• Food Science of Animal Resources
• /
• v.33 no.4
• /
• pp.463-473
• /
• 2013

Through the development of efficient data collecting technologies like RFID, and inter-enterprise collaboration platforms such as web services, companies which participate in supply chains can acquire visibility over the whole supply chain, and can make decisions to optimize the overall supply chain networks and processes, based on the extracted knowledge from historical data collected by the visibility system. Although not currently active, the MeatWatch system has been developed, and is used in part for this purpose, in the imported beef distribution network in Korea. However, the imported beef distribution network is too complicated to analyze its various aspects using ordinary process analysis approaches. In this paper, we suggest a novel approach, called RFID-based supply chain process mining, to automatically discover and analyze the overall supply chain processes from the distributed RFID event data, without any prior knowledge. The proposed approach was implemented and validated, by using a case study of the imported beef distribution network in Korea. Specifically we demonstrated that the proposed approach can be successfully applied to discover supply chain networks from the distributed event data, to simplify the supply chain networks, and to analyze anomaly of the distribution networks. Such novel process mining functionalities can reinforce the capability of traceability services like MeatWatch in the future.

• Journal of Information Processing Systems
• /
• v.6 no.4
• /
• pp.481-500
• /
• 2010

The Internet explosion and the increase in crucial web applications such as ebanking and e-commerce, make essential the need for network security tools. One of such tools is an Intrusion detection system which can be classified based on detection approachs as being signature-based or anomaly-based. Even though intrusion detection systems are well defined, their cooperation with each other to detect attacks needs to be addressed. Consequently, a new architecture that allows them to cooperate in detecting attacks is proposed. The architecture uses Software Agents to provide scalability and distributability. It works in two modes: learning and detection. During learning mode, it generates a profile for each individual system using a fuzzy data mining algorithm. During detection mode, each system uses the FuzzyJess to match network traffic against its profile. The architecture was tested against a standard data set produced by MIT's Lincoln Laboratory and the primary results show its efficiency and capability to detect attacks. Finally, two new methods, the memory-window and memoryless-window, were developed for extracting useful parameters from raw packets. The parameters are used as detection metrics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.25-38
• /
• 2017

Many security threats are occurring around the world due to the characteristics of industrial control systems that can cause serious damage in the event of a security incident including major national infrastructure. Therefore, the industrial control system network traffic should be analyzed so that it can identify the attack in advance or perform incident response after the accident. In this paper, we research the visualization technique as network forensics to enable reasonable suspicion of all possible attacks on DNP3 control system protocol, and define normal action based rules and derive visualization requirements. As a result, we developed a visualization tool that can detect sudden network traffic changes such as DDoS and attacks that contain anormal behavior from captured packet files on industrial control system network. The suspicious behavior in the industrial control system network can be found using visualization tool with Digital Bond packet.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.161-164
• /
• 2005

As the power of influence of the Internet grows steadily, attacks against the Internet can cause enormous monetary damages nowadays. A worm can not only replicate itself like a virus but also propagate itself across the Internet. So it infects vulnerable hosts in the Internet and then downgrades the overall performance of the Internet or makes the Internet not to work. To response this, worm detection and prevention technologies are developed. The worm detection technologies are classified into two categories, host based detection and network based detection. Host based detection methods are a method which checks the files that worms make, a method which checks the integrity of the file systems and so on. Network based detection methods are a misuse detection method which compares traffic payloads with worm signatures and anomaly detection methods which check inbound/outbound scan rates, ICMP host/port unreachable message rates, and TCP RST packet rates. However, single detection methods like the aforementioned can't response worms' attacks effectively because worms attack the Internet in the distributed fashion. In this paper, we propose a design of distributed worm detection system to overcome the inefficiency. Existing distributed network intrusion detection systems cooperate with each other only with their own information. Unlike this, in our proposed system, a worm detection system on a network in which worms select targets and a worm detection system on a network in which worms propagate themselves cooperate with each other with the direction-aware information in terms of worm's lifecycle. The direction-aware information includes the moving direction of worms and the service port attacked by worms. In this way, we can not only reduce false positive rate of the system but also prevent worms from propagating themselves across the Internet through dispersing the confirmed worm signature.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.4
• /
• pp.1307-1323
• /
• 2014

With the exhaustion of global IPv4 addresses, IPv6 technologies have attracted increasing attentions, and have been deployed widely. Meanwhile, new applications running over IPv6 networks will change the traditional traffic characteristics obtained from IPv4 networks. Traditional models obtained from IPv4 cannot be used for IPv6 network monitoring directly and there is a need to investigate those changes. In this paper, we explore the flow features of IPv6 traffic and compare its difference with that of IPv4 traffic from flow level. Firstly, we analyze the differences of the general flow statistical characteristics and users' behavior between IPv4 and IPv6 networks. We find that there are more elephant flows in IPv6, which is critical for traffic engineering. Secondly, we find that there exist many one-way flows both in the IPv4 and IPv6 traffic, which are important information sources for abnormal behavior detection. Finally, in light of the challenges of analyzing massive data of large-scale network monitoring, we propose a group flow model which can greatly reduce the number of flows while capturing the primary traffic features, and perform a comparative measurement analysis of group users' behavior dynamic characteristics. We find there are less sharp changes caused by abnormity compared with IPv4, which shows there are less large-scale malicious activities in IPv6 currently. All the evaluation experiments are carried out based on the traffic traces collected from the Northwest Regional Center of CERNET (China Education and Research Network), and the results reveal the detailed flow characteristics of IPv6, which are useful for traffic management and anomaly detection in IPv6.

