• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.142-148
• /
• 2023

In Modern days, Self-driving for modern people is an absolute necessity for transportation and many other reasons. Additionally, after the outbreak of COVID-19, driving by oneself is preferred over other means of transportation for the prevention of infection. However, due to the constant exposure to stressful situations and chronic fatigue one experiences from the work or the traffic to and from it, modern drivers often drive under drowsiness which can lead to serious accidents and fatality. To address this problem, we propose a drowsy driving prevention learning model which detects a driver's state of drowsiness. Furthermore, a method to sound a warning message after drowsiness detection is also presented. This is to use MoveNet to quickly and accurately extract the keypoints of the body of the driver and Dense Neural Network(DNN) to train on real-time driving behaviors, which then immediately warns if an abnormal drowsy posture is detected. With this method, we expect reduction in traffic accident and enhancement in overall traffic safety.

• The Journal of the Acoustical Society of Korea
• /
• v.37 no.6
• /
• pp.469-474
• /
• 2018

As urban population increases, research on urban environmental noise is getting more attention. In this study, we classify the abnormal noise occurring in traffic situation by using a deep learning algorithm which shows high performance in recent environmental noise classification studies. Specifically, we classify the four classes of tire skidding sounds, car crash sounds, car horn sounds, and normal sounds using convolutional neural networks. In addition, we add three environmental noises, including rain, wind and crowd noises, to our training data so that the classification model is more robust in real traffic situation with environmental noises. Experimental results show that the proposed traffic sound classification model achieves better performance than the existing algorithms, particularly under harsh conditions with environmental noises.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1185-1188
• /
• 2005

비정상 행위에 대한 true/false 방식의 공격 탐지 및 대응방법은 높은 오탐지율(false-positive)을 나타내기 때문에 이를 대체할 새로운 공격 탐지방법과 공격 대응방법이 연구되고 있다. 대표적인 연구로는 트래픽 제어 기술을 이용한 단계적 대응방법으로, 이 기술은 비정상 트래픽에 대해 단계적으로 대응함으로써 공격의 오탐지로 인하여 정상 서비스를 이용하는 트래픽이 차단되지 않도록 하는 기술이다. 비정상 트래픽 중 포트스캔 공격은 네트워크 기반 공격을 위해 공격대상 호스트의 서비스 포트를 찾아내는 공격으로 이 공격을 탐지하기 위해서는 일정 시간동안 특정 호스트의 특정 포트에 보내지는 패킷 수를 모니터링 하여 임계치와 비교하는 방식의 true/false 방식의 공격 탐지방법이 주로 사용되었다. 비정상 트래픽 제어 프레임워크(Abnormal Traffic Control Framework)는 true/false 방식의 공격 탐지방법을 이용하여 공격이 탐지되었을 때, 처음에는 트래픽 제어로 대응하고 같은 공격이 재차 탐지되었을때, 차단하여 기존의 true-false 방식의 공격 탐지 및 대응방법이 가지는 높은 오탐지율을 낮춘다. 하지만 포트스캔 공격의 특성상, 공격이 탐지된 후 바로 차단하지 못하였을 경우, 이미 공격자가 원하는 모든 정보를 유출하게 되는 문제가 있다. 본 논문에서는 기존의 True/False 방식의 포트스캔 공격 탐지방법에 퍼지 로직 개념을 추가하여 공격 탐지의 정확성을 높이고 기존의 탐지방법을 이용하였을 때보다 신속한 트래픽 제어 및 차단을 할 수 있는 방법을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.107-117
• /
• 2009

Network administrator recognizes the abnormal phenomenon in the managed network by using the alert messages generated in the security devices including the intrusion detection system, intrusion prevention system, firewall, and etc. And then the series of task, which searches for the traffic related to the alert message and analyzes the traffic data, are required to determine where the abnormal phenomenon is the real network security threat or not. There are many alert messages to have to inspect in order to determine the network security situation. Also the much times are needed so that the network administrator can analyze the security condition using existing methods. Therefore, in this paper, we proposed an efficient method for analyzing network security situation using visualization. The proposed method monitors anomalies occurred in the entire IP address's space and displays the detail information of a security event. In addition, it represents the physical locations of the attackers or victims by linking GIS information and IP address. Therefore, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.12 no.6
• /
• pp.531-536
• /
• 2002

