• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.581-583
• /
• 2021

Due to the pendemic of Corona 19, the use of mobile services is increasing. However, since anomalies in most mobile devices are recognized by the device's alarm, it is difficult to intuitively determine the problem of the device when a complex failure occurs. To compensate for this, in this study, the Anomaly Score was created by RRCF algorithm to intuitively recognize the problem by combining the alarm and performance information of the equipment, and the effect of detecting 97% of the past failure history was verified.

• Journal of Multimedia Information System
• /
• v.6 no.4
• /
• pp.165-172
• /
• 2019

Machine-learning techniques have been actively employed to information security in recent years. Traditional rule-based security solutions are vulnerable to advanced attacks due to unpredictable behaviors and unknown vulnerabilities. By employing ML techniques, we are able to develop intrusion detection systems (IDS) based on anomaly detection instead of misuse detection. Moreover, threshold issues in anomaly detection can also be resolved through machine-learning. There are very few datasets for network intrusion detection compared to datasets for malicious code. KDD CUP 99 (KDD) is the most widely used dataset for the evaluation of IDS. Numerous studies on ML-based IDS have been using KDD or the upgraded versions of KDD. In this work, we develop an IDS model using CSE-CIC-IDS 2018, a dataset containing the most up-to-date common network attacks. We employ deep-learning techniques and develop a convolutional neural network (CNN) model for CSE-CIC-IDS 2018. We then evaluate its performance comparing with a recurrent neural network (RNN) model. Our experimental results show that the performance of our CNN model is higher than that of the RNN model when applied to CSE-CIC-IDS 2018 dataset. Furthermore, we suggest a way of improving the performance of our model.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.171-179
• /
• 2020

Recently, studies have shown that convolution neural networks are achieving the best performance in image classification, object detection, and image generation. Vision based defect inspection which is more economical than other defect inspection, is a very important for a factory automation. Although supervised anomaly detection algorithm has far exceeded the performance of traditional machine learning based method, it is inefficient for real industrial field due to its tedious annotation work, In this paper, we propose ADGAN, a unsupervised anomaly detection architecture using the variational autoencoder and the generative adversarial network which give great results in image generation task, and demonstrate whether the proposed network architecture identifies anomalous images well on MNIST benchmark dataset as well as our own welding defect dataset.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.175-181
• /
• 2014

With rapid growth of the wireless mobile computing network technologies, various mobile ad hoc network applications converged with other related technologies are rapidly disseminated nowadays. Vehicular Ad Hoc Networks are self-organizing mobile ad hoc networks that typically have moving vehicle nodes with high speeds and maintaining its topology very short with unstable communication links. Therefore, VANETs are very vulnerable for the malicious noise of sensors and anomalies of the nodes in the network system. In this paper, we propose an anomaly detection method by using big data techniques that efficiently identify malicious behaviors or noises of sensors and anomalies of vehicle node activities in these VANETs, and the performance of the proposed scheme is evaluated by a simulation study in terms of anomaly detection rate and false alarm rate for the threshold ${\epsilon}$.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.12A
• /
• pp.1152-1159
• /
• 2010

Wireless Mesh Networks (WMNs) provides Internet accesses to users by forming backbone networks via wireless links. A key problem of WMN is network capacity. For this, multi-channel and multi-rate functions of IEEE 802.11 can be utilized. Depending on channel assignments, multi-channel determines node connectivity and channel diversity. Also, in IEEE 802.11 multi-rate networks, the rate anomaly problem occurs, the phenomenon that low-rate links degrades the performance of high-rate links. In this paper, we propose rate separating multi-channel (RSMC) protocols that improves the node connectivity and channel diversity, and mitigates the rate anomaly problem. RSMC increases the channel diversity by forming tree-based WMNs and decreases the rate anomaly by separating different rate links on the tree via channels. In addition, it uses network connectivity (NC) algorithm to increase the node connectivity. Through simulations, we demonstrate that the RSMC shows improved performance than existing multi-channel protocols in terms of aggregate throughput, node connectivity, channel diversity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.281-288
• /
• 2024

