• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.719-724
• /
• 2004

Recently, since the number of internet users is increasing rapidly and, by using the public hacking tools, general network users can intrude computer systems easily, the hacking problem is getting more serious. In order to prevent the intrusion, it is needed to detect the sign in advance of intrusion in a positive prevention by detecting the various foms of hackers' intrusion trials to know the vulnerability of systems. The existing network-based anomaly detection algorithms that cope with port- scanning and the network vulnerability scans have some weakness in intrusion detection. they can not detect slow scans and coordinated scans. therefore, the new concept of algorithm is needed to detect effectively the various forms of abnormal accesses for intrusion regardless of the intrusion methods. In this paper, SPAD(Session Pattern Anomaly Detector) is presented, which detects the abnormal service patterns by comparing them with the ordinary normal service patterns.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5574-5591
• /
• 2017

Inspired by the idea of Artificial Immune System, many researches of wireless sensor network (WSN) intrusion detection is based on the artificial intelligent system (AIS). However, a large number of generated detectors, black hole, overlap problem of NSA have impeded further used in WSN. In order to improve the anomaly detection performance for WSN, detector generation mechanism need to be improved. Therefore, in this paper, a Differential Evolution Constraint Multi-objective Optimization Problem based Negative Selection Algorithm (DE-CMOP based NSA) is proposed to optimize the distribution and effectiveness of the detector. By combining the constraint handling and multi-objective optimization technique, the algorithm is able to generate the detector set with maximized coverage of non-self space and minimized overlap among detectors. By employing differential evolution, the algorithm can reduce the black hole effectively. The experiment results show that our proposed scheme provides improved NSA algorithm in-terms, the detectors generated by the DE-CMOP based NSA more uniform with less overlap and minimum black hole, thus effectively improves the intrusion detection performance. At the same time, the new algorithm reduces the number of detectors which reduces the complexity of detection phase. Thus, this makes it suitable for intrusion detection in WSN.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.471-480
• /
• 2016

Recently, the damage of cyber attack toward infra-system, national defence and security system is gradually increasing. In this situation, military recognizes the importance of cyber warfare, and they establish a cyber system in preparation, regardless of the existence of threaten. Thus, the study of Intrusion Detection System(IDS) that plays an important role in network defence system is required. IDS is divided into misuse and anomaly detection methods. Recent studies attempt to combine those two methods to maximize advantagesand to minimize disadvantages both of misuse and anomaly. The combination is called Hybrid IDS. Previous studies would not be inappropriate for near real-time network environments because they have computational complexity problems. It leads to the need of the study considering the structure of IDS that have high detection rate and low computational cost. In this paper, we proposed a Hybrid IDS which combines C4.5 decision tree(misuse detection method) and Weighted K-means algorithm (anomaly detection method) hierarchically. It can detect malicious network packets effectively with low complexity by applying mutual information and genetic algorithm based efficient feature selection technique. Also we construct upgraded the the hierarchical structure of IDS reusing feature weights in anomaly detection section. It is validated that proposed Hybrid IDS ensures high detection accuracy (98.68%) and performance at experiment section.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 1999.05a
• /
• pp.203-207
• /
• 1999

In this paper we propose the automated generation algorithm of penetration scenario using association mining technique. Until now known intrusion detections are classified into anomaly detection and misuse detection. The former uses statistical method, features selection, neural network method in order to decide intrusion, the latter uses conditional probability, expert system, state transition analysis, pattern matching for deciding intrusion. In proposed many intrusion detection algorithms unknown penetrations are created and updated by security experts. Our algorithm automatically generates penetration scenarios applying association mining technique to state transition technique. Association mining technique discovers efficient and useful unknown information in existing data. In this paper the algorithm we propose can automatically generate penetration scenarios to have been produced by security experts and is easy to cope with intrusions when it is compared to existing intrusion algorithms. Also It has advantage that maintenance cost is not high.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.171-179
• /
• 2020

Recently, studies have shown that convolution neural networks are achieving the best performance in image classification, object detection, and image generation. Vision based defect inspection which is more economical than other defect inspection, is a very important for a factory automation. Although supervised anomaly detection algorithm has far exceeded the performance of traditional machine learning based method, it is inefficient for real industrial field due to its tedious annotation work, In this paper, we propose ADGAN, a unsupervised anomaly detection architecture using the variational autoencoder and the generative adversarial network which give great results in image generation task, and demonstrate whether the proposed network architecture identifies anomalous images well on MNIST benchmark dataset as well as our own welding defect dataset.