In this paper, we have applied Genetic Algorithms(GAs) to Intrusion Detection System(TDS), and then proposed and simulated the misuse detection model firstly. We have implemented with the KBD contest data, and tried to simulated in the same environment. In the experiment, the set of record is regarded as a chromosome, and GAs are used to produce the intrusion patterns. That is, the intrusion rules are generated. We have concentrated on the simulation and analysis of classification among the Data Mining techniques and then the intrusion patterns are produced. The generated rules are represented by intrusion data and classified between abnormal and normal users. The different rules are generated separately from three models "Time Based Traffic Model", "Host Based Traffic Model", and "Content Model". The proposed system has generated the update and adaptive rules automatically and continuously on the misuse detection method which is difficult to update the rule generation. The generated rules are experimented on 430M test data and almost 94.3% of detection rate is shown.3% of detection rate is shown.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.1
• /
• pp.169-189
• /
• 2015

Detection of anomalous events from video streams is a challenging problem in many video surveillance applications. One such application that has received significant attention from the computer vision community is traffic video surveillance. In this paper, a Lossy Count based Sequential Temporal Pattern mining approach (LC-STP) is proposed for detecting spatio-temporal abnormal events (such as a traffic violation at junction) from sequences of video streams. The proposed approach relies mainly on spatial abstractions of each object, mining frequent temporal patterns in a sequence of video frames to form a regular temporal pattern. In order to detect each object in every frame, the input video is first pre-processed by applying Gaussian Mixture Models. After the detection of foreground objects, the tracking is carried out using block motion estimation by the three-step search method. The primitive events of the object are represented by assigning spatial and temporal symbols corresponding to their location and time information. These primitive events are analyzed to form a temporal pattern in a sequence of video frames, representing temporal relation between various object's primitive events. This is repeated for each window of sequences, and the support for temporal sequence is obtained based on LC-STP to discover regular patterns of normal events. Events deviating from these patterns are identified as anomalies. Unlike the traditional frequent item set mining methods, the proposed method generates maximal frequent patterns without candidate generation. Furthermore, experimental results show that the proposed method performs well and can detect video anomalies in real traffic video data.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.2
• /
• pp.99-110
• /
• 2023

This study proposed a classification of malicious network traffic using the cyber threat framework(Mitre ATT&CK) and machine learning to solve the real-time traffic detection problems faced by current security monitoring systems. We applied a network traffic dataset called UNSW-NB15 to the Mitre ATT&CK framework to transform the label and generate the final dataset through rare class processing. After learning several boosting-based ensemble models using the generated final dataset, we demonstrated how these ensemble models classify network traffic using various performance metrics. Based on the F-1 score, we showed that XGBoost with no rare class processing is the best in the multi-class traffic environment. We recognized that machine learning ensemble models through Mitre ATT&CK label conversion and oversampling processing have differences over existing studies, but have limitations due to (1) the inability to match perfectly when converting between existing datasets and Mitre ATT&CK labels and (2) the presence of excessive sparse classes. Nevertheless, Catboost with B-SMOTE achieved the classification accuracy of 0.9526, which is expected to be able to automatically detect normal/abnormal network traffic.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.49-57
• /
• 2017

IoT can be connected through a single network not only objects which can be connected to existing internet but also objects which has communication capability. This IoT environment will be a huge change to the existing communication paradigm. However, the big security problem must be solved in order to develop further IoT. Security mechanisms reflecting these characteristics should be applied because devices participating in the IoT have low processing ability and low power. In addition, devices which perform abnormal behaviors between objects should be also detected. Therefore, in this paper, we proposed D-IDS technique for efficient detection of malicious attack nodes between devices participating in the IoT. The proposed technique performs the central detection and distribution detection to improve the performance of attack detection. The central detection monitors the entire network traffic at the boundary router using SVM technique and detects abnormal behavior. And the distribution detection combines RSSI value and reliability of node and detects Sybil attack node. The performance of attack detection against malicious nodes is improved through the attack detection process. The superiority of the proposed technique can be verified by experiments.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.77-84
• /
• 2012

The control network has been operated in a closed. But it changes to open to external for business convenience and cooperation with several organizations. As the way of connecting with user extends, the risk of control network gets high. Thus, in this paper, proposed the technique of an anomalous event detection using white-list for control network security and minimizing the cyber threats. The proposed method can be collected and cataloged of only normal data from traffic of internal network, control network and field devices. Through way to check the this situation, we can separate normal and abnormal behavior.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.6
• /
• pp.1215-1221
• /
• 2009

A novel approach for electrocardiogram (ECG) analysis within a functional sensor node has been developed and evaluated. The main aim is to reduce data collision, traffic overload and power consumption in healthcare applications of wireless sensor networks(WSN). The sensor node attached on the patient's body surface around the heart can perform ECG analysis based on a QRS detection algorithm to detect abnormal condition of the patient. Data transfer is activated only after detected abnormality in the ECG. This system can reduce packet loss during transmission by reducing traffic overload. In addition, it saves power supply energy leading to more reliable, cheap and user-friendly operation in the WSN for ubiquitous health monitoring.