• Journal of the Korea Society of Computer and Information
• /
• v.8 no.1
• /
• pp.103-113
• /
• 2003

Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles. and detectes anomaly intrusions effectively. Anomaly detections using system calls are detected only anomaly processes. But this has a Problem that doesn't detect affected various Part by anomaly processes. To improve this problem, the relation among system calls of processes is represented by bayesian probability values. Application behavior profiling by Bayesian Network supports anomaly intrusion informations . This paper overcomes the Problems of various intrusion detection models we Propose effective intrusion detection technique using Bayesian Networks. we have profiled concisely normal behaviors using behavior context. And this method be able to detect new intrusions or modificated intrusions we had simulation by proposed normal behavior profiling technique using UNM data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.939-946
• /
• 2013

This paper proposes normal behavior profiling methods for anomaly detection in IEC 61850 based substation network. Signature based security solutions, currently used primarily, are inadequate for APT attack using zero-day vulnerabilities. Recently, some researches about anomaly detection in control network are ongoing. However, there are no published result for IEC 61850 substation network. Our proposed methods includes 3-phase preprocessing for MMS/GOOSE packets and normal behavior profiling using one-class SVM algorithm. These approaches are beneficial to detect APT attacks on IEC 61850 substation network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1117-1127
• /
• 2017

With the advent of Internet of Things (IoT), the number of devices connected to Internet has rapidly increased, but the security for IoT is still vulnerable. It is difficult to integrate existing security technologies due to generating a large amount of traffic by using different protocols to use various IoT devices according to purposes and to operate in a low power environment. Therefore, in this paper, we propose a normal network behavior profiling method based on big data analysis techniques. The proposed method utilizes a Hadoop/Hive for Big Data analytics and an R for statistical computing. Also we verify the effectiveness of the proposed method through a simulation.

• Journal of Internet Computing and Services
• /
• v.4 no.2
• /
• pp.69-80
• /
• 2003

Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles, and detectes modificated anomaly intrusions effectively. In this paper, the relation among system calls of processes is represented by bayesian network and Multiple Sequence Alignment. Program behavior profiling by Bayesian Network classifies modified anomaly intrusion behaviors, and detects anomaly behaviors. we had simulation by proposed normal behavior profiling technique using UNM data.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.3
• /
• pp.705-711
• /
• 2013

QRS detection of ECG is the most popular and easy way to detect cardiac-disease. But it is difficult to analyze the ECG signal because of various noise types. Also in the healthcare system that must continuously monitor people's situation, it is necessary to process ECG signal in realtime. In other words, the design of algorithm that exactly detects QRS wave using minimal computation and classifies PVC by analyzing the persons's physical condition and/or environment is needed. Thus, efficient QRS detection and PVC classification based on profiling method is presented in this paper. For this purpose, we detected QRS through the preprocessing method using morphological filter, adaptive threshold, and window. Also, we applied profiling method to classify each patient's normal cardiac behavior through hash function. The performance of R wave detection, normal beat and PVC classification is evaluated by using MIT-BIH arrhythmia database. The achieved scores indicate the average of 99.77% in R wave detection and the rate of 0.65% in normal beat classification error and 93.29% in PVC classification.

• International Commerce and Information Review
• /
• v.9 no.3
• /
• pp.305-320
• /
• 2007

With expanded use of B2B(between enterprises), B2G(between enterprises and government) and EDI(Electronic Data Interchange), and increased amount of available network information and information protection threat, as it was judged that security can not be perfectly assured only with security technology such as electronic signature/authorization and access control, Bayesian networks have been developed for protection of information. Therefore, this study speculates Bayesian networks system, centering on ERP(Enterprise Resource Planning). The Bayesian networks system is one of the methods to resolve uncertainty in electronic data interchange and is applied to overcome uncertainty of abnormal invasion detection in ERP. Bayesian networks are applied to construct profiling for system call and network data, and simulate against abnormal invasion detection. The host-based abnormal invasion detection system in electronic trade analyses system call, applies Bayesian probability values, and constructs normal behavior profile to detect abnormal behaviors. This study assumes before and after of delivery behavior of the electronic document through Bayesian probability value and expresses before and after of the delivery behavior or events based on Bayesian networks. Therefore, profiling process using Bayesian networks can be applied for abnormal invasion detection based on host and network. In respect to transmission and reception of electronic documents, we need further studies on standards that classify abnormal invasion of various patterns in ERP and evaluate them by Bayesian probability values, and on classification of B2B invasion pattern genealogy to effectively detect deformed abnormal invasion patterns.

