• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.1
• /
• pp.459-466
• /
• 2011

In this paper, we proposed a data mining framework for the management of alerts in order to improve the performance of the intrusion detection systems. The proposed alert data mining framework performs alert correlation analysis by using mining tasks such as axis-based association rule, axis-based frequent episodes and order-based clustering. It also provides the capability of classify false alarms in order to reduce false alarms. We also analyzed the characteristics of the proposed system through the implementation and evaluation of the proposed system. The proposed alert data mining framework performs not only the alert correlation analysis but also the false alarm classification. The alert data mining framework can find out the unknown patterns of the alerts. It also can be applied to predict attacks in progress and to understand logical steps and strategies behind series of attacks using sequences of clusters and to classify false alerts from intrusion detection system. The final rules that were generated by alert data mining framework can be used to the real time response of the intrusion detection system.

• The KIPS Transactions:PartC
• /
• v.12C no.1 s.97
• /
• pp.45-52
• /
• 2005

A damage scale of information property has been increasing rapidly by various illegal actions of information systems, which result from dysfunction of a knowledge society. Reinforcement in criminal investigation requests of network security has accelerated research and development of Intrusion Detection Systems(IDSs), which report intrusion-detection about these illegal actions. Due to limited designs of early IDSs, it is hard for the IDSs to cope with tricks to go around IDS as well as false-positive and false-negative trials in various network environments. In this paper, we showed that this kind of problems can be solved by using a Virtual Protocol Stack(VPS) that possesses automatic learning ability through an optimum-adaptive mobile code. Therefore, the enhanced IDS adapts dynamically to various network environments in consideration of monitored and self-learned network status. Moreover, it is shown that Insertion/Evasion attacks can be actively detected. Finally, we discussed that this method can be expanded to an intrusion detection technique that possesses adaptability in the various mixed network environments.

• Journal of the Korea Society for Simulation
• /
• v.17 no.3
• /
• pp.27-34
• /
• 2008

Wireless sensor networks are comprised of sensor nodes with resource-constrained hardware. Nodes in the sensor network without adequate protection may be compromised by adversaries. Such compromised nodes are vulnerable to the attacks like false reports injection attacks and false data injection attacks on legitimate reports. In false report injection attacks, an adversary injects false report into the network with the goal of deceiving the sink or the depletion of the finite amount of energy in a battery powered network. In false data injection attacks on legitimate reports, the attacker may inject a false data for every legitimate report. To address such attacks, the probabilistic voting-based filtering scheme (PVFS) has been proposed by Li and Wu. However, each cluster head in PVFS needs additional transmission device. Therefore, this paper proposes a fuzzy logic-based false report detection method (FRD) to mitigate the threat of these attacks. FRD employs the statistical en-route filtering scheme as a basis and improves upon it. We demonstrate that FRD is efficient with respect to the security it provides, and allows a tradeoff between security and energy consumption, as shown in the simulation.

• Journal of Institute of Control, Robotics and Systems
• /
• v.17 no.11
• /
• pp.1117-1124
• /
• 2011

An integrated fault detection and isolation method is proposed in this paper. The main objective of this paper is development fault detection, isolation and diagnosis algorithm based on the DKF (Decentralized Kalman Filter) and the bank of IMM (Interacting Multiple Model) filters using penalty scalar for both partial and total faults and the outlier detection algorithm for preventing false alarm also included. The proposed FDI (Fault Detection and Isolation) scheme is developed in four phases. In the first phase, the outlier detection filter is designed to prevent false alarm as a pre-filter. In the second phases, two local filters and master filter are designed to detect sensor faults. In the third phases, the proposed FDI scheme checks sensor residual to isolate sensor faults and 11 EKFs actuator fault models are designed to detect wherever actuator faults occur. In the last phases, four filters are designed to identify the fault type which is either the total fault or partial fault. The developed scheme can deal with not only sensor and actuator faults, but also preventing false alarm. An important feature of the proposed FDI scheme can decreases fault isolation time and figure out not only fault detection and isolation but also fault type identification. To verify the proposed FDI algorithm performance, the Simulator is also developed under the Matlab/Simulink environment.

• Smart Media Journal
• /
• v.13 no.4
• /
• pp.23-32
• /
• 2024

Large-scale fires and their consequential damages are becoming increasingly common, but confidence in fire detection systems is waning. Recently, widely-used chemical fire detectors frequently generate lots of false alarms, while video-based deep learning fire detection is hampered by its time-consuming and expensive nature. To tackle these issues, this study proposes a fire detection model utilizing an autoencoder approach. The objective is to minimize false alarms while achieving swift and precise fire detection. The proposed model, employing an autoencoder methodology, can exclusively learn from normal data without the need for fire-related data, thus enhancing its adaptability to diverse environments. By amalgamating data from five distinct sensors, it facilitates rapid and accurate fire detection. Through experiments with various hyperparameter combinations, the proposed model demonstrated that out of 14 scenarios, only one encountered false alarm issues. Experimental results underscore its potential to curtail fire-related losses and bolster the reliability of fire detection systems.

