• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.27-35
• /
• 2021

With the development of the Internet, various IT technologies such as IoT, Cloud, etc. have been developed, and various systems have been built in countries and companies. Because these systems generate and share vast amounts of data, they needed a variety of systems that could detect threats to protect the critical data contained in the system, which has been actively studied to date. Typical techniques include anomaly detection and misuse detection, and these techniques detect threats that are known or exhibit behavior different from normal. However, as IT technology advances, so do technologies that threaten systems, and these methods of detection. Advanced Persistent Threat (APT) attacks national or companies systems to steal important information and perform attacks such as system down. These threats apply previously unknown malware and attack technologies. Therefore, in this paper, we propose a hybrid intrusion detection system that combines anomaly detection and misuse detection to detect unknown threats. Two detection techniques have been applied to enable the detection of known and unknown threats, and by applying machine learning, more accurate threat detection is possible. In misuse detection, we applied Classification based on Association Rule(CBA) to generate rules for known threats, and in anomaly detection, we used One-Class SVM(OCSVM) to detect unknown threats. Experiments show that unknown threat detection accuracy is about 94%, and we confirm that unknown threats can be detected.

• Nuclear Engineering and Technology
• /
• v.51 no.3
• /
• pp.692-701
• /
• 2019

Recently, instrumentation and control (I&C) systems in nuclear power plants have undergone digitalization. Owing to the unique characteristics of digital I&C systems, the reliability analysis of digital systems has become an important element of probabilistic safety assessment (PSA). In a reliability analysis of digital systems, fault-tolerant techniques and their effectiveness must be considered. A fault injection experiment was performed on a safety-critical digital I&C system developed for nuclear power plants to evaluate the effectiveness of fault-tolerant techniques implemented in the target system. A software-implemented fault injection in which faults were injected into the memory area was used based on the assumption that all faults in the target system will be reflected in the faults in the memory. To reduce the number of required fault injection experiments, the memory assigned to the target software was analyzed. In addition, to observe the effect of the fault detection coverage of fault-tolerant techniques, a PSA model was developed. The analysis of the experimental result also can be used to identify weak points of fault-tolerant techniques for capability improvement of fault-tolerant techniques

• Nuclear Engineering and Technology
• /
• v.44 no.4
• /
• pp.421-428
• /
• 2012

Analog instrument and control systems in nuclear power plants have recently been replaced with digital systems for safer and more efficient operation. Digital instrument and control systems have adopted various fault-tolerant techniques that help the system correctly and safely perform the specific required functions regardless of the presence of faults. Each fault-tolerant technique has a different inspection period, from real-time monitoring to monthly testing. The range covered by each faulttolerant technique is also different. The digital instrument and control system, therefore, adopts multiple barriers consisting of various fault-tolerant techniques to increase the total fault detection coverage. Even though these fault-tolerant techniques are adopted to ensure and improve the safety of a system, their effects on the system safety have not yet been properly considered in most probabilistic safety analysis models. Therefore, it is necessary to develop an evaluation method that can describe these features of digital instrument and control systems. Several issues must be considered in the fault coverage estimation of a digital instrument and control system, and two of these are addressed in this work. The first is to quantify the fault coverage of each fault-tolerant technique implemented in the system, and the second is to exclude the duplicated effect of fault-tolerant techniques implemented simultaneously at each level of the system's hierarchy, as a fault occurring in a system might be detected by one or more fault-tolerant techniques. For this work, a fault injection experiment was used to obtain the exact relations between faults and multiple barriers of faulttolerant techniques. This experiment was applied to a bistable processor of a reactor protection system.

• Smart Structures and Systems
• /
• v.29 no.1
• /
• pp.77-91
• /
• 2022

Various monitoring systems have been implemented in civil infrastructure to ensure structural safety and integrity. In long-term monitoring, these systems generate a large amount of data, where anomalies are not unusual and can pose unique challenges for structural health monitoring applications, such as system identification and damage detection. Therefore, developing efficient techniques is quite essential to recognize the anomalies in monitoring data. In this study, several machine learning techniques are explored and implemented to detect and classify various types of data anomalies. A field dataset, which consists of one month long acceleration data obtained from a long-span cable-stayed bridge in China, is employed to examine the machine learning techniques for automated data anomaly detection. These techniques include the statistic-based pattern recognition network, spectrogram-based convolutional neural network, image-based time history convolutional neural network, image-based time-frequency hybrid convolution neural network (GoogLeNet), and proposed ensemble neural network model. The ensemble model deliberately combines different machine learning models to enhance anomaly classification performance. The results show that all these techniques can successfully detect and classify six types of data anomalies (i.e., missing, minor, outlier, square, trend, drift). Moreover, both image-based time history convolutional neural network and GoogLeNet are further investigated for the capability of autonomous online anomaly classification and found to effectively classify anomalies with decent performance. As seen in comparison with accuracy, the proposed ensemble neural network model outperforms the other three machine learning techniques. This study also evaluates the proposed ensemble neural network model to a blind test dataset. As found in the results, this ensemble model is effective for data anomaly detection and applicable for the signal characteristics changing over time.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.4
• /
• pp.81-90
• /
• 2014

