• Journal of Information Processing Systems
• /
• v.15 no.6
• /
• pp.1392-1405
• /
• 2019

The cathode voltage of aluminum electrolytic cell is relatively stable under normal conditions and fluctuates greatly when it has an anomaly. In order to detect the abnormal range of cathode voltage, an anomaly detection algorithm based on sliding window was proposed. The algorithm combines the time series segmentation linear representation method and the k-nearest neighbor local anomaly detection algorithm, which is more efficient than the direct detection of the original sequence. The algorithm first segments the cathode voltage time series, then calculates the length, the slope, and the mean of each line segment pattern, and maps them into a set of spatial objects. And then the local anomaly detection algorithm is used to detect abnormal patterns according to the local anomaly factor and the pattern length. The experimental results showed that the algorithm can effectively detect the abnormal range of cathode voltage.

• Journal of Navigation and Port Research
• /
• v.40 no.5
• /
• pp.271-278
• /
• 2016

Localized atmospheric conditions between multi-reference stations can bring the tropospheric delay irregularity that becomes an error terms affecting positioning accuracy in network RTK environment. Imbalanced network error can affect the network solutions and it can corrupt the entire network solution and degrade the correction accuracy. If an anomaly could be detected before the correction message was generated, it is possible to eliminate the anomalous satellite that can cause degradation of the network solution during the tropospheric delay anomaly. An atmospheric grid that consists of four meteorological stations was used to detect an inhomogeneous weather conditions and tropospheric anomaly applied AWSs (automatic weather stations) meteorological data. The threshold of anomaly detection algorithm was determined based on the statistical weather data of AWSs for 5 years in an atmospheric grid. From the analytic results of anomaly detection algorithm it showed that the proposed algorithm can detect an anomalous satellite with an anomaly flag generation caused tropospheric delay anomaly during localized atmospheric conditions between stations. It was shown that the different precipitation condition between stations is the main factor affecting tropospheric anomalies.

• Journal of Navigation and Port Research
• /
• v.40 no.5
• /
• pp.265-270
• /
• 2016

Extreme tropospheric anomalies such as typhoons or regional torrential rain can degrade positioning accuracy of the GPS signal. It becomes one of the main error terms affecting high-precision positioning solutions in network RTK. This paper proposed a detection algorithm to be used during atmospheric anomalies in order to detect the tropospheric irregularities that can degrade the quality of correction data due to network errors caused by inhomogeneous atmospheric conditions between multi-reference stations. It uses an atmospheric grid that consists of four meteorological stations and estimates the troposphere zenith total delay difference at a low performance point in an atmospheric grid. AWS (automatic weather station) meteorological data can be applied to the proposed tropospheric anomaly detection algorithm when there are different atmospheric conditions between the stations. The concept of probability density distribution of the delta troposphere slant delay was proposed for the threshold determination.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.391-394
• /
• 2004

Change of paradigm of network attack technique was begun by fast extension of the latest Internet and new attack form is appearing. But, Most intrusion detection systems detect informed attack type because is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, visibilitys to apply human immunity mechanism are appearing. In this paper, we create self-file from normal behavior profile about network packet and embody self recognition algorithm to use self-nonself discrimination in the human immune system to detect anomaly behavior. Sense change because monitors self-file creating anomaly detector based on Negative Selection Algorithm that is self recognition algorithm's one and detects anomaly behavior. And we achieve simulation to use DARPA Network Dataset and verify effectiveness of algorithm through the anomaly detection rate.

• Journal of Intelligence and Information Systems
• /
• v.29 no.3
• /
• pp.229-247
• /
• 2023

With the increasing emphasis on anomaly detection across various fields, diverse anomaly detection algorithms have been developed for various data types and anomaly patterns. However, the performance of anomaly detection algorithms is generally evaluated on publicly available datasets, and the specific performance of each algorithm on anomalies of particular types remains unexplored. Consequently, selecting an appropriate anomaly detection algorithm for specific analytical contexts poses challenges. Therefore, in this paper, we aim to investigate the types of anomalies and various attributes of data. Subsequently, we intend to propose approaches that can assist in the selection of appropriate anomaly detection algorithms based on this understanding. Specifically, this study compares the performance of anomaly detection algorithms for four types of anomalies: local, global, contextual, and clustered anomalies. Through further analysis, the impact of label availability, data quantity, and dimensionality on algorithm performance is examined. Experimental results demonstrate that the most effective algorithm varies depending on the type of anomaly, and certain algorithms exhibit stable performance even in the absence of anomaly-specific information. Furthermore, in some types of anomalies, the performance of unsupervised anomaly detection algorithms was observed to be lower than that of supervised and semi-supervised learning algorithms. Lastly, we found that the performance of most algorithms is more strongly influenced by the type of anomalies when the data quantity is relatively scarce or abundant. Additionally, in cases of higher dimensionality, it was noted that excellent performance was exhibited in detecting local and global anomalies, while lower performance was observed for clustered anomaly types.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.7
• /
• pp.3093-3115
• /
• 2020

