• 한국항해항만학회지
• /
• 제40권5호
• /
• pp.271-278
• /
• 2016

Localized atmospheric conditions between multi-reference stations can bring the tropospheric delay irregularity that becomes an error terms affecting positioning accuracy in network RTK environment. Imbalanced network error can affect the network solutions and it can corrupt the entire network solution and degrade the correction accuracy. If an anomaly could be detected before the correction message was generated, it is possible to eliminate the anomalous satellite that can cause degradation of the network solution during the tropospheric delay anomaly. An atmospheric grid that consists of four meteorological stations was used to detect an inhomogeneous weather conditions and tropospheric anomaly applied AWSs (automatic weather stations) meteorological data. The threshold of anomaly detection algorithm was determined based on the statistical weather data of AWSs for 5 years in an atmospheric grid. From the analytic results of anomaly detection algorithm it showed that the proposed algorithm can detect an anomalous satellite with an anomaly flag generation caused tropospheric delay anomaly during localized atmospheric conditions between stations. It was shown that the different precipitation condition between stations is the main factor affecting tropospheric anomalies.

• Smart Structures and Systems
• /
• 제30권6호
• /
• pp.613-626
• /
• 2022

Guaranteeing the quality and integrity of structural health monitoring (SHM) data is very important for an effective assessment of structural condition. However, sensory system may malfunction due to sensor fault or harsh operational environment, resulting in multiple types of data anomaly existing in the measured data. Efficiently and automatically identifying anomalies from the vast amounts of measured data is significant for assessing the structural conditions and early warning for structural failure in SHM. The major challenges of current automated data anomaly detection methods are the imbalance of dataset categories. In terms of the feature of actual anomalous data, this paper proposes a data anomaly detection method based on data-level and deep learning technique for SHM of civil engineering structures. The proposed method consists of a data balancing phase to prepare a comprehensive training dataset based on data-level technique, and an anomaly detection phase based on a sophisticatedly designed network. The advanced densely connected convolutional network (DenseNet) and Transformer encoder are embedded in the specific network to facilitate extraction of both detail and global features of response data, and to establish the mapping between the highest level of abstractive features and data anomaly class. Numerical studies on a steel frame model are conducted to evaluate the performance and noise immunity of using the proposed network for data anomaly detection. The applicability of the proposed method for data anomaly classification is validated with the measured data of a practical supertall structure. The proposed method presents a remarkable performance on data anomaly detection, which reaches a 95.7% overall accuracy with practical engineering structural monitoring data, which demonstrates the effectiveness of data balancing and the robust classification capability of the proposed network.

• 한국산업정보학회논문지
• /
• 제14권3호
• /
• pp.22-29
• /
• 2009

컴퓨터를 통해서 들어오는 다양한 형태의 침입을 효과적으로 탐지하기 위해서 이전에는 오용탐지 기법이 주로 이용되어 왔다. 오용탐지 기법은 이전에 알려지지 않은 침입 방법들을 효과적으로 탐지할 수 있기 때문이다. 하지만, 해당 기법에서는 정상적인 네트워크 접속 형태가 몇 가지 패턴으로 고정되어 있다고 가정한다. 이러한 이유 때문에 새로운 정상적인 네트워크 연결이 비정상행위로 탐지되기도 한다. 본 논문에서는 연관 마이닝 기법을 활용한 침입 탐지 방법을 제안한다. 논문에서 제안되는 방법은 패킷내 마이닝 단계와 패킷간 마이닝 두가지 단계로 구성된다. 제안된 방법의 성능은 대표적인 네트워크 침입 탐지 방법인 JAM과의 비교 실험을 통하여 평가하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권7호
• /
• pp.3093-3115
• /
• 2020

Network anomaly detection system plays an essential role in detecting network anomaly and ensuring network security. Anomaly detection system based machine learning has become an increasingly popular solution. However, due to the unbalance and high-dimension characteristics of network traffic, the existing methods unable to achieve the excellent performance of high accuracy and low false alarm rate. To address this problem, a new network anomaly detection method based on data balancing and recursive feature addition is proposed. Firstly, data balancing algorithm based on improved KNN outlier detection is designed to select part respective data on each category. Combination optimization about parameters of improved KNN outlier detection is implemented by genetic algorithm. Next, recursive feature addition algorithm based on correlation analysis is proposed to select effective features, in which a cross contingency test is utilized to analyze correlation and obtain a features subset with a strong correlation. Then, random forests model is as the classification model to detection anomaly. Finally, the proposed algorithm is evaluated on benchmark datasets KDD Cup 1999 and UNSW_NB15. The result illustrates the proposed strategies enhance accuracy and recall, and decrease the false alarm rate. Compared with other algorithms, this algorithm still achieves significant effects, especially recall in the small category.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권8호
• /
• pp.3946-3965
• /
• 2018

Network anomaly detection in Software Defined Networking, especially the detection of DDoS attack, has been given great attention in recent years. It is convenient to build the Traffic Matrix from a global view in SDN. However, the monitoring and management of high-volume feature-rich traffic in large networks brings significant challenges. In this paper, we propose a moving window Principal Components Analysis based anomaly detection and mitigation approach to map data onto a low-dimensional subspace and keep monitoring the network state in real-time. Once the anomaly is detected, the controller will install the defense flow table rules onto the corresponding data plane switches to mitigate the attack. Furthermore, we evaluate our approach with experiments. The Receiver Operating Characteristic curves show that our approach performs well in both detection probability and false alarm probability compared with the entropy-based approach. In addition, the mitigation effect is impressive that our approach can prevent most of the attacking traffic. At last, we evaluate the overhead of the system, including the detection delay and utilization of CPU, which is not excessive. Our anomaly detection approach is lightweight and effective.