As mobile devices have become widely used and developed, PC based malwares can be moving towards mobile-based units. In particular, mobile Botnet reuses powerful malicious behavior of PC-based Botnet or add new malicious techniques. Different from existing PC-based Botnet detection schemes, mobile Botnet detection schemes are generally host-based. It is because mobile Botnet has various attack vectors and it is difficult to inspect all the attack vector at the same time. In this paper, to overcome limitations of host-based scheme, we compare two network-based schemes which detect mobile Botnet by applying HMM and SVM techniques. Through the verification analysis under real Botnet attacks, we present detection rates and detection properties of two schemes.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.4
• /
• pp.43-52
• /
• 2011

With the rapid development of technology, skyscrapers are widely spread and they are tightly coupled. If fire occurs in a building, it is easily spread to neighboring buildings, resulting in the large number of victims and property damages. To remove fire disasters, the need for early fire detection techniques is increasing. To detect fire, detecting devices for heat, smoke, and flame have been used widely. However, this paper surveys and presents the latest research which focuses on early smoke and flame detection algorithms and systems with camera's input images. In addition, this paper implements and evaluates the performance of these flame and smoke detection algorithms with several types of movies.

• Journal of the Korean Solar Energy Society
• /
• v.33 no.4
• /
• pp.89-93
• /
• 2013

In recent years, many investigations about photovoltaic power systems have been significantly carried out in the fields of renewable power energy. Such research area generally includes developments of highly efficient solar cells, advanced power conversion systems, and smart monitoring systems. A generic objective of fault detection and diagnosis techniques is to timely recognize unexpected faulty of dynamic systems so that economic demage occurred by such faulty is decreased by means of engineering techniques. This paper presents a novel fault detection approach for photovoltaic power arrays which are electrically connected in series and parallels. In the proposed fault detection scheme, we first measure all of photovoltaic modules located in each array by using electronic sense systems and then compare each measurement in turn to detect location of fault module through statistic computation algorithm. We accomplish real-time experiments to demonstrate our proposed fault detection methodology by using a test-bed system including two 20 watt photovoltaic modules.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.69-78
• /
• 2004

The change of attack techniques paradigm was begun by fast extension of the latest Internet and new attack form appearing. But, Most intrusion detection systems detect only known attack type as IDS is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, the experiments to apply various techniques of anomaly detection are appearing. In this paper, we propose an behavior profiling method using Bayesian framework based on graphics from audit data and visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate host/network audit data into BF-XML which is behavior profile of semi-structured data type for anomaly detection and to visualize BF-XML as SVG.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.3
• /
• pp.22-29
• /
• 2009

In previous work, anomaly-based intrusion detection techniques have been widely used to effectively detect various intrusions into a computer. This is because the anomaly-based detection techniques can effectively handle previously unknown intrusion methods. However, most of the previous work assumed that the normal network connections are fixed. For this reason, a new network connection may be regarded as an anomalous event. This paper proposes a new anomaly detection method based on an association-mining algorithm. The proposed method is composed of two phases: intra-packet association mining and inter-packet association mining. The performances of the proposed method are comparatively verified with JAM, which is a conventional representative intrusion detection method.

• The Korean Journal of Applied Statistics
• /
• v.34 no.3
• /
• pp.507-521
• /
• 2021

Detecting outliers among high-dimensional data encounters a challenging problem of screening the variables since relevant information is often contained in only a few of the variables. Otherwise, when a number of irrelevant variables are included in the data, the distances between all observations tend to become similar which leads to making the degree of outlierness of all observations alike. The subspace outlier detection method overcomes the problem by measuring the degree of outlierness of the observation based on the relevant subsets of the entire variables. In this paper, we survey recent subspace outlier detection techniques, classifying them into three major types according to the subspace selection method. And we summarize the techniques of each type based on how to select the relevant subspaces and how to measure the degree of outlierness. In addition, we introduce some computing tools for implementing the subspace outlier detection techniques and present results from the simulation study and real data analysis.