The sixth generation(6G) wireless communication technology is advancing toward ultra-high speed, ultra-high bandwidth, and hyper-connectivity. With the development of communication technologies, the formation of a hyper-connected society is rapidly accelerating, expanding from the IoT(Internet of Things) to the IoE(Internet of Everything). However, at the same time, security threats targeting IoT devices have become widespread, and there are concerns about security incidents such as unauthorized access and information leakage. As a result, the need for security-enhancing solutions is increasing. In this paper, we implement an autoencoder-based anomaly detection model utilizing real-time collected network traffics in respond to IoT security threats. Considering the difficulty of capturing IoT device traffic data for each attack in real IoT environments, we use an unsupervised learning-based autoencoder and implement 6 different autoencoder models based on the use of noise in the training data and the dimensions of the latent space. By comparing the model performance through experiments, we provide a performance evaluation of the anomaly detection model for detecting abnormal network traffic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.647-660
• /
• 2022

Recent works demonstrate that the semi-supervised anomaly detection method functions quite well in the environment with normal data and some anomalous data. However, abnormal data shortages can occur in an environment where it is difficult to reserve anomalous data, such as an unknown attack in the cyber security fields. In this paper, we propose ADA-PH(Abnormal Data Augmentation Method using Perturbation based on Hypersphere), a novel anomalous data augmentation method that is applicable in an environment where abnormal data is insufficient to secure the performance of the semi-supervised anomaly detection method. ADA-PH generates abnormal data by perturbing samples located relatively far from the center of the hypersphere. With the network intrusion detection datasets where abnormal data is rare, ADA-PH shows 23.63% higher AUC performance than anomaly detection without data augmentation and even performs better than the other augmentation methods. Also, we further conduct quantitative and qualitative analysis on whether generated abnormal data is anomalous.

• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

• The Korean Journal of Applied Statistics
• /
• v.36 no.5
• /
• pp.399-413
• /
• 2023

Recently, monitoring and detecting anomalies in social networks have become an interesting research topic. In this study, we investigate the detection of abnormal changes in a network modeled by the DCSBM (degree corrected stochastic block model), which reflects the propensity of both individuals and communities. To this end, we propose three methods for anomaly detection in the DCSBM networks: One method for monitoring the entire network, and two methods for dividing and monitoring the network in consideration of communities. To compare these anomaly detection methods, we design and perform simulations. The simulation results show that the method for monitoring networks divided by communities has good performance.

• Smart Structures and Systems
• /
• v.29 no.6
• /
• pp.757-766
• /
• 2022

To train deep learning algorithms, a sufficient number of data are required. However, in most engineering systems, the acquisition of fault data is difficult or sometimes not feasible, while normal data are secured. The dearth of data is one of the major challenges to developing deep learning models, and fault diagnosis in particular cannot be made in the absence of fault data. With this context, this paper proposes an anomaly detection methodology for rotating machines using only normal data with self-labeling. Since only normal data are used for anomaly detection, a self-labeling method is used to generate a new labeled dataset. The overall procedure includes the following three steps: (1) transformation of normal data to self-labeled data based on a pretext task, (2) training the convolutional neural networks (CNN), and (3) anomaly detection using defined anomaly score based on the softmax output of the trained CNN. The softmax value of the abnormal sample shows different behavior from the normal softmax values. To verify the proposed method, four case studies were conducted, on the Case Western Reserve University (CWRU) bearing dataset, IEEE PHM 2012 data challenge dataset, PHMAP 2021 data challenge dataset, and laboratory bearing testbed; and the results were compared to those of existing machine learning and deep learning methods. The results showed that the proposed algorithm could detect faults in the bearing testbed and compressor with over 99.7% accuracy. In particular, it was possible to detect not only bearing faults but also structural faults such as unbalance and belt looseness with very high accuracy. Compared with the existing GAN, the autoencoder-based anomaly detection algorithm, the proposed method showed high anomaly detection performance.