• The Journal of the Korea Contents Association
• /
• v.7 no.3
• /
• pp.93-100
• /
• 2007

Internet had spread in all fields with the fast speed during the last 10 years. Lately, wireless network is also spreading rapidly. Also, number of times that succeed attack attempt and invasion for wireless network is increasing rapidly TMS system was developed to overcome these threat on wireless network. Existing TMS system supplies active confrontation mechanism on these threats. However, existent TMS has limitation that new form of attack do not filtered efficiently. Therefor this paper proposes a new method that it automatically compute the threat from the imput packets with vector space model and detect anomaly detection of wireless network. Proposed mechanism in this research analyzes similarity degree between packets, and detect something wrong symptom of wireless network and then classify these threats automatically.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.11
• /
• pp.2569-2575
• /
• 2015

Network RTK generally uses a linear interpolation method by using the corrections from reference stations. This minimizes the spatial decorrelation error caused by the increase of distance between the reference station's baseline and user's baseline. However, tropospheric delay, a function of the meteorological data can cause a spatial decorrelation characteristic among reference stations within a network by local meteorological difference. A non-linear characteristic of tropospheric delay can deteriorate Network RTK performance. In this paper, the modeling of tropospheric delay irregularity is made from the data when the typhoon is occurred. By using this modeling, analyzing the effect of meteorological difference between reference stations on correction is performed. Finally, we analyze an effect of non-linear characteristics of tropospheric delay among reference stations to Network RTK user.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.11
• /
• pp.4290-4309
• /
• 2020

In recent years, advancements in machine learning capabilities have allowed it to see widespread adoption for tasks such as object detection, image classification, and anomaly detection. However, despite their promise, a limitation lies in the fact that a network's performance quality is based on the data which it receives. A well-trained network will still have poor performance if the subsequent data supplied to it contains artifacts, out of focus regions, or other visual distortions. Under normal circumstances, images of the same scene captured from differing points of focus, angles, or modalities must be separately analysed by the network, despite possibly containing overlapping information such as in the case of images of the same scene captured from different angles, or irrelevant information such as images captured from infrared sensors which can capture thermal information well but not topographical details. This factor can potentially add significantly to the computational time and resources required to utilize the network without providing any additional benefit. In this study, we plan to explore using image fusion techniques to assemble multiple images of the same scene into a single image that retains the most salient key features of the individual source images while discarding overlapping or irrelevant data that does not provide any benefit to the network. Utilizing this image fusion step before inputting a dataset into the network, the number of images would be significantly reduced with the potential to improve the classification performance accuracy by enhancing images while discarding irrelevant and overlapping regions.

• Journal of Information Technology Services
• /
• v.22 no.5
• /
• pp.99-108
• /
• 2023

As the computerization of hospitals becomes more advanced, security issues regarding data generated from various medical devices within hospitals are gradually increasing. For example, because hospital data contains a variety of personal information, attempts to attack it have been continuously made. In order to safely protect data from external attacks, each hospital has formed an internal team to continuously monitor whether the computer network is safely protected. However, there are limits to how humans can monitor attacks that occur on networks within hospitals in real time. Recently, artificial intelligence models have shown excellent performance in detecting outliers. In this paper, an experiment was conducted to verify how well an artificial intelligence model classifies normal and abnormal data in network traffic data generated from medical devices. There are several models used for outlier detection, but among them, Random Forest and Tabnet were used. Tabnet is a deep learning algorithm related to receive and classify structured data. Two algorithms were trained using open traffic network data, and the classification accuracy of the model was measured using test data. As a result, the random forest algorithm showed a classification accuracy of 93%, and Tapnet showed a classification accuracy of 99%. Therefore, it is expected that most outliers that may occur in a hospital network can be detected using an excellent algorithm such as Tabnet.

• Journal of the Korean Electrochemical Society
• /
• v.24 no.3
• /
• pp.52-64
• /
• 2021

The effect of Fe and BO₃ doping on structure, thermal, and electrical properties of Li_1+xFe_xTi_2-x(PO₄)_3-y(BO₃)_y (x = 0.2, 0.5)-based glass and glass ceramics was investigated. In addition, their crystallization behavior during sintering and ionic conductivity were also investigated in terms of sintering temperature. FT-IR and XPS results indicated that Fe²⁺ and Fe³⁺ ions in Li_1+xFe_xTi_2-x(PO₄)_3-y(BO₃)_y glass worked as a network modifier (FeO₆ octahedra) and also as a network former (FeO₄ tetrahedra). In the case of the glass with low substitution of BO₃, boron formed (PB)O₄ network structure, while boron preferred BO₃ triangles or B₃O₃ boroxol rings with increasing the BO₃ content owing to boic oxide anomaly, which can result in an increased non-bridging oxygen. The glass transition temperature (GTT) and crystallization temperature (CT) was lowered as the BO₃ substitution was increased, while Fe²⁺ lowered the GTT and raised the CT. The ionic conductivity of Li_1+xFe_xTi_2-x(PO₄)_3-y(BO₃)_y glass ceramics were 8.85×10^-4 and 1.38×10^-4S/cm for x = 0.2 and 0.5, respectively. The oxidation state of doped Fe and boric oxide anomaly were due to the enhanced lithium ion conductivity of glass ceramics.