• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.161-164
• /
• 2005

As the power of influence of the Internet grows steadily, attacks against the Internet can cause enormous monetary damages nowadays. A worm can not only replicate itself like a virus but also propagate itself across the Internet. So it infects vulnerable hosts in the Internet and then downgrades the overall performance of the Internet or makes the Internet not to work. To response this, worm detection and prevention technologies are developed. The worm detection technologies are classified into two categories, host based detection and network based detection. Host based detection methods are a method which checks the files that worms make, a method which checks the integrity of the file systems and so on. Network based detection methods are a misuse detection method which compares traffic payloads with worm signatures and anomaly detection methods which check inbound/outbound scan rates, ICMP host/port unreachable message rates, and TCP RST packet rates. However, single detection methods like the aforementioned can't response worms' attacks effectively because worms attack the Internet in the distributed fashion. In this paper, we propose a design of distributed worm detection system to overcome the inefficiency. Existing distributed network intrusion detection systems cooperate with each other only with their own information. Unlike this, in our proposed system, a worm detection system on a network in which worms select targets and a worm detection system on a network in which worms propagate themselves cooperate with each other with the direction-aware information in terms of worm's lifecycle. The direction-aware information includes the moving direction of worms and the service port attacked by worms. In this way, we can not only reduce false positive rate of the system but also prevent worms from propagating themselves across the Internet through dispersing the confirmed worm signature.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.1
• /
• pp.35-44
• /
• 2010

In this paper, we propose a method about producing skin color model adaptively in input image and face detection. The principle process which we proposed is finding eyes candidates by applying the eye features to neural network, and then using the around color to find the distribution of color value. There will be a verification process that producing face region by using color value distribution which is detected as skin region and find mouth candidate in corresponding face region; if eye candidate and mouth candidate's connection structure is similar with face structure, then it can be judged as a face. Because this method can detect skin region adaptively by finding eyes, we solve the rate of false positive about the distorted skin color which is used by existing face detection methods. The experiment was performed about detecting the eye, the skin, the mouth and the face individually. The results revealed that the proposed technique is better than the traditional techniques.

• Clinical and Experimental Pediatrics
• /
• v.59 no.11
• /
• pp.451-455
• /
• 2016

Purpose: Neurocardiogenic syncope (NCS) is the most frequent cause of fainting during adolescence. Inappropriate cardiovascular autonomic control may be responsible for this clinical event. The head-up tilt test has been considered a diagnostic standard, but it is cumbersome and has a high false-positive rate. We performed a study to evaluate whether P-wave dispersion (PWD) could be a useful electrocardiographic parameter of cardiac autonomic dysfunction in children with NCS. Methods: Fifty-four patients with NCS (28 boys and 26 girls; mean age, $12.3{\pm}1.4$ years) and 55 age- and sex-matched healthy controls were enrolled. PWD was obtained as the difference between maximum and minimum durations of the P wave on standard 12-lead electrocardiography in all patients and controls Results: The value of PWD was significantly higher in the syncope group than in the control group ($69.7{\pm}19.6$ msec vs. $45.5{\pm}17.1$ msec, respectively; P<0.001). The minimum duration of P wave was shorter in the syncope group than in the control group ($43.8{\pm}16.8$ msec vs. $53.5{\pm}10.7$ msec, respectively; P<0.001). Left atrial volume was not different between the groups on transthoracic echocardiography. Conclusion: PWD on echocardiography could be used as a clinical parameter in patients with NCS.

• Journal of KIISE:Computing Practices and Letters
• /
• v.12 no.6
• /
• pp.339-348
• /
• 2006

Recently, many researches on detecting and responding worms due to the fatal infrastructural damages explosively damaged by automated attack tools, particularly worms. Network service vulnerability exploiting worms have high propagation velocity, exhaust network bandwidth and even disrupt the Internet. Previous worm researches focused on signature-based approaches however these days, approaches based on behavioral features of worms are more highlighted because of their low false positive rate and the attainability of early detection. In this paper, we propose a Distributed Worm Detection Model based on packet marking. The proposed model detects Worm Cycle and Infection Chain among which the behavior features of worms. Moreover, it supports high scalability and feasibility because of its distributed reacting mechanism and low processing overhead. We virtually implement worm propagation environment and evaluate the effectiveness of detecting and responding worm propagation.

