• Journal of Information Processing Systems
• /
• 제15권6호
• /
• pp.1392-1405
• /
• 2019

The cathode voltage of aluminum electrolytic cell is relatively stable under normal conditions and fluctuates greatly when it has an anomaly. In order to detect the abnormal range of cathode voltage, an anomaly detection algorithm based on sliding window was proposed. The algorithm combines the time series segmentation linear representation method and the k-nearest neighbor local anomaly detection algorithm, which is more efficient than the direct detection of the original sequence. The algorithm first segments the cathode voltage time series, then calculates the length, the slope, and the mean of each line segment pattern, and maps them into a set of spatial objects. And then the local anomaly detection algorithm is used to detect abnormal patterns according to the local anomaly factor and the pattern length. The experimental results showed that the algorithm can effectively detect the abnormal range of cathode voltage.

• 한국항해항만학회지
• /
• 제40권5호
• /
• pp.271-278
• /
• 2016

Localized atmospheric conditions between multi-reference stations can bring the tropospheric delay irregularity that becomes an error terms affecting positioning accuracy in network RTK environment. Imbalanced network error can affect the network solutions and it can corrupt the entire network solution and degrade the correction accuracy. If an anomaly could be detected before the correction message was generated, it is possible to eliminate the anomalous satellite that can cause degradation of the network solution during the tropospheric delay anomaly. An atmospheric grid that consists of four meteorological stations was used to detect an inhomogeneous weather conditions and tropospheric anomaly applied AWSs (automatic weather stations) meteorological data. The threshold of anomaly detection algorithm was determined based on the statistical weather data of AWSs for 5 years in an atmospheric grid. From the analytic results of anomaly detection algorithm it showed that the proposed algorithm can detect an anomalous satellite with an anomaly flag generation caused tropospheric delay anomaly during localized atmospheric conditions between stations. It was shown that the different precipitation condition between stations is the main factor affecting tropospheric anomalies.

• 한국항해항만학회지
• /
• 제40권5호
• /
• pp.265-270
• /
• 2016

Extreme tropospheric anomalies such as typhoons or regional torrential rain can degrade positioning accuracy of the GPS signal. It becomes one of the main error terms affecting high-precision positioning solutions in network RTK. This paper proposed a detection algorithm to be used during atmospheric anomalies in order to detect the tropospheric irregularities that can degrade the quality of correction data due to network errors caused by inhomogeneous atmospheric conditions between multi-reference stations. It uses an atmospheric grid that consists of four meteorological stations and estimates the troposphere zenith total delay difference at a low performance point in an atmospheric grid. AWS (automatic weather station) meteorological data can be applied to the proposed tropospheric anomaly detection algorithm when there are different atmospheric conditions between the stations. The concept of probability density distribution of the delta troposphere slant delay was proposed for the threshold determination.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2004년도 춘계종합학술대회
• /
• pp.391-394
• /
• 2004

인터넷의 급속한 확장으로 인해 네트워크 공격기법의 패러다임의 변화가 시작되었으며 새로울 공격 형태가 나타나고 있으나 대부분의 침입 탐지 기술은 오용 탐지 기술을 기반으로 하는 시스템이주를 이루고 있어 알려진 공격 유형만을 탐지하고, 새로운 공격에 능동적인 대응이 어려운 실정이다. 이에 새로운 공격 유형에 대한 탐지력을 높이기 위해 인체 면역 메커니즘을 적용하려는 시도들이 나타나고 있다. 본 논문에서는 데이터 마이닝 기법을 이용하여 네트워크 패킷에 대한 정상 행위 프로파일을 생성하고 생성된 프로파일을 자기공간화 하여 인체면역계의 자기, 비자기 구분기능을 이용해 자기 인식 알고리즘을 구현하여 이상행위를 탐지하고자 한다. 자기인식 알고리즘의 하나인 Negative Selection Algorithm을 기반으로 anomaly detector를 생성하여 자기공간을 모니터하여 변화를 감지하고 이상행위를 검출한다. DARPA Network Dataset을 이용하여 시뮬레이션을 수행하여 침입 탐지율을 통해 알고리즘의 유효성을 검증한다.

• 지능정보연구
• /
• 제29권3호
• /
• pp.229-247
• /
• 2023

여러 분야에서 이상탐지의 중요성이 강조됨에 따라, 다양한 데이터 유형과 이상치 유형에 대한 이상탐지 알고리즘이 개발되고 있다. 하지만 이상탐지 알고리즘의 성능은 주로 공개 데이터 세트에 대해 측정될 뿐 특정 유형의 이상치에서 나타나는 각 알고리즘의 성능은 확인되지 않고 있으므로, 분석 상황에 맞는 적절한 이상탐지 알고리즘 선택에 어려움이 있다. 이에 본 논문에서는 이상치의 유형과 다양한 데이터 속성을 먼저 파악하여, 이를 기반으로 적절한 이상탐지 알고리즘 선택에 도움을 줄 수 있는 방안을 제시하고자 한다. 구체적으로 본 연구에서는 지역, 전역, 종속성, 그리고 군집화의 총 4가지 이상치 유형에 대해 이상탐지 알고리즘의 성능을 비교하고, 추가 분석을 통해 라벨 수준, 데이터 개수, 그리고 차원 수가 성능에 미치는 영향을 확인한다. 실험 결과 이상치 유형에 따라 가장 우수한 성능을 나타내는 알고리즘이 다르게 나타나며, 이상치 유형에 대한 정보가 없는 경우에도 안정적인 성능을 보여주는 알고리즘을 확인했다. 또한 비지도 학습 기반 이상탐지 알고리즘의 성능이 지도 학습 및 준지도 학습 알고리즘의 성능보다 낮게 나타나는 유형을 확인하였다. 마지막으로 데이터 개수가 상대적으로 적거나 많을 때 대부분 알고리즘들의 성능이 이상치 유형에 더 강하게 영향을 받으며, 상대적으로 고차원일 경우 지역, 전역 이상치에서는 우수한 성능을 보였지만 군집화 이상치 유형에서 낮은 성능을 나타냄을 확인하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권7호
• /
• pp.3093-3115
• /
• 2020

