• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 1999.05a
• /
• pp.203-207
• /
• 1999

In this paper we propose the automated generation algorithm of penetration scenario using association mining technique. Until now known intrusion detections are classified into anomaly detection and misuse detection. The former uses statistical method, features selection, neural network method in order to decide intrusion, the latter uses conditional probability, expert system, state transition analysis, pattern matching for deciding intrusion. In proposed many intrusion detection algorithms unknown penetrations are created and updated by security experts. Our algorithm automatically generates penetration scenarios applying association mining technique to state transition technique. Association mining technique discovers efficient and useful unknown information in existing data. In this paper the algorithm we propose can automatically generate penetration scenarios to have been produced by security experts and is easy to cope with intrusions when it is compared to existing intrusion algorithms. Also It has advantage that maintenance cost is not high.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.4
• /
• pp.81-86
• /
• 2003

Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of the use of internet. Therefore, Intrusion Detection System has been an active research area to reduce the risk from intruders. Especially, The paper proposes a new Security Policy-based Intrusion Detection System Model, which consists of several computer with Intrusion Detection System, based on Intrusion Detection System and describes design of the Security Policy-based Intrusion Detection System model and prototype implementation of it. The Security Policy-based Intrusion Detection Systems are distributed and if any of distributed Security Policy- based Intrusion Detection Systems detect anomaly system call among system call sequences generated by a privilege process, the anomaly system call can be dynamically shared with Security Policy-based Intrusion Detection Systems, This makes the Security Policy - based Intrusion Detection Systems improve the ability of countermeasures for new intruders.

• Journal of The Korean Astronomical Society
• /
• v.51 no.6
• /
• pp.197-206
• /
• 2018

We present the analysis of KMT-2016-BLG-0212, a low flux-variation ($I_{flux-var}{\sim}20mag$) microlensing event, which is in a high-cadence (${\Gamma}=4hr^{-1}$) field of the three-telescope Korea Microlensing Telescope Network (KMTNet) survey. The event shows a short anomaly that is incompletely covered due to the brief visibility intervals that characterize the early microlensing season when the anomaly occurred. We show that the data are consistent with two classes of solutions, characterized respectively by low-mass brown-dwarf (q = 0.037) and sub-Neptune (q < $10^{-4}$) companions. Future high-resolution imaging should easily distinguish between these solutions.

• Journal of Korea Multimedia Society
• /
• v.24 no.8
• /
• pp.979-987
• /
• 2021

Multiple Sclerosis (MS) can be early diagnosed by detecting lesions in brain magnetic resonance images (MRI). Unsupervised anomaly detection methods based on autoencoder have been recently proposed for automated detection of MS lesions. However, these autoencoder-based methods were developed only for 2D images (e.g. 2D cross-sectional slices) of MRI, so do not utilize the full 3D information of MRI. In this paper, therefore, we propose a novel 3D autoencoder-based framework for detection of the lesion volume of MS in MRI. We first define a 3D convolutional neural network (CNN) for full MRI volumes, and build each encoder and decoder layer of the 3D autoencoder based on 3D CNN. We also add a skip connection between the encoder and decoder layer for effective data reconstruction. In the experimental results, we compare the 3D autoencoder-based method with the 2D autoencoder models using the training datasets of 80 healthy subjects from the Human Connectome Project (HCP) and the testing datasets of 25 MS patients from the Longitudinal multiple sclerosis lesion segmentation challenge, and show that the proposed method achieves superior performance in prediction of MS lesion by up to 15%.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.4
• /
• pp.125-144
• /
• 2022

When a variable message signs (VMS) system displays false information related to traffic safety caused by malicious attacks, it could pose a serious risk to drivers. If the normal message patterns displayed on the VMS system are learned, it would be possible to detect and respond to the anomalous messages quickly. This paper proposes a method for detecting anomalous messages by learning the normal patterns of messages using a bi-directional generative pre-trained transformer (GPT) network. In particular, the proposed method was trained using the normal messages and their system parameters to minimize the corresponding negative log-likelihood (NLL) values. After adequate training, the proposed method could detect an anomalous message when its NLL value was larger than a pre-specified threshold value. The experiment results showed that the proposed method could detect malicious messages and cases when the system error occurs.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.9-15
• /
• 2013

Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user's behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.3
• /
• pp.181-188
• /
• 2011

With the rapid proliferation of wireless networks and mobile computing applications, the landscape of the network security has greatly changed recently. Especially, Vehicular Ad Hoc Networks maintaining network topology with vehicle nodes of high mobility are self-organizing Peer-to-Peer networks that typically have short-lasting and unstable communication links. VANETs are formed with neither fixed infrastructure, centralized administration, nor dedicated routing equipment, and vehicle nodes are moving, joining and leaving the network with very high speed over time. So, VANET-security is very vulnerable for the intrusion of malicious and misbehaving nodes in the network, since VANETs are mostly open networks, allowing everyone connection without centralized control. In this paper, we propose a weighted intrusion detection method using rough set that can identify malicious behavior of vehicle node's activity and detect intrusions efficiently in VANETs. The performance of the proposed scheme is evaluated by a simulation study in terms of intrusion detection rate and false alarm rate for the threshold of deviation number ${\epsilon}$.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.31-38
• /
• 2017

As the cyber-attacks through the networks advance, it is difficult for the intrusion detection system based on the simple rules to detect the novel type of attacks such as Advanced Persistent Threat(APT) attack. At present, many types of research have been focused on the application of machine learning techniques to the intrusion detection system in order to detect previously unknown attacks. In the case of using the machine learning techniques, the performance of the intrusion detection system largely depends on the feature set which is used as an input to the system. Generally, more features increase the accuracy of the intrusion detection system whereas they cause a problem when fast responses are required owing to their large elapsed time. In this paper, we present a network intrusion detection system based on artificial neural network, which adopts a multi-objective genetic algorithm to satisfy the both requirements: accuracy, and fast response. The comparison between the proposing approach and previously proposed other approaches is conducted against NSL_KDD data set for the evaluation of the performance of the proposing approach.

• KNOM Review
• /
• v.21 no.2
• /
• pp.18-25
• /
• 2018

Since the development of block-chain technology by Satoshi Nakamoto and Bitcoin pioneered a new cryptocurrency market, a number of scale of cryptocurrency have emerged. There are crimes taking place using the anonymity and vulnerabilities of block-chain technology, and many studies are underway to improve vulnerability and prevent crime. However, they are not enough to detect users who commit crimes. Therefore, it is very important to detect abnormal behavior such as money laundering and stealing cryptocurrency from the network. In this paper, the characteristics of the transactions and user graphs in the Bitcoin network are collected and statistical information is extracted from them and presented as plots on the log scale. Finally, we analyze visualized plots according to the Densification Power Law and Power Law Degree, as a result, present features appropriate for detection of anomalies involving abnormal transactions and abnormal users in the Bitcoin network.

• Proceedings of the KSRS Conference
• /
• 2005.10a
• /
• pp.557-560
• /
• 2005

The Korea Multi-Purpose SATellite-2 (KOMPSAT -2) will be launched into a circular sun synchronous orbit in Dec. 2005. For the mission operation of the KOMPSAT-2 satellite, KARl Ground Station (KGS) consists of the Mission Control Elements (MCE), Image Reception & Processing Elements (IRPE) and the overseas stations. For the oversea stations, the Kongsberg Satellite Services (KSAT) is the prime supplier of support service. KSAT has the capability to provide Tracking Telemetry and Commanding (TT&C) nominal, contingency and anomaly support for every single orbit for most polar orbiting satellites. Also KSAT provides nodal service through the network management functionality for all oversea ground stations. This paper describes the oversea stations and the support for Launch and nominal TT&C services for KOMPSAT-2 and the operation plan for KOMPSAT-2.