• Journal of Korean Medicine for Obesity Research
• /
• v.14 no.1
• /
• pp.36-45
• /
• 2014

Objectives: The purpose of this studay was to compare the eating-related index and the patterns of pre- and post-prandial gut hormone level in normal-overweight and obese subjects of Taeemin population. Methods: We enrolled healthy male participants who were diagnosed with Taeeumin by Sasang Constitutional diagnosis and who were normal-overweight ($18.5kg/m^2{\leq}$body mass index [BMI)< $25kg/m^2$) or obese ($25.0kg/m^2{\leq}$BMI< $30kg/m^2$). Eating behavior and gastrointestinal problems were assessed by using standardized scale. Subjective appetite ratings using visual analogue scales and the profiling of serum levels of ghrelin and peptide YY (PYY) were assessed before and after a standard meal (6 time points: 30 minutes pre-prandial, immediately before meal, 15, 30, 60, and 120 minutes post-prandial). Results: Tewnty two healthy Taeeumin people classified as normal-overweight group or obese group are the final subjects. External eating score of Dutch eating behavior questionaire scores is higher in normal-overweight group than in obese group. The variations of subjective appetite ratings in obese group are smaller than in normal-overweight group. The pattern of ghrelin in normal-overweight group shows a high peak at 30 minutes post-prandial point, which is contrary to existing studies. The pattern of PYY in obese group decreases from 15 minutes post-prandial point and shows lower peak level, whereas in normal-overweight group shows increasing tendency from pre-prandial point until 30 minutes post-prandial point. Conclusions: There are differences in the eating-related index and the gut hormone patterns related to obesity.

• The KIPS Transactions:PartC
• /
• v.10C no.7
• /
• pp.857-866
• /
• 2003

For detecting an intrusion based on the anomaly of a user's activities, previous works are concentrated on statistical techniques in order to analyze an audit data set. However. since they mainly analyze the average behavior of a user's activities, some anomalies can be detected inaccurately. In this paper, a new clustering algorithm for modeling the normal pattern of a user's activities is proposed. Since clustering can identify an arbitrary number of dense ranges in an analysis domain, it can eliminate the inaccuracy caused by statistical analysis. Also, clustering can be used to model common knowledge occurring frequently in a set of transactions. Consequently, the common activities of a user can be found more accurately. The common knowledge is represented by the occurrence frequency of similar data objects by the unit of a transaction as veil as the common repetitive ratio of similar data objects in each transaction. Furthermore, the proposed method also addresses how to maintain identified common knowledge as a concise profile. As a result, the profile can be used to detect any anomalous behavior In an online transaction.

• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.119-124
• /
• 2003

Although there have been many studies on using finite automata for intrusion detection, it has been a difficult problem to generate compact finite automata automatically. In a previous research an approach to profile normal behaviors using finite automata was proposed. They divided the system call sequence of each process into three parts prefix, main portion, and suffix, and then substituted macros for frequently occurring substrings. However, the procedure was not automatic. In this paper we present algorithms to automatically generate intrusion detection automata from the sequence of system calls resulting from the normal runs of the programs. We also show the effectiveness of the proposed method through experiments.

• Asian Pacific Journal of Cancer Prevention
• /
• v.16 no.5
• /
• pp.1851-1855
• /
• 2015

Background: There are increasing data about microRNAs (miRNA) in the literature, providing abundant evidence that they play important roles in pathogenesis and development of colorectal cancer. In this study, we aimed to investigate the miRNA expression profiles in surgically resected specimens of patients with recurrent and non-recurrent colorectal cancer. Materials and Methods: The study population included 40 patients with stage II colorectal cancer (20 patients with recurrent tumors, and 20 sex and age matched patients without recurrence), who underwent curative colectomy between 2004 and 2011 without adjuvant therapy. Expression of 16 miRNAs (miRNA-9, 21, 30d, 31, 106a, 127, 133a, 133b, 135b, 143, 145, 155, 182, 200a, 200c, 362) was verified by quantitative real-time polymerase chain reaction (qRT-PCR) in all resected colon cancer tissue samples and in corresponding normal colonic tissues. Data analyses were carried out using SPSS 15 software. Values were statistically significantly changed in 40 cancer tissues when compared to the corresponding 40 normal colonic tissues (p<0.001). MiR-30d, miR-133a, miR-143, miR-145 and miR-362 expression was statistically significantly downregulated in 40 resected colorectal cancer tissue samples (p<0.001). When we compared subgroups, miRNA expression profiles of 20 recurrent cancer tissues were similar to all 40 cancer tissues. However in 20 non-recurrent cancer tissues, miR-133a expression was not significantly downregulated, moreover miR-133b expression was significantly upregulated (p<0.05). Conclusions: Our study revealed dysregulation of expression of ten miRNAs in Turkish colon cancer patients. These miRNAs may be used as potential biomarkers for early detection, screening and surveillance of colorectal cancer, with functional effects on tumor cell behavior.