• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.4
• /
• pp.671-690
• /
• 2010

The continuous growth of attacks in the Internet causes to generate a number of rules in security devices such as Intrusion Prevention Systems, firewalls, etc. Policy anomalies in security devices create security holes and prevent the system from determining quickly whether allow or deny a packet. Policy anomalies exist among the rules in multiple security devices as well as in a single security device. The solution for policy anomalies requires complex and complicated algorithms. In this paper, we propose a new method to remove policy anomalies in a single security device and avoid policy anomalies among the rules in distributed security devices. The proposed method classifies rules according to traffic direction and checks policy anomalies in each device. It is unnecessary to compare the rules for outgoing traffic with the rules for incoming traffic. Therefore, classifying rules by in-out traffic, the proposed method can reduce the number of rules to be compared up to a half. Instead of detecting policy anomalies in distributed security devices, one adopts the rules from others for avoiding anomaly. After removing policy anomalies in each device, other firewalls can keep the policy consistency without anomalies by adopting the rules of a trusted firewall. In addition, it blocks unnecessary traffic because a source side sends as much traffic as the destination side accepts. Also we explain another policy anomaly which can be found under a connection-oriented communication protocol.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.12
• /
• pp.3622-3633
• /
• 1999

Computer security is considered important due to tile side effect generated from the expansion of computer network and rapid increase of the use of computers. Intrusion Detection System(IDS) has been an active research area to reduce the risk from intruders. This paper discusses IDS of detecting anomaly behaviors and proposes a new intelligent IDS model, which consists of several computers with intelligent IDS, based on computer immune system. The intelligent IDSs are distributed and if any of distributed IDSs detect anomaly system call among system call sequences generated by a privilege process, the anomaly system call can be dynamically shared with other IDSs. This makes the intelligent IDSs improve the ability of immunity for new intruders.

• Journal of the Korean Society of Industry Convergence
• /
• v.26 no.2_1
• /
• pp.217-223
• /
• 2023

With the rapid advancement of technologies, need for different research fields where this technology can be used is also increasing. One of the most researched topic in computer vision is object detection, which has widely been implemented in various fields which include healthcare, video surveillance and education. The main goal of object detection is to identify and categorize all the objects in a target environment. Specifically, methods of object detection consist of a variety of significant techniq ues, such as image processing and patterns recognition. Anomaly detection is a part of object detection, anomalies can be found various scenarios for example crowded places such as subway stations. An abnormal event can be assumed as a variation from the conventional scene. Since the abnormal event does not occur frequently, the distribution of normal and abnormal events is thoroughly imbalanced. In terms of public safety, abnormal events should be avoided and therefore immediate action need to be taken. When abnormal events occur in certain places, real time detection is required to prevent and protect the safety of the people. To solve the above problems, we propose a modified YOLOv5 object detection algorithm by implementing dilated convolutional layers which achieved 97% mAP50 compared to other five different models of YOLOv5. In addition to this, we also created a simple mobile application to avail the abnormal event detection on mobile phones.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.45-46
• /
• 2024

본 논문에서는 Self-Attention 기반 딥러닝 기법인 Dense Prediction Transformer(DPT) 모델을 MVTec Anomaly Detection(MVTec AD) 데이터셋에 적용하여 실제 산업 제품 이미지 내 이상 부분을 분할하는 연구를 진행하였다. DPT 모델의 적용을 통해 기존 Convolutional Neural Network(CNN) 기반 이상 탐지기법의 한계점인 지역적 Feature 추출 및 고정된 수용영역으로 인한 문제를 개선하였으며, 실제 산업 제품 데이터에서의 이상 분할 시 기존 주력 기법인 U-Net의 구조를 적용한 최고 성능의 모델보다 1.14%만큼의 성능 향상을 보임에 따라 Self-Attention 기반 딥러닝 기법의 적용이 산업 제품 이상 분할에 효과적임을 입증하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.3
• /
• pp.135-149
• /
• 2008

Traditional attack detection schemes based on packets or flows have very high computational complexity. And, network based anomaly detection schemes can reduce the complexity, but they have a limitation to figure out the pattern of the distributed global scale network attack. In this paper, we propose an efficient and fast method for detecting distributed global-scale network attack symptoms in high-speed backbone networks. The proposed method is implemented at the aggregate traffic level. So, our proposed scheme has much lower computational complexity, and is implemented in very high-speed backbone networks. In addition, the proposed method can detect attack patterns, such as attacks in which the target is a certain host or the backbone infrastructure itself, via collaboration of edge routers on the backbone network. The effectiveness of the proposed method are demonstrated via simulation.

• Transactions of the Korean Society for Noise and Vibration Engineering
• /
• v.14 no.10
• /
• pp.923-929
• /
• 2004

In this research, Forced Vibration Test(FVT) on a cable stayed bridge was conducted to examine the validity of the frequency domain pattern recognition method using signal anomaly index and artificial neuralnetwork. 7he considering structure, Samchunpo Bridge, located in Sachun-Shi, Kyungsangnam-Do, is a cable stayed bridge with the 436 meter span. The excitation force was induced by a sudden braking of a fully loaded truck. and vortical acceleration signals were acquired at 14 points. The initial 2-dimensional FE-model was developed from the design documents to prepare the training sets for the artificial neural network, and then the model calibration was performed with the field test data. As a result of the model calibration, we obtained the FFT spectrums from the model simulation, which was similar to those from the vibration test. These tests and the simulation data will be used for the structural identification using arbitrarily added masses to the bridge.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.5
• /
• pp.1463-1478
• /
• 2012

