• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.9-19
• /
• 2022

As the expansion of digital transformation, we are more exposed to the threat of cyber attacks, and many institution or company is operating a signature-based intrusion prevention system at the forefront of the network to prevent the inflow of attacks. However, in order to provide appropriate services to the related ICT system, strict blocking rules cannot be applied, causing many false events and lowering operational efficiency. Therefore, many research projects using artificial intelligence are being performed to improve attack detection accuracy. Most researches were performed using a specific research data set which cannot be seen in real network, so it was impossible to use in the actual system. In this paper, we propose a technique for classifying major attack keywords in the security event log collected from the actual system, assigning a weight to each key keyword, and then performing a similarity check using TF-IDF to determine whether an actual attack has occurred.

• Korean Security Journal
• /
• no.44
• /
• pp.251-278
• /
• 2015

Registered security guards carry out police duties as civilian police who are in charge of security service, and so they have a two-fold status: a civilian in terms of a social standing and a policeman in the way that they execute the authority of security. The problem caused by this legal position is that their legal rights and obligation can be unclear in the task-action and working relationship. This paper attempts to study their functions, rights, and legal duties through the interpretation of the related positive law so as to reveal the problems that may spring from this ambiguous status of registered security guards. This endeavor illuminates their legal status specified in the positive law in and around the Act on the police assigned for special guard, observing their functions and the legal duties in the pursuit of their tasks, and ending up pointing out the problems of the positive law. As a result of research work, the most significant problems, even if multifarious, are the avoidance of the state reparation in the responsibility for the illegal behavior in connection with their operation; the unconstitutionality of the disciplinary punishment regulation originated from the entrust with full powers; the imperfection of the rules about the cooperative ties with the police; the possibility of human rights abuse caused by the ban on the labor dispute; the equality problems from the dual pay system; and the inadequacy of the codes about the recruitment qualification and method. This research is intended to help achieve the purpose of the security of national critical facilities through the smooth execute of duties as well as the protection of the guards' rights. Besides, the key focuses posed in this paper are worthy of being developed more accurately through the following researches.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.18 no.5
• /
• pp.679-684
• /
• 2008

The slow port scan attack detection is the one of the important topics in the network security. We suggest an abnormal traffic control framework to detect slow port scan attacks using fuzzy rules. The abnormal traffic control framework acts as an intrusion prevention system to suspicious network traffic. It manages traffic with a stepwise policy: first decreasing network bandwidth and then discarding traffic. In this paper, we show that our abnormal traffic control framework effectively detects slow port scan attacks traffic using fuzzy rules and a stepwise policy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.4
• /
• pp.1442-1462
• /
• 2014

Packet classification is a key technology of the Internet for routers to classify the arriving packets into different flows according to the predefined rulesets. Previous packet classification algorithms have mainly focused on search speed and memory usage, while overlooking update performance. In this paper, we propose PreCuts, which can drastically improve the update speed. According to the characteristics of IP field, we implement three heuristics to build a 3-layer decision tree. In the first layer, we group the rules with the same highest byte of source and destination IP addresses. For the second layer, we cluster the rules which share the same IP prefix length. Finally, we use the heuristic of information entropy-based bit partition to choose some specific bits of IP prefix to split the ruleset into subsets. The heuristics of PreCuts will not introduce rule duplication and incremental update will not reduce the time and space performance. Using ClassBench, it is shown that compared with BRPS and EffiCuts, the proposed algorithm not only improves the time and space performance, but also greatly increases the update speed.

• Fire Science and Engineering
• /
• v.25 no.2
• /
• pp.23-32
• /
• 2011

When the power outage occurred, the emergency power equipments are demanded instead of disaster prevention and security electric power. However, in domestic area, the rules and regulations of emergency power equipment are different so we use different terminologies. Thus, this paper proposes differences of rules and regulations of emergency power equipment between domestic and foreign countries about terms and concepts. Also, we found some problems of the emergency power equipment. To solve these problems, according to the minimum response time in IEC standards, we suggest five emergency power systems and fire load classification in this paper.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.5819-5840
• /
• 2018