Network anomaly detection system plays an essential role in detecting network anomaly and ensuring network security. Anomaly detection system based machine learning has become an increasingly popular solution. However, due to the unbalance and high-dimension characteristics of network traffic, the existing methods unable to achieve the excellent performance of high accuracy and low false alarm rate. To address this problem, a new network anomaly detection method based on data balancing and recursive feature addition is proposed. Firstly, data balancing algorithm based on improved KNN outlier detection is designed to select part respective data on each category. Combination optimization about parameters of improved KNN outlier detection is implemented by genetic algorithm. Next, recursive feature addition algorithm based on correlation analysis is proposed to select effective features, in which a cross contingency test is utilized to analyze correlation and obtain a features subset with a strong correlation. Then, random forests model is as the classification model to detection anomaly. Finally, the proposed algorithm is evaluated on benchmark datasets KDD Cup 1999 and UNSW_NB15. The result illustrates the proposed strategies enhance accuracy and recall, and decrease the false alarm rate. Compared with other algorithms, this algorithm still achieves significant effects, especially recall in the small category.

• ETRI Journal
• /
• v.41 no.5
• /
• pp.684-695
• /
• 2019

In a cloud environment, performance degradation, or even downtime, of virtual machines (VMs) usually appears gradually along with anomalous states of VMs. To better characterize the state of a VM, all possible performance metrics are collected. For such high-dimensional datasets, this article proposes a feature extraction algorithm based on unsupervised fuzzy linear discriminant analysis with kernel (UFKLDA). By introducing the kernel method, UFKLDA can not only effectively deal with non-Gaussian datasets but also implement nonlinear feature extraction. Two sets of experiments were undertaken. In discriminability experiments, this article introduces quantitative criteria to measure discriminability among all classes of samples. The results show that UFKLDA improves discriminability compared with other popular feature extraction algorithms. In detection accuracy experiments, this article computes accuracy measures of an anomaly detection algorithm (i.e., C-SVM) on the original performance metrics and extracted features. The results show that anomaly detection with features extracted by UFKLDA improves the accuracy of detection in terms of sensitivity and specificity.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.14-21
• /
• 2005

Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.

• International Journal of Computer Science & Network Security
• /
• v.23 no.1
• /
• pp.46-52
• /
• 2023

With billions of IoT (Internet of Things) devices populating various emerging applications across the world, detecting anomalies on these devices has become incredibly important. Advanced Intrusion Detection Systems (IDS) are trained to detect abnormal network traffic, and Machine Learning (ML) algorithms are used to create detection models. In this paper, the NSL-KDD dataset was adopted to comparatively study the performance and efficiency of IoT anomaly detection models. The dataset was developed for various research purposes and is especially useful for anomaly detection. This data was used with typical machine learning algorithms including eXtreme Gradient Boosting (XGBoost), Support Vector Machines (SVM), and Deep Convolutional Neural Networks (DCNN) to identify and classify any anomalies present within the IoT applications. Our research results show that the XGBoost algorithm outperformed both the SVM and DCNN algorithms achieving the highest accuracy. In our research, each algorithm was assessed based on accuracy, precision, recall, and F1 score. Furthermore, we obtained interesting results on the execution time taken for each algorithm when running the anomaly detection. Precisely, the XGBoost algorithm was 425.53% faster when compared to the SVM algorithm and 2,075.49% faster than the DCNN algorithm. According to our experimental testing, XGBoost is the most accurate and efficient method.

• Journal of Navigation and Port Research
• /
• v.35 no.9
• /
• pp.701-706
• /
• 2011

Radio waves including GPS signals, various TV communications, and radio broadcasting can be disturbed by a strong solar storm, which may occur due to solar flares and produce an ionospheric delay anomaly in the ionosphere according to the change of total electron content. Electron density irregularities can cause deep signal fading, frequently known as ionospheric scintillation, which can result in the positioning error using GPS signal. This paper proposes a detection algorithm for the ionosphere delay anomaly during a solar storm by using multi-reference stations. Different TEC grid which has irregular electron density was applied above one reference station. Then the ionospheric delay in zenith direction applied different TEC will show comparatively large ionospheric zenith delay due to the electron irregularity. The ionospheric slant delay applied an elevation angle at reference station was analyzed to detect the ionospheric delay anomaly that can result in positioning error. A simulation test was implemented and a proposed detection algorithm using data logged by four reference stations was applied to detect the ionospheric delay anomaly compared to a criterion.