• KIPS Transactions on Software and Data Engineering
• /
• v.5 no.8
• /
• pp.369-376
• /
• 2016

Among various vehicle extraction techniques, OBPCA (Object-Based Point Cloud Analysis) calculates features quickly by coarse-grained rectangles from top-view of the vehicle candidates. However, it uses only a top-view rectangle to detect a vehicle. Thus, it is hard to extract rectangular objects with similar size. For this reason, accuracy issue has raised on the OBPCA method which influences on DEM generation and traffic monitoring tasks. In this paper, we propose a novel method which uses the most distinguishing vertical elevations to calculate additional features. Our proposed method uses same features with top-view, determines new thresholds, and decides whether the candidate is vehicle or not. We compared the accuracy and execution time between original OBPCA and the proposed one. The experiment result shows that our method produces 6.61% increase of precision and 13.96% decrease of false positive rate despite with marginal increase of execution time. We can see that the proposed method can reduce misclassification.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.11-17
• /
• 2017

Organizations are experiencing an ever-growing concern of how to prevent confidential information leakage from internal employees. Those who have authorized access to organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. In this paper, we investigate the task of detecting such insider through a method of modeling a user's normal behavior in order to detect anomalies in that behavior which may be indicative of an data leakage. We make use of Hidden Markov Models to learn what constitutes normal behavior, and then use them to detect significant deviations from that behavior. Experiments have been made to determine the optimal HMM parameters and our result shows detection capability of 20% false positive and 80% detection rate.

• Spatial Information Research
• /
• v.21 no.3
• /
• pp.31-43
• /
• 2013

Although the vector map data possesses much higher values than other types of multimedia, the data copyright and the protection against illegal duplication are still far away from the attention. This paper proposes a novel watermarking technique which is both robust to diverse attacks and optimized to a vector map structure. Six approaches are proposed for the design of the watermarking algorithm: point-based approach, building a minimum perimeter triangle, watermark embedding in the length ratio, referencing to the pixel position of the watermark image, grouping, and using the one-way function. Our method preserves the characteristics of watermarking such as embedding effectiveness, fidelity, and false positive rate, while maintaining robustness to all types of attack except a noise attack. Furthermore, our method is a blind scheme in which robustness is independent of the map data. Finally, our method provides a solution to the challenging issue of degraded robustness under severe simplification attacks.

• Journal of Genetic Medicine
• /
• v.12 no.2
• /
• pp.118-122
• /
• 2015

Noninvasive prenatal test (NIPT) is a novel screening method for the diagnosis of fetal chromosomal aneuploidies. NIPT is based on technology that detects cell-free fetal DNA in maternal plasma and analyzes it with massively parallel sequencing technology to determine whether the fetus is at risk of trisomy 21, trisomy 18, trisomy 13 or sex chromosome abnormalities (SCAs). NIPT has been reported to have sensitivity of 99% and a false positive rate of less than 1% for detecting trisomy 21 and trisomy 18. Although extension of the application of NIPT to other SCAs has been attempted, there are concerns in extending NIPT to SCAs because of maternal or fetal mosaicism, undetected maternal SCAs, and multiple pregnancies. Recently, we assessed a pregnancy with the rare Turner syndrome mosaicism 45, X/47, XXX, which was reported as 45, X with NIPT. We present the case here and briefly review the current literatures on NIPT in testing for fetal monosomy X. To the best of our knowledge, this is the first report of the 45, X/47, XXX mosaicism in Korea to be reported as 45, X by NIPT with whole genome sequencing. This case report will provide valuable information for counseling women who want to undergo NIPT.

• Journal of Biomedical Engineering Research
• /
• v.30 no.6
• /
• pp.516-520
• /
• 2009

The purpose of this study is to determine optimal filtering condition and threshold for the detection of gait-cycles for various walkway slopes as well as gait velocities. Ten young healthy subjects with accelerometer system on thigh and ankle walked on a treadmill at 9 conditions (three speeds and three slopes) for 5 minutes. Two direction signals, i.e. anterior-posterior (AP) and superior-inferior (SI) directions, of each sensor (four sensor orientations) were used to detect specific events of gait cycle. Variation of the threshold (from -1G to 1G) and lowpass cutoff frequency (fc) were applied to the event detection and their performance was evaluated according to the error index (EI), which was defined as the combination of the accuracy and false positive rate. Optimal fc and threshold were determined for each slope in terms of the EI. The optimal fc, threshold and their corresponding EI depended much on the walkway slope so that their coefficients of variation (CV) ranged 19~120%. When all data for 3 slopes were used in the identification of optimal conditions for each sensor, the best error indices for all sensor orientations were comparable ranging 1.43~1.76%, but the optimal fc and threshold depended much on the sensor position. The result indicates that the gait-cycle detection robust to walkway slope is possible by threshold method with well-defined filtering condition and threshold.

• Journal of radiological science and technology
• /
• v.39 no.4
• /
• pp.527-534
• /
• 2016

Dual-energy X-ray absorptiometry (DEXA) is the most widely used technical instrument for evaluating bone mineral content (BMC) and density (BMD) in patients of all ages. In 2016, DEXA devices operating is 5617 in Korea. In this study we investigated the quality of management practices survey for DEXA equipment and we analyzed it. We got a survey response rate of 12.6%. Accurate bone densitometry test is used data for estimation a patient's risk of fracture. However, improper bone densitometry will increase the possibility of causing a false positive. Therefore. it is essential to use the proper aids accurate bone densitomenty to be performed, and the quality control of the device to reduce the error factor of the tester through the training to reduce error for the device and the attitude.