• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.389-395
• /
• 2022

With the evolution of technology, cyber physical systems (CPSs) are being upgraded, and new types of cyber attacks are being discovered accordingly. There are many forms of cyber attack, and all cyber attacks are made to manipulate the target systems. A representative system among cyber physical systems is a cyber physical power system (CPPS), that is, a smart grid. Smart grid is a new type of power system that provides reliable, safe, and efficient energy transmission and distribution. In this paper, specific types of cyber attacks well known as false data injection attacks targeting state estimation and energy distribution of smart grid, and protection strategies for defense of these attacks and dynamic monitoring for detection are described.

• Industrial Engineering and Management Systems
• /
• v.4 no.2
• /
• pp.176-183
• /
• 2005

The theory of signal detection has been applied to a wide range of practical situation for a long time, including sonar detection, air traffic control and so on. In general, in this theory, sensitivity parametric index d' and bias parametric index $\beta$ are used to evaluated the performance of vigilance. These indices use observer's response "hit" and "false alarm" to explain and evaluate vigilance, but not considering reaction time. However, the reaction time of detecting should be considered in measuring vigilance in some supervisory tasks such as unlimited monitoring tasks (e.g., supervisors in nuclear plant). There are some researchers have used the segments of reaction time to generate a pair of probabilities of hit and false alarm probabilities and plot the receiver operating characteristic curve. The purpose of this study was to develop a quantitative vigilance-measuring model by fuzzy sets, which combined the concepts of hit, false alarm and reaction time. The model extends two-values logic to multi-values logic by membership functions of fuzzy sets. A simulated experiment of monitoring task in nuclear plant was carried out. Results indicated that the new vigilance-measuring model is more efficient than traditional indices; the characteristics of vigilance would be realized more clearly in unlimited monitoring task.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.7
• /
• pp.1721-1736
• /
• 2013

Black and gray hole attack is one kind of routing disturbing attacks and can bring great damage to the network. As a result, an efficient algorithm to detect black and gray attack is important. This paper demonstrate an adaptive approach to detecting black and gray hole attacks in ad hoc network based on a cross layer design. In network layer, we proposed a path-based method to overhear the next hop's action. This scheme does not send out extra control packets and saves the system resources of the detecting node. In MAC layer, a collision rate reporting system is established to estimate dynamic detecting threshold so as to lower the false positive rate under high network overload. We choose DSR protocol to test our algorithm and ns-2 as our simulation tool. Our experiment result verifies our theory: the average detection rate is above 90% and the false positive rate is below 10%. Moreover, the adaptive threshold strategy contributes to decrease the false positive rate.

• Journal of Satellite, Information and Communications
• /
• v.9 no.1
• /
• pp.22-27
• /
• 2014

In this paper, we analyzed performance of FFT based on pilot sensing scheme for DTV signal in fading environments. In order to detect the present and absent for advanced television system committee digital television (ATSC DTV), a pilot detection scheme based on FFT is employed. Also, these signals are applied to each fading environment. For evaluating the spectrum sensing performance, detection probability is derived. When threshold is decided, we refer to constant false alarm rate (CFAR) scheme. From simulation results, it is confirmed that the spectrum sensing performance is improved as increase of the false alarm rate. The result of this paper can be applied to implement the spectrum sensing part of cognitive radio (CR) systems.

• Review of KIISC
• /
• v.13 no.1
• /
• pp.22-31
• /
• 2003

NIDS(Network Intrusion Detection System)은 실시간에 침입을 탐지하는 방안을 제시하는 시스템이지만 침입에 대한 탐지보다 더 많은 false positives 정보를 발생시키고 있다. 많은 false positives로부터 실제 침입을 찾아내는 것은 NIDS를 효율적으로 운영하기 위해서 필요한 새로운 일이 되고 있다. 본 논문은 NIDS에서의 false positive를 줄이기 위한 동적인 중요도 계산 모델을 제시한다. 제안된 방법은 공격의 4가지 특성(공격 의도, 공격자의 지식정도, 공격의 영향 그리고 공격의 성공 가능성)을 이용한다. 만약 공격자가 공격의 의도가 크거나 많은 지식을 가지고 있다면, 보통의 경우보다 공격에 성공할 확률이 높다. 또한 공격의 대상이 특정 공격에 취약하거나 특정 공격이 대상 시스템에 미칠 영향이 큰 경우에는 더욱더 중요한 공격이 된다고 할 수 있다. 이런 4가지의 특성을 이용하여 제시한 본 논문은 결과는 상당히 많은 부분에 대한 false positives를 줄이는 효과를 가지고 왔으며, 또한 공격에 대한 중요도의 정확성을 향상시켜서 NIDS의 관리를 쉽게 할 수 있도록 한다.

