• IEIE Transactions on Smart Processing and Computing
• /
• v.5 no.4
• /
• pp.256-266
• /
• 2016

Concurrently detected and annotated abnormal events can have a significant impact on surveillance systems. By considering the specific domain of pedestrian trajectories, this paper presents two main contributions. First, as introduced in much of the work on trajectory-based anomaly detection in the literature, only information about pedestrian paths, such as direction and speed, is considered. Differing from previous work, this paper proposes a framework that deals with additional types of trajectory-based anomalies. These abnormal events take places when a person enters prohibited areas. Those restricted regions are constructed by an online learning algorithm that uses surrounding information, including detected pedestrians and background scenes. Second, a simple data-boosting technique is introduced to overcome a lack of training data; such a problem particularly challenges all previous work, owing to the significantly low frequency of abnormal events. This technique only requires normal trajectories and fundamental information about scenes to increase the amount of training data for both normal and abnormal trajectories. With the increased amount of training data, the conventional abnormal trajectory classifier is able to achieve better prediction accuracy without falling into the over-fitting problem caused by complex learning models. Finally, the proposed framework (which annotates tracks that enter prohibited areas) and a conventional abnormal trajectory detector (using the data-boosting technique) are integrated to form a united detector. Such a detector deals with different types of anomalous trajectories in a hierarchical order. The experimental results show that all proposed detectors can effectively detect anomalous trajectories in the test phase.

• Journal of Biomedical Engineering Research
• /
• v.28 no.1
• /
• pp.84-94
• /
• 2007

In order to collect information on local distribution of conductivity and permittivity underneath a scan probe, we developed a multi-frequency trans-admittance scanner (TAS). Applying a sinusoidal voltage with variable frequency on a chosen distal part of a human body, we measure exit currents from 320 grounded electrodes placed on a chosen surface of the subject. The electrodes are packaged inside a small and light scan probe. The system includes one voltage source and 17 digital ammeters. Front-end of each ammeter is a current-to-voltage converter with virtual grounding of a chosen electrode. The rest of the ammeter is a voltmeter performing digital phase-sensitive demodulation. Using resistor loads, we calibrate the system including the scan probe to compensate frequency-dependent variability of current measurements and also inter-channel variability among multiple. We found that SNR of each ammeter is about 85dB and the minimal measurable current is 5nA. Using saline phantoms with objects made from TX-151, we verified the performance of the lesion estimation algorithm. The error rate of the depth estimation was about 19.7%. For the size estimate, the error rate was about 15.3%. The results suggest improvement in lesion estimation algorithm based on multi-frequency trans-admittance data.

• Journal of Electrical Engineering and Technology
• /
• v.10 no.1
• /
• pp.92-101
• /
• 2015

As one type of power quality (PQ) disturbance sources, high-speed rail (HSR) can have major impacts on the power supply grid. Providing timely and accurate warning information for PQ problems of HSR is important for the safe and stable operation of traction power supply systems and the power supply grid. This study proposes a novel warning approach to identify PQ problems and provide warning prompts based on the monitored data of HSR. To embody the displacement and status change of monitored data, multi-features of different sliding windows are computed. To reflect the relative importance degree of these features in the overall evaluation, an analytic hierarchy process (AHP) is used to analyse the weights of multi-features. Finally, a multi-features similarity algorithm is applied to analyse the difference between monitored data and the reference data of HSR, and PQ warning results based on dynamic thresholds can be analysed to quantify its severity. Cases studies demonstrate that the proposed approach is effective and feasible, and it has now been applied to an actual PQ monitoring platform.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1887-1898
• /
• 2018

In this paper, a method to classify insider threat activity is introduced. The internal threats help detecting anomalous activity in the procedure performed by the user in an organization. When an anomalous value deviating from the overall behavior is displayed, we consider it as an inside threat for classification as an inside intimidator. To solve the situation, Markov Chain Model is employed. The Markov Chain Model shows the next state value through an arbitrary variable affected by the previous event. Similarly, the current activity can also be predicted based on the previous activity for the insider threat activity. A method was studied where the change items for such state are defined by a transition probability, and classified as detection of anomaly of the inside threat through values for a probability variable. We use the properties of the Markov chains to list the behavior of the user over time and to classify which state they belong to. Sequential data sets were generated according to the influence of n occurrences of Markov attribute and classified by machine learning algorithm. In the experiment, only 15% of the Cert: insider threat dataset was applied, and the result was 97% accuracy except for NaiveBayes. As a result of our research, it was confirmed that the Markov Chain Model can classify insider threats and can be fully utilized for user behavior classification.

• Geomechanics and Engineering
• /
• v.35 no.2
• /
• pp.109-119
• /
• 2023

Ground subsidence in urban areas due to excessive development and degraded underground facilities is a serious problem. Geophysical surveys have been conducted to estimate the distribution and scale of cavities and subsidence. In this study, electrical resistivity tomography (ERT) was performed near an area of road subsidence in an urban area. The subsidence arose due to groundwater leakage that carried soil into a neighboring excavation site. The ERT survey line was located between the main subsidence area and an excavation site. Because ERT data are affected by rapid topographic changes and surrounding structures, the influence of the excavation site on the data was analyzed through field-scale numerical modeling. The effect of an excavation should be considered when interpreting ERT data because it can lead to wrong anomalous results. A method for performing 2D inversion after correcting resistivity data for the effect of the excavation site was proposed. This method was initially tested using a field-scale numerical model that included the excavation site and subsurface anomaly, which was a loosened zone, and was then applied to field data. In addition, ERT data were interpreted using an existing in-house 3D algorithm, which considered the effect of excavation sites. The inversion results demonstrated that conductive anomalies in the loosened zone were greater compared to the inversion that did not consider the effects of excavation.