Based on the theory of local-world network, the composition self-similarity (CSS) of network traffic is presented for the first time in this paper for the study of DoS detection. We propose the concept of composition distribution graph and design the relative operations. The $(R/S)^d$ algorithm is designed for calculating the Hurst parameter. Based on composition distribution graph and Kullback Leibler (KL) divergence, we propose the composition self-similarity anomaly detection (CSSD) method for the detection of DoS attacks. We evaluate the effectiveness of the proposed method. Compared to other entropy based anomaly detection methods, our method is more accurate and with higher sensitivity in the detection of DoS attacks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.5
• /
• pp.953-959
• /
• 2012

There are a number of idle nodes in sensor networks, these can act as detector nodes for anomaly detection in the network. For detecting node selection problem modeled as optimization equation, the conventional method using centralized genetic algorithm was evaluated. In this paper, a method to improve the convergence of the optimal value, while improving energy efficiency as a method of considering the characteristics of the network topology using parallel genetic algorithm is proposed. Through simulation, the proposed method compared with the conventional approaches to the convergence of the optimal value was improved and was found to be energy efficient.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.47-48
• /
• 2024

Heating, Ventilating, and Air Conditioning(HVAC) 시스템은 난방(Heating), 환기(Ventilating), 공기조화(Air Conditioning)를 제공하는 공조시스템으로, 실내 환경의 온도, 습도 조절 및 지속적인 순환 및 여과를 통해 실내 공기 질을 개선한다. 이러한 HVAC 시스템에 이상이 생기는 경우 공기 여과율이 낮아지며, COVID-19와 같은 법정 감염병 예방에 취약해진다. 또한 장비의 과부하를 유발하여, 시스템의 효율성 저하 및 에너지 낭비를 불러올 수 있다. 따라서 본 논문에서는 HVAC 시스템의 이상 탐지 및 조기 조치를 위한 Transformer 기반 이상 탐지 기법의 적용을 제안한다. Transformer는 기존 시계열 데이터 처리를 위한 기법인 Recurrent Neural Network(RNN)기반 모델의 구조적 한계점을 극복함에 따라 Long Term Dependency 문제를 해결하고, 병렬처리를 통해 효율적인 Feature 추출이 가능하다. Transformer 모델이 HVAC 시스템의 이상 탐지에서 RNN 기반의 비교군 모델보다 약 1.31%의 향상을 보이며, Transformer 모델을 통한 HVAC의 이상 탐지에 효율적임을 확인하였다.

• Journal of Intelligence and Information Systems
• /
• v.25 no.3
• /
• pp.43-62
• /
• 2019

At one time, the anomaly detection sector dominated the method of determining whether there was an abnormality based on the statistics derived from specific data. This methodology was possible because the dimension of the data was simple in the past, so the classical statistical method could work effectively. However, as the characteristics of data have changed complexly in the era of big data, it has become more difficult to accurately analyze and predict the data that occurs throughout the industry in the conventional way. Therefore, SVM and Decision Tree based supervised learning algorithms were used. However, there is peculiarity that supervised learning based model can only accurately predict the test data, when the number of classes is equal to the number of normal classes and most of the data generated in the industry has unbalanced data class. Therefore, the predicted results are not always valid when supervised learning model is applied. In order to overcome these drawbacks, many studies now use the unsupervised learning-based model that is not influenced by class distribution, such as autoencoder or generative adversarial networks. In this paper, we propose a method to detect anomalies using generative adversarial networks. AnoGAN, introduced in the study of Thomas et al (2017), is a classification model that performs abnormal detection of medical images. It was composed of a Convolution Neural Net and was used in the field of detection. On the other hand, sequencing data abnormality detection using generative adversarial network is a lack of research papers compared to image data. Of course, in Li et al (2018), a study by Li et al (LSTM), a type of recurrent neural network, has proposed a model to classify the abnormities of numerical sequence data, but it has not been used for categorical sequence data, as well as feature matching method applied by salans et al.(2016). So it suggests that there are a number of studies to be tried on in the ideal classification of sequence data through a generative adversarial Network. In order to learn the sequence data, the structure of the generative adversarial networks is composed of LSTM, and the 2 stacked-LSTM of the generator is composed of 32-dim hidden unit layers and 64-dim hidden unit layers. The LSTM of the discriminator consists of 64-dim hidden unit layer were used. In the process of deriving abnormal scores from existing paper of Anomaly Detection for Sequence data, entropy values of probability of actual data are used in the process of deriving abnormal scores. but in this paper, as mentioned earlier, abnormal scores have been derived by using feature matching techniques. In addition, the process of optimizing latent variables was designed with LSTM to improve model performance. The modified form of generative adversarial model was more accurate in all experiments than the autoencoder in terms of precision and was approximately 7% higher in accuracy. In terms of Robustness, Generative adversarial networks also performed better than autoencoder. Because generative adversarial networks can learn data distribution from real categorical sequence data, Unaffected by a single normal data. But autoencoder is not. Result of Robustness test showed that he accuracy of the autocoder was 92%, the accuracy of the hostile neural network was 96%, and in terms of sensitivity, the autocoder was 40% and the hostile neural network was 51%. In this paper, experiments have also been conducted to show how much performance changes due to differences in the optimization structure of potential variables. As a result, the level of 1% was improved in terms of sensitivity. These results suggest that it presented a new perspective on optimizing latent variable that were relatively insignificant.