction exception products when total volumes of products are relatively small, the number of wholesalers is small, or there are difficulties for wholesalers to purchase the products. However, auction exception products policy makes several problems on fairness and transparency of transaction, which requires help of fraud detection. In this study, to generate fraud detection rules, real huge agricultural products trade transaction data from 2008 to 2010 in the market are analyzed, which increase more than 1 million transactions and 1 billion US dollar in transaction volume. Agricultural transaction data has unique characteristics such as frequent changes in supply volumes and turbulent time-dependent changes in price. Since this was the first trial to identify fraud transactions in this domain, there was no training data set for supervised learning. So, fraud detection rules are generated using outlier detection approach. We assume that outlier transactions have more possibility of fraud transactions than normal transactions. The outlier transactions are identified to compare daily average unit price, weekly average unit price, and quarterly average unit price of product items. Also quarterly averages unit price of product items of the specific wholesalers are used to identify outlier transactions. The reliability of generated fraud detection rules are confirmed by domain experts. To determine whether a transaction is fraudulent or not, normal distribution and normalized Z-value concept are applied. That is, a unit price of a transaction is transformed to Z-value to calculate the occurrence probability when we approximate the distribution of unit prices to normal distribution. The modified Z-value of the unit price in the transaction is used rather than using the original Z-value of it. The reason is that in the case of auction exception agricultural products, Z-values are influenced by outlier fraud transactions themselves because the number of wholesalers is small. The modified Z-values are called Self-Eliminated Z-scores because they are calculated excluding the unit price of the specific transaction which is subject to check whether it is fraud transaction or not. To show the usefulness of the proposed approach, a prototype of fraud transaction detection system is developed using Delphi. The system consists of five main menus and related submenus. First functionalities of the system is to import transaction databases. Next important functions are to set up fraud detection parameters. By changing fraud detection parameters, system users can control the number of potential fraud transactions. Execution functions provide fraud detection results which are found based on fraud detection parameters. The potential fraud transactions can be viewed on screen or exported as files. The study is an initial trial to identify fraud transactions in Auction Exception Agricultural Products. There are still many remained research topics of the issue. First, the scope of analysis data was limited due to the availability of data. It is necessary to include more data on transactions, wholesalers, and producers to detect fraud transactions more accurately. Next, we need to extend the scope of fraud transaction detection to fishery products. Also there are many possibilities to apply different data mining techniques for fraud detection. For example, time series approach is a potential technique to apply the problem. Even though outlier transactions are detected based on unit prices of transactions, however it is possible to derive fraud detection rules based on transaction volumes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.99-106
• /
• 2003

Intrusions pose a serious security risk in a network environment. For detecting the intrusion effectively, many researches have developed data mining framework for constructing intrusion detection modules. Traditional anomaly detection techniques focus on detecting anomalies in new data after training on normal data. To detect anomalous behavior, Precise normal Pattern is necessary. This training data is typically expensive to produce. For this, the understanding of the characteristics of data on network is inevitable. In this paper, we propose to use clustering and association rules as the basis for guiding anomaly detection. For applying entropy to filter noisy data, we present a technique for detecting anomalies without training on normal data. We present dynamic transaction for generating more effectively detection patterns.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.8
• /
• pp.3946-3965
• /
• 2018

Network anomaly detection in Software Defined Networking, especially the detection of DDoS attack, has been given great attention in recent years. It is convenient to build the Traffic Matrix from a global view in SDN. However, the monitoring and management of high-volume feature-rich traffic in large networks brings significant challenges. In this paper, we propose a moving window Principal Components Analysis based anomaly detection and mitigation approach to map data onto a low-dimensional subspace and keep monitoring the network state in real-time. Once the anomaly is detected, the controller will install the defense flow table rules onto the corresponding data plane switches to mitigate the attack. Furthermore, we evaluate our approach with experiments. The Receiver Operating Characteristic curves show that our approach performs well in both detection probability and false alarm probability compared with the entropy-based approach. In addition, the mitigation effect is impressive that our approach can prevent most of the attacking traffic. At last, we evaluate the overhead of the system, including the detection delay and utilization of CPU, which is not excessive. Our anomaly detection approach is lightweight and effective.

• Fire Science and Engineering
• /
• v.18 no.4
• /
• pp.42-51
• /
• 2004

This paper presents a study on the analysis of fire detection system using fuzzy logic with input variables of temperature and smoke density. The input variables for the fuzzy logic algorithm are measured by fire experiment of small scale with temperature detector and smoke detector. The antecedent part of fuzzy rules consists of temperature and smoke density, and the consequent part consists of fire possibility. Also the triangular fuzzy membership function is chosen for input variables and fuzzy rules to simplify computation. In order to calculate fuzzy values of such fuzzy system, a computer program is developed with Matlab based on graphics user interface. The experiment was conducted with paper and ethanol to simulate flaming fire and with plastic and sawdust to model smoldering fire. The results showed that the fire detection system presented here was able to diagnose fire very precisely. With the help of algorithms using fuzzy logic we could distinguish whether fire or not.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.121-129
• /
• 2008

This paper presents vulnerability identification method based on meaning which is making use of the concept of atomic vulnerability. Also, we are making use of decomposition and specialization processes which were used in DEVS/SES to get identifiers. This vulnerability representation method is useful for managing and removing vulnerability in organized way. It is helpful to make a relation between vulnerability assessing and intrusion detection rules in lower level. The relation enables security manager to response more quickly and conveniently. Especially, this paper shows a mapping between Nessus plugins and Snort rules using meaning based vulnerability identification method and lists usages based on three goals that security officer keeps in mind about vulnerability. The contribution of this work is in suggestion of meaning based vulnerability identification method and showing the cases of its usage for the rule integration of vulnerability assessment and intrusion detection.

• Fire Protection Technology
• /
• s.17
• /
• pp.24-32
• /
• 1994

This article introduces the transition of SOLAS (The International Convention for the Safety of Life Sea) safety regulations for fire protection, fire detection and fire extinction in ships. And also the regulations and the related IMO fire test rules applied to products such as fire sep-arate walls and non-combustible materials for interior to prevent fire spread on the ship fire are summarized.