• IE interfaces
• /
• v.21 no.1
• /
• pp.33-42
• /
• 2008

To analyze tens of thousands of alarms triggered by the intrusion detections systems (IDS) a day has been very time-consuming, requiring human administrators to stay alert for all time. But most of the alarms triggered by the IDS prove to be the false positives. If alarms could be correctly classified into the false positive and the false negative, then we could alleviate most of the burden of human administrators and manage the IDS far more efficiently. Therefore, we present a new approach based on attribute-oriented induction (AOI) to classify alarms into the false positive and the false negative. The experimental results show the proposed approach performs very well.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.697-699
• /
• 2003

최근의 네트워크 공격의 주류는 DoS (denial-of-service)와 DDoS (distributed DoS) 공격이다. 이러한 공격들은 공격자가 침입 대상 시스템의 자원을 완전히 소모시켜서 시스템이 정상적인 서비스를 할 수 없도록 하는 것이다. 각 시스템의 관리자들은 이러한 침입이나 공격을 막기 위한 방편 중에 하나로 IDS(Intrusion detection system)를 사용하고 있다. 그러나 IDS의 높은 false-positive(정상적인 사용을 공격으로 잘못 판단하는 경우)의 발생빈도는 심각한 문제점 중의 하나는 이다. 이런 false-positive의 발생빈도를 줄이고자 본 논문에서는 한번의 판단만으로 연결(connection)을 차단시키지 않고, trust라는 개념을 도입하여 trust의 값에 따라서 사용자에게 차등 서비스를 제공하는 기법을 제안한다. 즉, trust를 이용하는 기법은 각 사용자를 한번에 공격자인지 일반 사용자인지 결정하지 않고, 한 번 더 검사하여 false-positive의 발생빈도를 감소시키는 기법이다.

• Annual Conference of KIPS
• /
• 2015.04a
• /
• pp.380-383
• /
• 2015

오용 탐지모델 기반의 침입탐지시스템은 새로운 사이버 공격을 탐지하기 위해 지속적으로 탐지규칙을 생성해야 한다. 공격에 대한 특징을 정확히 식별하지 못하고 탐지규칙을 생성할 경우 많은 false positive를 발생시키며, 이로 인해 침해사고 대응시간이 늦어진다. 본 논문에서는 침입탐지시스템에서 탐지된 이벤트의 true positive와 false positive 데이터를 Keyword Tree의 node에 경로를 지나가는 횟수를 누적하는 값을 포함시킨 자료구조를 기반으로 비교분석하여 false positive를 감소시킬 수 있는 탐지규칙 패턴 생성 기법을 제안한다.

• Journal of Biomedical Engineering Research
• /
• v.30 no.5
• /
• pp.412-417
• /
• 2009

The purpose of this study was to assess the ability of this device during clinically important episodes of extravasation. The extravasation detection accessory (EDA) system was based of infrared ray with detection sensor, an amplifier, alarm device, receiver, cable and a computer based system. This study was a prospective, observational study in which the EDA system was used to monitor the automated mechanical injection of contrast media. Three hundred patients referred for contrast media enhanced body computed tomography studied in a prospective, observation study in which the EDA system was used to identify and interrupt any injection associated with clinically important extravasation. There were 8 true-positive cases, 276 true-negative cases, 15 false-positive cases and 1 false-negative cases. The EDA system had a sensitivity of 88.8% and a specificity of 94.8% for the detection of clinically important extravasation. The EDA system had good sensitivity for the detection of clinically important extravasation and the EDA system has the clinical potential for the early detection of extravasation of the contrast medium that is administered with power injectors.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.1
• /
• pp.123-131
• /
• 2011

In this paper, modeling and design of a distributed detection system are considered for an active sonar sensor network. The sensor network has a parallel configuration and it consists of a fusion center and a set of receiver nodes. A system with two receiver nodes is considered to investigate a theoretical aspect of design. To be specific, AND rule and OR rule are considered as the fusion rules of the sensor network. For the fusion rules, it is shown that a threshold rule of each sensor node has uniformly most powerful properties. Optimum threshold for each sensor is obtained that maximizes the probability of detection given probability of false alarm. Numerical experiments were also performed to investigate the detection characteristics of a distributed detection system with multiple sensor nodes. The experimental results show how signal strength, false alarm probability, and the distance between nodes in a sensor field affect the system detection performances.