Considering the topology of hierarchical tree structure, each cluster in WSNs is faced with various attacks launched by malicious nodes, which include network eavesdropping, channel interference and data tampering. The existing intrusion detection algorithm does not take into consideration the resource constraints of cluster heads and sensor nodes. Due to application requirements, sensor nodes in WSNs are deployed with approximately uncorrelated security weights. In our study, a novel and versatile intrusion detection system (IDS) for the optimal defense strategy is primarily introduced. Given the flexibility that wireless communication provides, it is unreasonable to expect malicious nodes will demonstrate a fixed behavior over time. Instead, malicious nodes can dynamically update the attack strategy in response to the IDS in each game stage. Thus, a multi-stage intrusion detection game (MIDG) based on Bayesian rules is proposed. In order to formulate the solution of MIDG, an in-depth analysis on the Bayesian equilibrium is performed iteratively. Depending on the MIDG theoretical analysis, the optimal behaviors of rational attackers and defenders are derived and calculated accurately. The numerical experimental results validate the effectiveness and robustness of the proposed scheme.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.9
• /
• pp.131-138
• /
• 2022

In this paper, we propose an FA-RBAC (FA-RBAC) model based on flexible properties. This model is assigned attribute-role-centric, making it easy to manage objects, as efficient as access control, and as the network environment changes, it can provide flexible access control. In addition, fine-grained permissions and simple access control can be achieved while balancing the advantages and disadvantages of the RBAC and ABAC models, reducing the number of access control rules by combining static attribute-based roles and dynamic attribute-based rules, and verifying the validity and performance benefits of the proposed model through comparison analysis and simulation.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.4
• /
• pp.451-456
• /
• 2004

Signature based intrusion detection system (IDS), having stored rules for detecting intrusions at the library, judges whether new inputs are intrusion or not by matching them with the new inputs. However their policy has two restrictions generally. First, when they couldn't make rules against new intrusions, false negative (FN) errors may are taken place. Second, when they made a lot of rules for maintaining diversification, the amount of resources grows larger proportional to their amount. In this paper, we propose the learning algorithm which can evolve the competent of anomaly detectors having the ability to detect anomalous attacks by genetic algorithm. The anomaly detectors are the population be composed of by following the negative selection procedure of the biological immune system. To show the effectiveness of proposed system, we apply the learning algorithm to the artificial network environment, which is a computer security system.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.1
• /
• pp.75-81
• /
• 2004

Signature based intrusion detection system (IDS), having stored rules for detecting intrusions at the library, judges whether new inputs are intrusion or not by matching them with the new inputs. However their policy has two restrictions generally. First, when they couldn`t make rules against new intrusions, false negative (FN) errors may are taken place. Second, when they made a lot of rules for maintaining diversification, the amount of resources grows larger proportional to their amount. In this paper, we propose the learning algorithm which can evolve the competent of anomaly detectors having the ability to detect anomalous attacks by genetic algorithm. The anomaly detectors are the population be composed of by following the negative selection procedure of the biological immune system. To show the effectiveness of proposed system, we apply the learning algorithm to the artificial network environment, which is a computer security system.

• Proceedings of the Korean Society of Propulsion Engineers Conference
• /
• 2008.03a
• /
• pp.16-21
• /
• 2008

Aero-engine, as one kind of rotating machinery with complex structure and high rotating speed, has complicated vibration faults. Therefore, condition monitoring and fault diagnosis system is very important for airplane security. In this paper, a vibration data acquisition and intelligent fault diagnosis system is introduced. First, the vibration data acquisition part is described in detail. This part consists of hardware acquisition modules and software analysis modules which can realize real-time data acquisition and analysis, off-line data analysis, trend analysis, fault simulation and graphical result display. The acquisition vibration data are prepared for the following intelligent fault diagnosis. Secondly, two advanced artificial intelligent(AI) methods, mapping-based and rule-based, are discussed. One is artificial neural network(ANN) which is an ideal tool for aero-engine fault diagnosis and has strong ability to learn complex nonlinear functions. The other is data mining, another AI method, has advantages of discovering knowledge from massive data and automatically extracting diagnostic rules. Thirdly, lots of historical data are used for training the ANN and extracting rules by data mining. Then, real-time data are input into the trained ANN for mapping-based fault diagnosis. At the same time, extracted rules are revised by expert experience and used for rule-based fault diagnosis. From the results of the experiments, the conclusion is obvious that both the two AI methods are effective on aero-engine vibration fault diagnosis, while each of them has its individual quality. The whole system can be developed in local vibration monitoring and real-time fault diagnosis for aero-engine.