• Journal of the Korea Society for Simulation
• /
• v.21 no.3
• /
• pp.17-24
• /
• 2012

This paper suggests Effectiveness Evaluation Methods of DDoS attacks countermeasures model by simulation. According to the security objectives that are suggested by NIST(National Institute of Standards and Technology), It represents a hierarchical Effectiveness Evaluation Model. we calculated the weights of factors that security objectives, security controls, performance indicator through AHP(Analytic Hierarchy Process) analysis. Subsequently, we implemented Arena Simulation Model for the calculation of function points at the performance indicator. The detection and protection algorithm involve methods of critical-level setting, signature and anomaly(statistic) based detection techniques for Network Layer 4, 7 attacks. Proposed Effectiveness Evaluation Model can be diversely used to evaluate effectiveness of countermeasures and techniques for new security threats each organization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.809-817
• /
• 2012

One of the OSI 7 Layer DDoS Attack, HTTP POST DDoS can deny legitimate service by web server resource depletion. This Attack can be executed with less network traffic and legitimate TCP connections. Therefore, It is difficult to distinguish DDoS traffic from legitimate users. In this paper, I propose an anomaly HTTP POST traffic detection algorithm and http each page Content-Length field size limit with defense method for HTTP POST DDoS attack. Proposed method showed the result of detection and countermeasure without false negative and positive to use the r-u-dead-yet of HTTP POST DDoS attack tool and the self-developed attack tool.

• Proceedings of the KSRS Conference
• /
• 2005.10a
• /
• pp.149-152
• /
• 2005

A new methodology to detect forest fire burnt scars at near real time using MODIS (Moderate-resolution Imaging Spectroradiometer) data is presented here with a goal of introducing a new and improved capability to detect forest fire burnt scars in Thailand. This new technology is expected to increase the efficiency and effectiveness of the forest fire tackling resources distribution and management of the country. Using MODIS data in burnt scars detection has two major advantages - high availability of data and high resolution per performance ratio. Results prove the near real time algorithm suitable and working well in order to monitor the forest fire dynamic movement. The algorithm is based on the threshold separated linear equation of burnt and un-burnt. A ground truth experiment confirms the burnt and un-burnt? areas characteristics (temperature and NDVI). A threshold line on a scatter plot of Band I and Band 2 is determined to separate the burnt from un-burnt pixels. The different threshold values of NDVI and temperature use to identify pixels' anomaly, abnormal low NDVI and high temperature. The overlay (superimpose) method is used to verify burnt pixels. Since forest fire is a dynamic phenomenon, MODIS burnt scars information is suiting well to fill in the missing temporal information of LANDSAT for the forest fire control managing strategy in Thailand. This study was conducted in the Huai-Kha-Kaeng (HKK) Wildlife Sanctuary, Thailand

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.434-437
• /
• 2010

NIPS(Network Intrusion Prevention System) is in line at the end of the external and internal networks which performed two kinds of action: Signature-based filtering and anomaly detection and prevention-based on self-learning. Among them, a signature-based filtering is well known to defend against attacks. By using signature-based filtering, intrusion prevention system passing a payload of packets is compared with attack patterns which are signature. If match, the packet is discard. However, when there is packet delay, it will increase the required pattern matching time as the number of signature is increasing whenever there is delay occur. Therefore, to ensure the performance of IPS, we needed more efficient pattern matching algorithm for high-performance ISP. To improve the performance of pattern matching the most important part is to reduce the number of comparisons signature rules and the packet whenever the packets arrive. In this paper, we propose an improve signature hashing-based pattern matching method. We use tuple pruning algorithm with Bloom filters, which effectively remove unnecessary tuples. Unlike other existing signature hashing-based IPS, our proposed method to improve the performance of IPS.

• Journal of Navigation and Port Research
• /
• v.46 no.4
• /
• pp.367-374
• /
• 2022

The purpose of this study was to propose a deep learning algorithm that applies to the fault diagnosis of fuel pumps and purifiers of autonomous ships. A deep learning algorithm reflecting the time dependence of the measured signal was configured, and the failure pattern was trained using the vibration signal, measured in the equipment's regular operation and failure state. Considering the sequential time-dependence of deterioration implied in the vibration signal, this study adopts Conv1D with sliding window computation for fault detection. The time dependence was also reflected, by transferring the measured signal from two-dimensional to three-dimensional. Additionally, the optimal values of the hyper-parameters of the Conv1D model were determined, using the grid search technique. Finally, the results show that the proposed data preprocessing method as well as the Conv1D model, can reflect the sequential dependency between the fault and its effect on the measured signal, and appropriately perform anomaly as well as failure detection, of the equipment chosen for application.