• Journal of Internet Computing and Services
• /
• v.13 no.1
• /
• pp.7-14
• /
• 2012

In this paper, performance of IEEE 802.11 carrier-sense multiple access with collision-avoidance (CSMA/CA) protocols in saturated traffic conditions is presented taking into account the impact of imperfect channel sensing. The imperfect channel sensing includes both missed-detection and false alarm and their impact on the performance of IEEE 802.11 is analyzed and expressed as a closed form. To include the imperfect channel sensing at the physical layer, we modified the state transition probabilities of well-known two state Markov process model. Simulation results closely match the theoretical expressions confirming the effectiveness of the proposed model. Based on both theoretical and simulated results, the probability of detection is concluded as a dominant factor for the performance of IEEE 802.11.

• Proceedings of the KSRS Conference
• /
• 2003.11a
• /
• pp.1149-1151
• /
• 2003

We performed a validation study of the MODIS active fire detection algorithm using high resolution SPOT image as the reference data set. Fire with visible smoke plumes are detected in the SPOT scenes, while the hotspots in MODIS data are detected using NASA's new version 4 fire detection algorithm. The detection performance is characterized by the commission error rate (false alarms) and the omission error rate (undetected fires). In the Sumatra and Kalimantan study area, the commission rate and the omission rate are 27% and 34% respectively. False alarms are probably due to recently burnt areas with warm surfaces. False negative detection occur where there are long smoke plumes and where fires occur in densely vegetated areas.

• International Journal of Computer Science & Network Security
• /
• v.24 no.10
• /
• pp.115-124
• /
• 2024

In current day information transmitted from one place to another by using network communication technology. Due to such transmission of information, networking system required a high security environment. The main strategy to secure this environment is to correctly identify the packet and detect if the packet contain a malicious and any illegal activity happened in network environments. To accomplish this we use intrusion detection system (IDS). Intrusion detection is a security technology that design detects and automatically alert or notify to a responsible person. However, creating an efficient Intrusion Detection System face a number of challenges. These challenges are false detection and the data contain high number of features. Currently many researchers use machine learning techniques to overcome the limitation of intrusion detection and increase the efficiency of intrusion detection for correctly identify the packet either the packet is normal or malicious. Many machine-learning techniques use in intrusion detection. However, the question is which machine learning classifiers has been potentially to address intrusion detection issue in network security environment. Choosing the appropriate machine learning techniques required to improve the accuracy of intrusion detection system. In this work, three machine learning classifier are analyzed. Support vector Machine, Naïve Bayes Classifier and K-Nearest Neighbor classifiers. These algorithms tested using NSL KDD dataset by using the combination of Chi square and Extra Tree feature selection method and Python used to implement, analyze and evaluate the classifiers. Experimental result show that K-Nearest Neighbor classifiers outperform the method in categorizing the packet either is normal or malicious.

• International Journal of Automotive Technology
• /
• v.8 no.4
• /
• pp.513-520
• /
• 2007

In this paper, we propose an approach to identify the driving environment for intelligent highway vehicles by means of image processing and computer vision techniques. The proposed approach mainly consists of two consecutive computational steps. The first step is the lane marking detection, which is used to identify the location of the host vehicle and road geometry. In this step, related standard image processing techniques are adapted for lane-related information. In the second step, by using the output from the first step, a four-stage algorithm for vehicle detection is proposed to provide information on the relative position and speed between the host vehicle and each preceding vehicle. The proposed approach has been validated in several real-world scenarios. Herein, experimental results indicate low false alarm and low false dismissal and have demonstrated the robustness of the proposed detection approach.

• Journal of Computing Science and Engineering
• /
• v.7 no.4
• /
• pp.272-284
• /
• 2013

In this paper, we propose a new framework for anomaly detection in medical wireless sensor networks, which are used for remote monitoring of patient vital signs. The proposed framework performs sequential data analysis on a mini gateway used as a base station to detect abnormal changes and to cope with unreliable measurements in collected data without prior knowledge of anomalous events or normal data patterns. The proposed approach is based on the Mahalanobis distance for spatial analysis, and a kernel density estimator for the identification of abnormal temporal patterns. Our main objective is to distinguish between faulty measurements and clinical emergencies in order to reduce false alarms triggered by faulty measurements or ill-behaved sensors. Our experimental results on both real and synthetic medical datasets show that the proposed approach can achieve good detection accuracy with a low false alarm rate (less than 5.5%).