• 한국정보전자통신기술학회논문지
• /
• 제15권1호
• /
• pp.69-75
• /
• 2022

지금까지 발전 설비 터빈 블레이드의 이상 탐지는 사람에 의해 진행되어왔다. 하지만 발전 설비 노후화로 인한 이상 탐지 수요 증가와 터빈 블레이드의 이상을 검사하는 검사자 간의 기량 차로 인해 발생하는 검출 결과의 상이성으로 인해, 이러한 터빈 블레이드 이상 탐지 수요 증가와 인적 요소로 인해 발생하는 오류를 줄이고 높은 신뢰성의 터빈 블레이드 이상 검출성능을 안정적으로 제공할 수 있는 기법 개발의 필요성이 지속해서 제기되어 왔다. 이번 논문에서는 최근 다양한 분야에서 인상적인 성능 향상을 달성한 깊은 신경망을 이용한 발전 설비 터빈 블레이드의 이상 탐지 기술을 제안한다. 실험 결과는 제안된 기술이 인적 요소의 개입을 최소화함과 동시에 안정적인 이상 검출성능을 달성함을 증명한다.

• 한국항해항만학회지
• /
• 제40권5호
• /
• pp.265-270
• /
• 2016

Extreme tropospheric anomalies such as typhoons or regional torrential rain can degrade positioning accuracy of the GPS signal. It becomes one of the main error terms affecting high-precision positioning solutions in network RTK. This paper proposed a detection algorithm to be used during atmospheric anomalies in order to detect the tropospheric irregularities that can degrade the quality of correction data due to network errors caused by inhomogeneous atmospheric conditions between multi-reference stations. It uses an atmospheric grid that consists of four meteorological stations and estimates the troposphere zenith total delay difference at a low performance point in an atmospheric grid. AWS (automatic weather station) meteorological data can be applied to the proposed tropospheric anomaly detection algorithm when there are different atmospheric conditions between the stations. The concept of probability density distribution of the delta troposphere slant delay was proposed for the threshold determination.

• 한국통신학회논문지
• /
• 제34권3B호
• /
• pp.311-317
• /
• 2009

기존의 망 이상 상태 탐지 시스템들은 주로 정상 상태의 시스템 사용률 등과 같은 통계 값으로 결정된 임계값을 기반으로 탐지하기 때문에 이상 상태임에도 불구하고 정상 상태와 비슷한 시스템 통계 값을 가지면 탐지하지 못하는 문제점이 있다. 이러한 단점들을 해결하기 위하여 본 논문에서는 인간면역체계의 학습, 적응, 기억 능력등의 특성을 이용하는 인공면역체계 기반의 적응적 망 이상 상태 탐지 모델을 제안한다. 이를 위하여 인간면역 시스템의 수지상 세포 (Dendritic Cell)와 T 세포 사이의 상호 작용을 이용한 탐지 모델을 설계하고 각 구성 요소 및 기능을 정의한다. 중앙 집중 제어 노드는 각 라우터 노드로부터 전달받은 정보를 분석하여 대응 방법을 해당 라우터들에게 전달한다. 또한 라우터 노드는 학습을 통해 얻어진 데이터를 기반으로 이상 상태를 탐지할 뿐만 아니라 중앙 집중 제어 노드로부터 전달받은 정보를 이용하여 이상 상태를 처리한다. 최종적으로 제안된 이상 상태탐지 모델의 타당성을 검증하기 위하여 구성 모듈을 설계하고 flooding 공격에 대한 시뮬레이션을 수행한다.

• 정보보호학회논문지
• /
• 제23권5호
• /
• pp.939-946
• /
• 2013

본 논문에서는 IEC 61850 기반 자동화 변전소 네트워크에서의 이상 징후 탐지를 위한 MMS/GOOSE 패킷 정상행위 프로파일링 방법을 제안한다. 기존에 주로 사용되고 있는 시그니처(signature) 기반의 보안 솔루션은 제로데이(zero-day) 취약점을 이용한 APT 공격에 취약에 취약할 수밖에 없다. 최근 제어시스템 환경에서의 이상 탐지(anomaly detection) 연구가 이뤄지고 있지만, 아직까지 IEC 61850 변전소 환경에서의 이상 탐지에 대한 연구는 잘 알려져 있지 않다. 제안하는 기법은 MMS/GOOSE 패킷에 대한 3가지 전처리(3-phase preprocessing) 방법과 one-class SVM 알고리즘을 이용한 정상 행위 모델링 방법을 포함한다. 본 논문에서 제시하는 방법은 IEC 61850 변전소 네트워크에 대한 APT 공격 대응 솔루션으로 활용될 것을 기대한다.

• Journal of Information Processing Systems
• /
• 제1권1호
• /
• pp.14-21
• /
• 2005

Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.