Network anomaly detection system plays an essential role in detecting network anomaly and ensuring network security. Anomaly detection system based machine learning has become an increasingly popular solution. However, due to the unbalance and high-dimension characteristics of network traffic, the existing methods unable to achieve the excellent performance of high accuracy and low false alarm rate. To address this problem, a new network anomaly detection method based on data balancing and recursive feature addition is proposed. Firstly, data balancing algorithm based on improved KNN outlier detection is designed to select part respective data on each category. Combination optimization about parameters of improved KNN outlier detection is implemented by genetic algorithm. Next, recursive feature addition algorithm based on correlation analysis is proposed to select effective features, in which a cross contingency test is utilized to analyze correlation and obtain a features subset with a strong correlation. Then, random forests model is as the classification model to detection anomaly. Finally, the proposed algorithm is evaluated on benchmark datasets KDD Cup 1999 and UNSW_NB15. The result illustrates the proposed strategies enhance accuracy and recall, and decrease the false alarm rate. Compared with other algorithms, this algorithm still achieves significant effects, especially recall in the small category.

• ETRI Journal
• /
• 제41권5호
• /
• pp.684-695
• /
• 2019

In a cloud environment, performance degradation, or even downtime, of virtual machines (VMs) usually appears gradually along with anomalous states of VMs. To better characterize the state of a VM, all possible performance metrics are collected. For such high-dimensional datasets, this article proposes a feature extraction algorithm based on unsupervised fuzzy linear discriminant analysis with kernel (UFKLDA). By introducing the kernel method, UFKLDA can not only effectively deal with non-Gaussian datasets but also implement nonlinear feature extraction. Two sets of experiments were undertaken. In discriminability experiments, this article introduces quantitative criteria to measure discriminability among all classes of samples. The results show that UFKLDA improves discriminability compared with other popular feature extraction algorithms. In detection accuracy experiments, this article computes accuracy measures of an anomaly detection algorithm (i.e., C-SVM) on the original performance metrics and extracted features. The results show that anomaly detection with features extracted by UFKLDA improves the accuracy of detection in terms of sensitivity and specificity.

• Journal of Information Processing Systems
• /
• 제1권1호
• /
• pp.14-21
• /
• 2005

Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.

• International Journal of Computer Science & Network Security
• /
• 제23권1호
• /
• pp.46-52
• /
• 2023

With billions of IoT (Internet of Things) devices populating various emerging applications across the world, detecting anomalies on these devices has become incredibly important. Advanced Intrusion Detection Systems (IDS) are trained to detect abnormal network traffic, and Machine Learning (ML) algorithms are used to create detection models. In this paper, the NSL-KDD dataset was adopted to comparatively study the performance and efficiency of IoT anomaly detection models. The dataset was developed for various research purposes and is especially useful for anomaly detection. This data was used with typical machine learning algorithms including eXtreme Gradient Boosting (XGBoost), Support Vector Machines (SVM), and Deep Convolutional Neural Networks (DCNN) to identify and classify any anomalies present within the IoT applications. Our research results show that the XGBoost algorithm outperformed both the SVM and DCNN algorithms achieving the highest accuracy. In our research, each algorithm was assessed based on accuracy, precision, recall, and F1 score. Furthermore, we obtained interesting results on the execution time taken for each algorithm when running the anomaly detection. Precisely, the XGBoost algorithm was 425.53% faster when compared to the SVM algorithm and 2,075.49% faster than the DCNN algorithm. According to our experimental testing, XGBoost is the most accurate and efficient method.

• 한국항해항만학회지
• /
• 제35권9호
• /
• pp.701-706
• /
• 2011

Radio waves including GPS signals, various TV communications, and radio broadcasting can be disturbed by a strong solar storm, which may occur due to solar flares and produce an ionospheric delay anomaly in the ionosphere according to the change of total electron content. Electron density irregularities can cause deep signal fading, frequently known as ionospheric scintillation, which can result in the positioning error using GPS signal. This paper proposes a detection algorithm for the ionosphere delay anomaly during a solar storm by using multi-reference stations. Different TEC grid which has irregular electron density was applied above one reference station. Then the ionospheric delay in zenith direction applied different TEC will show comparatively large ionospheric zenith delay due to the electron irregularity. The ionospheric slant delay applied an elevation angle at reference station was analyzed to detect the ionospheric delay anomaly that can result in positioning error. A simulation test was implemented and a proposed detection algorithm using data logged by four reference stations was applied to detect the ionospheric delay anomaly compared to a criterion.