• Proceedings of the KSRS Conference
• /
• 2004.10a
• /
• pp.716-718
• /
• 2004

The false alarm data in intrusion detection systems are divided into false positive and false negative. The false positive makes bad effects on the performance of intrusion detection system. And the false negative makes bad effects on the efficiency of intrusion detection system. Recently, the most of works have been studied the data mining technique for analysis of alert data. However, the false alarm data not only increase data volume but also change patterns of alert data along the time line. Therefore, we need a tool that can analyze patterns that change characteristics when we look for new patterns. In this paper, we focus on the false positives and present a framework for analysis of false alarm pattern from the alert data. In this work, we also apply incremental data mining techniques to analyze patterns of false alarms among alert data that are incremental over the time. Finally, we achieved flexibility by using dynamic support threshold, because the volume of alert data as well as included false alarms increases irregular.

• Review of KIISC
• /
• v.13 no.1
• /
• pp.22-31
• /
• 2003

NIDS(Network Intrusion Detection System)은 실시간에 침입을 탐지하는 방안을 제시하는 시스템이지만 침입에 대한 탐지보다 더 많은 false positives 정보를 발생시키고 있다. 많은 false positives로부터 실제 침입을 찾아내는 것은 NIDS를 효율적으로 운영하기 위해서 필요한 새로운 일이 되고 있다. 본 논문은 NIDS에서의 false positive를 줄이기 위한 동적인 중요도 계산 모델을 제시한다. 제안된 방법은 공격의 4가지 특성(공격 의도, 공격자의 지식정도, 공격의 영향 그리고 공격의 성공 가능성)을 이용한다. 만약 공격자가 공격의 의도가 크거나 많은 지식을 가지고 있다면, 보통의 경우보다 공격에 성공할 확률이 높다. 또한 공격의 대상이 특정 공격에 취약하거나 특정 공격이 대상 시스템에 미칠 영향이 큰 경우에는 더욱더 중요한 공격이 된다고 할 수 있다. 이런 4가지의 특성을 이용하여 제시한 본 논문은 결과는 상당히 많은 부분에 대한 false positives를 줄이는 효과를 가지고 왔으며, 또한 공격에 대한 중요도의 정확성을 향상시켜서 NIDS의 관리를 쉽게 할 수 있도록 한다.

• IE interfaces
• /
• v.21 no.1
• /
• pp.33-42
• /
• 2008

To analyze tens of thousands of alarms triggered by the intrusion detections systems (IDS) a day has been very time-consuming, requiring human administrators to stay alert for all time. But most of the alarms triggered by the IDS prove to be the false positives. If alarms could be correctly classified into the false positive and the false negative, then we could alleviate most of the burden of human administrators and manage the IDS far more efficiently. Therefore, we present a new approach based on attribute-oriented induction (AOI) to classify alarms into the false positive and the false negative. The experimental results show the proposed approach performs very well.

• Journal of Preventive Medicine and Public Health
• /
• v.17 no.1
• /
• pp.203-210
• /
• 1984

Primary screening test for serum HBsAg by RPHA from 4,805 persons who were clinically well through preemployment examination for the period of one calendar year of 1983 revealed 476 (9.9%) positive individual carriers. There were no significant differences in distribution of positives of serum HBsAg by age group, profession, or province area. Among positives of serum HBsAg, 356 (74.8%) showed normal findings and 120 (25.2%) showed abnormal findings in liver function test, respectively. Radioimmunoassay was done in 169 positives of HBsAg and RIA detected 10 negative persons who were positive by RPHA revealing 5.9% of false positive rate and 94.1% of sensitivity of RPHA. In RIA profile of HBV markers, pattern I (HBsAg+, Anti-HBe+) was 46.6%, pattern II (HBsAg+, HBeAg+) was 33.3%, pattern III (HBsAg+only) was 18.3%, pattern IV (HBsAg+, HBeAg+, Anti-HBs+) was 1.3%, pattern V (HBsAg+, HBeAg+, Anti-HBe+) was 0.6%, respectively. There were no positives of HBsAg among 10 persons who were negatives of HBsAg by RIA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1131-1139
• /
• 2020

