• Title/Summary/Keyword: Detection rule

Search Result 443, Processing Time 0.029 seconds

A Content Site Management Model by Analyzing User Behavior Patterns (사용자 행동 패턴 분석을 이용한 규칙 기반의 컨텐츠 사이트 관리 모델)

  • 김정민;김영자;옥수호;문현정;우용태
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.04a
    • /
    • pp.539-541
    • /
    • 2003
  • 본 논문에서는 컨텐츠 사이트에서 디지털 컨텐츠를 보호하기 위하여 사용자 행동 패턴을 분석을 이용해 특이한 성향을 보이는 사용자를 탐지하기 위한 모델을 제시하였다. 사용자의 행동 패턴을 분석하기 위한 탐지 규칙(detection rule)으로 Syntactic Rule과 Semantic Rule을 정의하였다. 사용자 로그 분석 결과 탐지 규칙에 대한 위반 정도가 일정 범위를 벗어나는 사용자를 비정상적인 사용자로 추정하였다. 또한 제안 모델은 eCRM 시스템에서 이탈 가능성이 있는 고객 집단을 사전에 탐지하여 고객으로 유지하기 위한 promotion 전략 수립에 응용될 수 있다.

  • PDF

A hybrid intrusion detection system based on CBA and OCSVM for unknown threat detection (알려지지 않은 위협 탐지를 위한 CBA와 OCSVM 기반 하이브리드 침입 탐지 시스템)

  • Shin, Gun-Yoon;Kim, Dong-Wook;Yun, Jiyoung;Kim, Sang-Soo;Han, Myung-Mook
    • Journal of Internet Computing and Services
    • /
    • v.22 no.3
    • /
    • pp.27-35
    • /
    • 2021
  • With the development of the Internet, various IT technologies such as IoT, Cloud, etc. have been developed, and various systems have been built in countries and companies. Because these systems generate and share vast amounts of data, they needed a variety of systems that could detect threats to protect the critical data contained in the system, which has been actively studied to date. Typical techniques include anomaly detection and misuse detection, and these techniques detect threats that are known or exhibit behavior different from normal. However, as IT technology advances, so do technologies that threaten systems, and these methods of detection. Advanced Persistent Threat (APT) attacks national or companies systems to steal important information and perform attacks such as system down. These threats apply previously unknown malware and attack technologies. Therefore, in this paper, we propose a hybrid intrusion detection system that combines anomaly detection and misuse detection to detect unknown threats. Two detection techniques have been applied to enable the detection of known and unknown threats, and by applying machine learning, more accurate threat detection is possible. In misuse detection, we applied Classification based on Association Rule(CBA) to generate rules for known threats, and in anomaly detection, we used One-Class SVM(OCSVM) to detect unknown threats. Experiments show that unknown threat detection accuracy is about 94%, and we confirm that unknown threats can be detected.

A Multiple Pattern Matching Scheme to Improve Rule Application Performance (규칙 적용 성능을 개선하기 위한 다중 패턴매칭 기법)

  • Lee, Jae-Kook;Kim, Hyong-Shik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.3
    • /
    • pp.79-88
    • /
    • 2008
  • On the internet, the NIDS(Network Intrusion Detection System) has been widely deployed to protect the internal network. The NIDS builds a set of rules with analysis results on illegal packets and filters them using the rules, thus protecting the internal system. The number of rules is ever increasing as the attacks are becoming more widespread and well organized these days. As a result, the performance degradation has been found severe in the rule application fer the NIDS. In this paper, we propose a multiple pattern matching scheme to improve rule application performance. Then we compare our algorithm with Wu-Mantel algorithm which is known to do high performance multi-pattern matching.

A Study of Security Rule Management for Misuse Intrusion Detection Systems using Mobile Agent (오용 침입탐지 시스템에서 모바일 에이전트를 이용한 보안규칙 관리에 관한 연구)

  • Kim, Tae-Kyung;Lee, Dong-Young;Chung, Tai-M.
    • The KIPS Transactions:PartC
    • /
    • v.10C no.5
    • /
    • pp.525-532
    • /
    • 2003
  • This paper describes intrusion detection rule management using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed approach, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2 (Network Simulator) with respect to time.

Performance Improvement of MOS type FDIS using Fuzzy Logic (퍼지논리를 이용한 다중관측자 구조 FDIS의 성능개선)

  • Ryu, Ji-Su;Park, Tae-Geon;Lee, Kee-Sang
    • Proceedings of the KIEE Conference
    • /
    • 1998.07b
    • /
    • pp.410-413
    • /
    • 1998
  • A passive approach for enhancing fault detection and isolation performance of multiple observer based fault detection isolation schemes(FDIS) is proposed. The FDIS has a hierarchical framework to perform detection and isolation of faults of interest, and diagnosis of process faults. The decision unit comprises of a rule base and fuzzy inference engine and removes some difficulties of conventional decision unit which includes crisp logic and threshold values. Emphasis is placed on the design and evaluation methods of the diagnostic rule base. The suggested scheme is applied for the FDIS design for a DC motor driven centrifugal pump system.