• Journal of the Korea Convergence Society
• /
• v.12 no.2
• /
• pp.1-6
• /
• 2021

In the modern society, traffic problems are occurring as vehicle ownership increases. In particular, the incidence of highway traffic accidents is low, but the fatality rate is high. Therefore, a technology for detecting an abnormality in a vehicle is being studied. Among them, there is a vehicle anomaly detection technology using deep learning. This detects vehicle abnormalities such as a stopped vehicle due to an accident or engine failure. However, if an abnormality occurs on the road, it is possible to quickly respond to the driver's location. In this study, we propose a deep learning-based vehicle anomaly detection using road CCTV data. The proposed method preprocesses the road CCTV data. The pre-processing uses the background extraction algorithm MOG2 to separate the background and the foreground. The foreground refers to a vehicle with displacement, and a vehicle with an abnormality on the road is judged as a background because there is no displacement. The image that the background is extracted detects an object using YOLOv4. It is determined that the vehicle is abnormal.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.27 no.1
• /
• pp.127-134
• /
• 2021

In this study, an anomaly detection (AD) algorithm was implemented to detect the failure of a marine air compressor. A lab-scale experiment was designed to produce fault datasets (time-series electric current measurements) for 10 failure modes of the air compressor. The results demonstrated that the temporal pattern of the datasets showed periodicity with a different period, depending on the failure mode. An AD model with a convolutional autoencoder was developed and trained based on a normal operation dataset. The reconstruction error was used as the threshold for AD. The reconstruction error was noted to be dependent on the AD model and hyperparameter tuning. The AD model was applied to the synthetic dataset, which comprised both normal and abnormal conditions of the air compressor for validation. The AD model exhibited good detection performance on anomalies showing periodicity but poor performance on anomalies resulting from subtle load changes in the motor.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.135-143
• /
• 2022

As the world has implemented social distancing and telecommuting due to the spread of COVID-19, real-time streaming sessions based on routing protocols have increased dependence on the Internet due to the activation of video and voice-related content services and cloud computing. BGP is the most widely used routing protocol, and although many studies continue to improve security, there is a lack of visual analysis to determine the real-time nature of analysis and the mis-detection of algorithms. In this paper, we analyze BGP data, which are powdered as normal and abnormal, on a real-world basis, using an anomaly detection algorithm that combines statistical and post-processing statistical techniques with Rule-based techniques. In addition, we present an interactive spatio-temporal analysis plan as an intuitive visualization plan and analysis result of the algorithm with a map and Sankey Chart-based visualization technique.

• Journal of Convergence for Information Technology
• /
• v.12 no.4
• /
• pp.260-269
• /
• 2022

In this paper, We propose an anomaly detection model using deep neural network to automate the identification of outliers of the national air pollution measurement network data that is previously performed by experts. We generated training data by analyzing missing values and outliers of weather data provided by the Institute of Environmental Research and based on the BeatGAN model of the unsupervised learning method, we propose a new model by changing the kernel structure, adding the convolutional filter layer and the transposed convolutional filter layer to improve anomaly detection performance. In addition, by utilizing the generative features of the proposed model to implement and apply a retraining algorithm that generates new data and uses it for training, it was confirmed that the proposed model had the highest performance compared to the original BeatGAN models and other unsupervised learning model like Iforest and One Class SVM. Through this study, it was possible to suggest a method to improve the anomaly detection performance of proposed model while avoiding overfitting without additional cost in situations where training data are insufficient due to various factors such as sensor abnormalities and inspections in actual industrial sites.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.321-330
• /
• 2019

Prevention of corporate confidentiality leakage by insiders in enterprises is an essential task for the survival of enterprises. In order to prevent information leakage by insiders, companies have adopted security solutions, but there is a limit to effectively detect abnormal behavior of insiders with access privileges. In this study, we use the Unsupervised Learning algorithm of the machine learning technique to effectively and efficiently cluster the normal and abnormal access logs of the worker's work screen in the manufacturing information system, which includes the company's product manufacturing history and quality information. We propose an optimal feature selection model for anomaly detection by studying clustering methods.