• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.525-532
• /
• 2003

This paper describes intrusion detection rule management using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed approach, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2 (Network Simulator) with respect to time.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1841-1848
• /
• 2013

In this paper, the plans for improvement of real-time security monitoring accuracy and expansion of control region were investigated through comprehensive and systematic collection and analysis of the anomalous activities that inflow and outflow in the network on a large scale in order to overcome the existing security monitoring system based on stylized detection patterns which could correspond to only very limited cyber attacks. This study established an anomaly observation system to collect, store and analyze a diverse infringement threat information flowing into the darknet network, and presented the information classification system of cyber threats, unknown anomalies and high-risk anomalous activities through the statistics based trend analysis of hacking. If this security monitoring system utilizing darknet traffic as presented in the study is applied, it was indicated that detection of all infringement threats was increased by 12.6 percent compared with conventional case and 120 kinds of new type and varietal attacks that could not be detected in the past were detected.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.119-132
• /
• 2006

The network based security techniques well-known until now have week points to be passive in attacks and susceptible to roundabout attacks so that the misuse detection based intrusion prevention system which enables positive correspondence to the attacks of inline mode are used widely. But because the Misuse detection based Intrusion prevention system is proportional to the detection rules, it causes excessive false alarm and is linked to wrong correspondence which prevents the regular network flow and is insufficient to detect transformed attacks, This study suggests an Intrusion prevention system which uses Support Vector machines(hereinafter referred to as SVM) as one of rule based Intrusion prevention system and Anomaly System in order to supplement these problems, When this compared with existing intrusion prevention system, show performance result that improve about 20% and could through intrusion prevention system that propose false positive minimize and know that can detect effectively about new variant attack.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.4
• /
• pp.1942-1950
• /
• 2013

This paper suggests a new method of detecting attacks of network traffic by visualizing original traffic data and applying multi-class SVM (support vector machine). The proposed method first generates 2D images from IP and ports of transmitters and receivers, and extracts linear patterns and high intensity values from the images, representing traffic attacks. It then obtains variance of ports of transmitters and receivers and extracts the number of clusters and entropy features using ISODATA algorithm. Finally, it determines through multi-class SVM if the traffic data contain DDoS, DoS, Internet worm, or port scans. Experimental results show that the suggested multi-class SVM-based algorithm can more effectively detect network traffic attacks.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.29 no.7
• /
• pp.828-835
• /
• 2023

Vessel traffic service operators (VTSOs) need to quickly and accurately analyze the maritime traffic situation in the vessel traffic service (VTS) area and provide information to the vessels. However, if traf ic increases rapidly, the workload of VTSOs increases, and they may not be able to provide adequate information. Therefore, it is essential to develop VTSO support technologies that can reduce their workload and provide consistent information. In this paper, we propose a model for automatically detecting abnormal vessels in the VTS area. The proposed model consists of a positional model and a contextual model and is specifically optimized for the traffic characteristics of the target area. The implemented model was tested by using real-world data collected at a test center (Daesan Port VTS). Our experiments confirmed that the model could automatically detect various abnormal situations, and the results were validated through expert evaluation.

• The KIPS Transactions:PartC
• /
• v.14C no.3 s.113
• /
• pp.199-208
• /
• 2007

In a ubiquitous network environment, detecting the leakage of personal information is very important. The leakage of personal information might cause severe problem such as impersonation, cyber criminal and personal privacy violation. In this paper, we have proposed a detection method of personal information leakage based on network traffic characteristics. The experimental results indicate that the traffic character of a real campus network shows the self-similarity and Proposed method can detect the anomaly of leakage of personal information by malicious code.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.1061-1064
• /
• 2001

일반적으로 비정상행위를 탐지하는데 통계적인 기법을 사용하여 왔다. 본 논문에서는 통계적인 기법의 단점을 보완하기 위해 베이지안 네트워크(Bayesian Network)의 장점들을 이용한 비정상행위에 대한 판정 및 분석에 효과적인 방법을 연구하고자 한다. 리눅스 시스템의 감사자료(LSM audit data)로부터 사용자의 정상행위에 대해 베이지안 네트워크 학습에 효율적인 Sparse Candidate 알고리즘을 사용하고, 감사자료의 일부가 결여되어 있는 경우에도 추론이 가능하도록 Gibbs Sampling 방법을 적용하여 시스템 사용자의 비정상행위를 판정하는데 도움이 되도록 한다.

• Journal of Korea Multimedia Society
• /
• v.22 no.10
• /
• pp.1187-1198
• /
• 2019

In this study, we propose a new $PM_{10}$ forecasting model for Seoul region using DNN(Deep Neural Network) and secondary data. The previous numerical and Julian forecast model have been developed using primary data such as weather and air quality measurements. These models give excellent results for accuracy and false alarms, but POD is not good for the daily life usage. To solve this problem, we develop four secondary factors composed with primary data, which reflect the correlations between primary factors and high $PM_{10}$ concentrations. The proposed 4 models are A(Anomaly), BT(Back trajectory), CB(Contribution), CS(Cosine similarity), and ALL(model using all 4 secondary data). Among them, model ALL shows the best performance in all indicators, especially the PODs are improved.

• International Journal of Computer Science & Network Security
• /
• v.23 no.5
• /
• pp.179-192
• /
• 2023

The widespread use of Cloud Computing, Internet of Things (IoT), and social media in the Information Communication Technology (ICT) field has resulted in continuous and unavoidable cyber-attacks on users and critical infrastructures worldwide. Traditional security measures such as firewalls and encryption systems are not effective in countering these sophisticated cyber-attacks. Therefore, Intrusion Detection and Prevention Systems (IDPS) are necessary to reduce the risk to an absolute minimum. Although IDPSs can detect various types of cyber-attacks with high accuracy, their performance is limited by a high false alarm rate. This study proposes a new technique called Fuzzy Logic - Objective Risk Analysis (FLORA) that can significantly reduce false positive alarm rates and maintain a high level of security against serious cyber-attacks. The FLORA model has a high fuzzy accuracy rate of 90.11% and can predict vulnerabilities with a high level of certainty. It also has a mechanism for monitoring and recording digital forensic evidence which can be used in legal prosecution proceedings in different jurisdictions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.544-546
• /
• 2020

의료 데이터를 이용하여 인공지능 기계학습 연구를 수행할 때 자주 마주하는 문제는 데이터 불균형, 데이터 부족 등이며 특히 정제된 충분한 데이터를 구하기 힘들다는 것이 큰 문제이다. 본 연구에서는 이를 해결하기 위해 GAN(Generative Adversarial Network) 기반 고해상도 의료 영상을 생성하는 프레임워크를 개발하고자 한다. 각 해상도 마다 Scale 의 Gradient 를 동시에 학습하여 빠르게 고해상도 이미지를 생성해낼 수 있도록 했다. 고해상도 이미지를 생성하는 Neural Network 를 고안하였으며, PGGAN, Style-GAN 과의 성능 비교를 통해 제안된 모델이 양질의 고해상도 의료영상 이미지를 더 빠르게 생성할 수 있음을 확인하였다. 이를 통해 인공지능 기계학습 연구에 있어서 의료 영상의 데이터 부족, 데이터 불균형 문제를 해결할 수 있는 Data augmentation 이나, Anomaly detection 등의 연구에 적용할 수 있다.