  • PDF

An Experimental Study on Fault Detection in the HVAC Simulator (공조 시뮬레이터를 이용한 고장진단 실험 연구)

  • Tae, Choon-Seob;Yang, Hoon-Cheul;Cho, Soo;Jang, Cheol-Yong
    • Proceedings of the SAREK Conference
    • /
    • 2006.06a
    • /
    • pp.807-813
    • /
    • 2006
  • The objective of this study is to develop a rule-based fault detection algorithm and an experimental verification using an artificial air handling unit. To develop an analytical algorithm which precisely detects a tendency of faulty component, energy equations at each control volume of AHU were applied. An experimental verification was conducted on the HVAC simulator. The rule based FDD algorithm isolated a faulted sensor from HVAC components in summer and winter conditions.

  • PDF

Automated Analysis of Scaffold Joint Installation Status of UAV-Acquired Images

  • Paik, Sunwoong;Kim, Yohan;Kim, Juhyeon;Kim, Hyoungkwan
    • International conference on construction engineering and project management
    • /
    • 2022.06a
    • /
    • pp.871-876
    • /
    • 2022
  • In the construction industry, fatal accidents related to scaffolds frequently occur. To prevent such accidents, scaffolds should be carefully monitored for their safety status. However, manual observation of scaffolds is time-consuming and labor-intensive. This paper proposes a method that automatically analyzes the installation status of scaffold joints based on images acquired from a Unmanned Aerial Vehicle (UAV). Using a deep learning-based object detection algorithm (YOLOv5), scaffold joints and joint components are detected. Based on the detection result, a two-stage rule-based classifier is used to analyze the joint installation status. Experimental results show that joints can be classified as safe or unsafe with 98.2 % and 85.7 % F1-scores, respectively. These results indicate that the proposed method can effectively analyze the joint installation status in UAV-acquired scaffold images.

  • PDF

Mention Detection with Pointer Networks (포인터 네트워크를 이용한 멘션탐지)

  • Park, Cheoneum;Lee, Changki
    • Journal of KIISE
    • /
    • v.44 no.8
    • /
    • pp.774-781
    • /
    • 2017
  • Mention detection systems use nouns or noun phrases as a head and construct a chunk of text that defines any meaning, including a modifier. The term "mention detection" relates to the extraction of mentions in a document. In the mentions, a coreference resolution pertains to finding out if various mentions have the same meaning to each other. A pointer network is a model based on a recurrent neural network (RNN) encoder-decoder, and outputs a list of elements that correspond to input sequence. In this paper, we propose the use of mention detection using pointer networks. Our proposed model can solve the problem of overlapped mention detection, an issue that could not be solved by sequence labeling when applying the pointer network to the mention detection. As a result of this experiment, performance of the proposed mention detection model showed an F1 of 80.07%, a 7.65%p higher than rule-based mention detection; a co-reference resolution performance using this mention detection model showed a CoNLL F1 of 52.67% (mention boundary), and a CoNLL F1 of 60.11% (head boundary) that is high, 7.68%p, or 1.5%p more than coreference resolution using rule-based mention detection.

A Design of FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) using Naive Bayesian and Data Mining (나이브 베이지안과 데이터 마이닝을 이용한 FHIDS(Fuzzy Logic based Hybrid Intrusion Detection System) 설계)

  • Lee, Byung-Kwan;Jeong, Eun-Hee
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.5 no.3
    • /
    • pp.158-163
    • /
    • 2012
  • This paper proposes an FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) design that detects anomaly and misuse attacks by using a Naive Bayesian algorithm, Data Mining, and Fuzzy Logic. The NB-AAD(Naive Bayesian based Anomaly Attack Detection) technique using a Naive Bayesian algorithm within the FHIDS detects anomaly attacks. The DM-MAD(Data Mining based Misuse Attack Detection) technique using Data Mining within it analyzes the correlation rules among packets and detects new attacks or transformed attacks by generating the new rule-based patterns or by extracting the transformed rule-based patterns. The FLD(Fuzzy Logic based Decision) technique within it judges the attacks by using the result of the NB-AAD and DM-MAD. Therefore, the FHIDS is the hybrid attack detection system that improves a transformed attack detection ratio, and reduces False Positive ratio by making it possible to detect anomaly and misuse attacks.

Studies on the Performance Variation of a Variable Speed Vapor Compression System under Fault and Its Detection and Diagnosis (가변속 증기압축 냉동시스템에서 고장시의 성능변화와 고장 감지 및 진단에 관한 연구)

  • Kim Minsung;Kim Min Soo
    • Korean Journal of Air-Conditioning and Refrigeration Engineering
    • /
    • v.17 no.1
    • /
    • pp.47-55
    • /
    • 2005
  • An experimental study has been peformed to develop a scheme for fault detection and diagnosis(FDD) in a vapor compression refrigeration system. This study is to analyze fault effect on the system performance and to find efficient diagnosis rules for easy determination of abnormal system operation. The refrigeration system was operated with a variable speed compressor to modulate cooling capacity. The FDD system was designed to consider transient load conditions. Four major faults were considered, and each fault was detected over wide operating load range by separating the system response to the load change. Rule-based method was used to diagnose and classify the system faults. From the experimental results, COP degradation due to the faults in a variable speed system is severer than that in a constant speed system. The method developed in this study can be used in the fault detection of refrigeration systems with a variable speed compressor.