The static analysis of the source code is to find the remaining security weaknesses for a wide range of source codes. The static analysis tool is used to check the result, and the static analysis expert performs spying and false detection analysis on the result. In this process, the amount of analysis is large and the rate of false positives is high, so a lot of time and effort is required, and a method of efficient analysis is required. In addition, it is rare for experts to analyze only the source code of the line where the defect occurred when performing positive/false detection analysis. Depending on the type of defect, the surrounding source code is analyzed together and the final analysis result is delivered. In order to solve the difficulty of experts discriminating positive and false positives using these static analysis tools, this paper proposes a method of determining whether or not the security weakness found by the static analysis tools is a spy detection through artificial intelligence rather than an expert. In addition, the optimal size was confirmed through an experiment to see how the size of the training data (source code around the defects) used for such machine learning affects the performance. This result is expected to help the static analysis expert's job of classifying positive and false positives after static analysis.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.8 no.4
• /
• pp.316-321
• /
• 2008

Advanced computer network technology enables computers to be connected in an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, which makes it vulnerable to previously unidentified attack patterns and variations in attack and increases false negatives. Intrusion detection and analysis technologies are thus required. This paper investigates the asymmetric costs of false errors to enhance the performances the detection systems. The proposed method utilizes the network model to consider the cost ratio of false errors. By comparing false positive errors with false negative errors, this scheme achieved better performance on the view point of both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of anomaly traffic detection is enhanced by considering the costs of false errors.

• Proceedings of the IEEK Conference
• /
• 2000.07b
• /
• pp.803-806
• /
• 2000

The correspondence problem is known to be difficult to solve because false positives and false negatives almost always exist in real image sequences. In this paper, we propose a robust feature tracking algorithm considering incomplete trajectories such as entering and/or vanishing trajectories. We solve the correspondence problem as the optimal graph search problem, by considering false feature points and by properly reflecting motion characteristics. The proposed algorithm finds a local optimal correspondence so that the effect of false feature points can be minimized in the decision process. The time complexity of the proposed graph search algorithm is given by O(mn) in the best case and O(m$^2$n) in the worst case, where m and n are the number of feature points in two consecutive frames. The proposed algorithm can find trajectories correctly and robustly, which has been shown by experimental results.

• Clinical and Experimental Pediatrics
• /
• v.64 no.5
• /
• pp.208-222
• /
• 2021

The publication of genetic epidemiology meta-analyses has increased rapidly, but it has been suggested that many of the statistically significant results are false positive. In addition, most such meta-analyses have been redundant, duplicate, and erroneous, leading to research waste. In addition, since most claimed candidate gene associations were false-positives, correctly interpreting the published results is important. In this review, we emphasize the importance of interpreting the results of genetic epidemiology meta-analyses using Bayesian statistics and gene network analysis, which could be applied in other diseases.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.47-53
• /
• 2019

Network-based sharing of information has evolved into a cloud service environment today, increasing its number of users rapidly, but has become a major target for network-based illegal attackers.. In addition, IP spoofing among attackers' various attack techniques generally involves resource exhaustion attacks. Therefore, fast detection and response techniques are required. The existing detection method for IP spoofing attack performs the final authentication process according to the analysis and matching of traceback information of the client who attempted the connection request. However, the simple comparison method of traceback information may require excessive OTP due to frequent false positives in an environment requiring service transparency. In this paper, symmetric key cryptography based on traceback information is used as mutual authentication information to improve this problem. That is, after generating a traceback-based encryption key, mutual authentication is possible by performing a normal decryption process. In addition, this process could improve the overhead caused by false positives.

• Korean Journal of Radiology
• /
• v.21 no.7
• /
• pp.891-899
• /
• 2020

Objective: To assess the diagnostic performance of a deep learning-based algorithm for automated detection of acute and chronic rib fractures on whole-body trauma CT. Materials and Methods: We retrospectively identified all whole-body trauma CT scans referred from the emergency department of our hospital from January to December 2018 (n = 511). Scans were categorized as positive (n = 159) or negative (n = 352) for rib fractures according to the clinically approved written CT reports, which served as the index test. The bone kernel series (1.5-mm slice thickness) served as an input for a detection prototype algorithm trained to detect both acute and chronic rib fractures based on a deep convolutional neural network. It had previously been trained on an independent sample from eight other institutions (n = 11455). Results: All CTs except one were successfully processed (510/511). The algorithm achieved a sensitivity of 87.4% and specificity of 91.5% on a per-examination level [per CT scan: rib fracture(s): yes/no]. There were 0.16 false-positives per examination (= 81/510). On a per-finding level, there were 587 true-positive findings (sensitivity: 65.7%) and 307 false-negatives. Furthermore, 97 true rib fractures were detected that were not mentioned in the written CT reports. A major factor associated with correct detection was displacement. Conclusion: We found good performance of a deep learning-based prototype algorithm detecting rib fractures on trauma CT on a per-examination level at a low rate of false-positives per case. A potential area for clinical application is its use as a screening tool to avoid false-negative radiology reports.