• International journal of advanced smart convergence
• /
• 제9권1호
• /
• pp.113-120
• /
• 2020

Recently, the license plate OCR system has been commercialized in a variety of fields and preferred utilizing low-cost embedded systems using only cameras. This system has a high recognition rate of about 98% or more for the environments such as parking lots where non-vehicle is restricted; however, the environments where non-vehicle objects are not restricted, the recognition rate is about 50% to 70%. This low performance is due to the changes in the environment by non-vehicle objects in real-time situations that occur anomaly data which is similar to the license plates. In this paper, we implement the appropriate anomaly detection based on semi-supervised learning for the license plate OCR system in the real-time environment where the appearance of non-vehicle objects is not restricted. In the experiment, we compare systems which anomaly detection is not implemented in the preceding research with the proposed system in this paper. As a result, the systems which anomaly detection is not implemented had a recognition rate of 77%; however, the systems with the semi-supervised learning based on anomaly detection had 88% of recognition rate. Using the techniques of anomaly detection based on the semi-supervised learning was effective in detecting anomaly data and it was helpful to improve the recognition rate of real-time situations.

• 스마트미디어저널
• /
• 제13권7호
• /
• pp.9-17
• /
• 2024

에너지 사용량의 증가와 친환경 정책으로 인해 건물 에너지를 효율적으로 소비할 필요가 있으며, 이를 위해 딥러닝 기반 이상 전력 탐지가 수행되고 있다. 수집이 어려운 이상치 데이터의 특징으로 인해 Recurrent Neural Network(RNN) 기반 오토인코더를 활용한 복원 에러 기반으로 이상 탐지가 수행되고 있으나, 시계열 특징을 온전히 학습하는데 시간이 오래 걸리고 학습 데이터의 노이즈에 민감하다는 단점이 있다. 본 논문에서는 이러한 한계를 극복하기 위해 Temporal Convolutional Network(TCN)과 UnSupervised Anomaly Detection for multivariate time series(USAD)를 결합한 TCN-USAD를 제안한다. 제안된 모델은 TCN 기반 오토인코더와 두 개의 디코더와 적대적 학습을 사용하는 USAD 구조를 활용하여 빠르게 시계열 특징을 온전히 학습할 수 있고 강건한 이상 탐지가 가능하다. TCN-USAD의 성능을 입증하기 위해 2개의 건물 전력 사용량 데이터 세트를 사용하여 비교 실험을 수행한 결과, TCN 기반 오토인코더는 RNN 기반 오토 인코더 대비 빠르고 복원 성능이 우수하였으며, 이를 활용한 TCN-USAD는 다른 이상 탐지 모델 대비 약 20% 개선된 F1-Score를 달성하여 뛰어난 이상 탐지 성능을 보였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권8호
• /
• pp.2787-2800
• /
• 2022

The aging society increases emergency situations of the elderly living alone and a variety of social crimes. In order to prevent them, techniques to detect emergency situations through voice are actively researched. This study proposes CutPaste-based anomaly detection model using multi-scale feature extraction in time series streaming data. In the proposed method, an audio file is converted into a spectrogram. In this way, it is possible to use an algorithm for image data, such as CNN. After that, mutli-scale feature extraction is applied. Three images drawn from Adaptive Pooling layer that has different-sized kernels are merged. In consideration of various types of anomaly, including point anomaly, contextual anomaly, and collective anomaly, the limitations of a conventional anomaly model are improved. Finally, CutPaste-based anomaly detection is conducted. Since the model is trained through self-supervised learning, it is possible to detect a diversity of emergency situations as anomaly without labeling. Therefore, the proposed model overcomes the limitations of a conventional model that classifies only labelled emergency situations. Also, the proposed model is evaluated to have better performance than a conventional anomaly detection model.

• Smart Structures and Systems
• /
• 제28권6호
• /
• pp.811-825
• /
• 2021

High-voltage isolating switches play a paramount role in ensuring the safety of power supply systems. However, their exposure to outdoor environmental conditions may cause serious physical defects, which may result in great risk to power supply systems and society. Image processing-based methods have been used for anomaly detection. However, their accuracy is affected by numerous uncertainties due to manually extracted features, which makes the anomaly detection of isolating switches still challenging. In this paper, a vision-based anomaly detection method for isolating switches, which uses the rotational angle of the switch system for more accurate and direct anomaly detection with the help of deep learning (DL) and image processing methods (Single Shot Multibox Detector (SSD), improved frame differencing method, and Hough transform), is proposed. The SSD is a deep learning method for object classification and localization. In addition, an improved frame differencing method is introduced for better feature extraction and a hough transform method is adopted for rotational angle calculation. A number of experiments are conducted for anomaly detection of single and multiple switches using video frames. The results of the experiments demonstrate that the SSD outperforms the You-Only-Look-Once network. The effectiveness and robustness of the proposed method have been proven under various conditions, such as different illumination and camera locations using 96 videos from the experiments.

• 한국정보전자통신기술학회논문지
• /
• 제5권3호
• /
• pp.158-163
• /
• 2012

본 논문에서 나이브 베이지안 알고리즘, 데이터 마이닝, Fuzzy logic을 이용하여 이상 공격과 오용 공격을 탐지하는 하이브리드 침입탐지시스템인 FHIDS(Fuzzy logic based Hybrid Intrusion Detection System)을 설계하였다. 본 논문에서 설계한 FHIDS의 NB-AAD(Naive Bayesian based Anomaly Attack Detection)기법은 나이브 베이지안 알고리즘을 이용해 이상 공격을 탐지하고, DM-MAD(Data Mining based Misuse Attack Detection)기법은 데이터 마이닝 알고리즘을 이용하여 패킷들의 연관 규칙을 분석하여 새로운 규칙기반 패턴을 생성하거나 변형된 규칙 기반 패턴을 추출함으로써, 새로운 공격이나 변형된 공격을 탐지한다. 그리고 FLD(Fuzzy Logic based Decision)은 NB-AAD과 DM-MAD의 결과를 이용하여 정상인지 공격인지를 판별한다. 즉, FHIDS는 이상과 오용공격을 탐지 가능하며 False Positive 비율을 감소시키고, 변형 공격 탐지율을 개선한 하이브리드 공격탐지시스템이다.

• 정보과학회 논문지
• /
• 제45권3호
• /
• pp.294-302
• /
• 2018

정보통신 기술의 발전에 따른 새로운 서비스 산업의 출현으로 개인 정보 침해, 산업 기밀 유출 등 사이버 공간의 위험이 다양화 되어, 그에 따른 보안 문제가 중요한 이슈로 떠오르게 되었다. 본 연구에서는 기업 내 개인 정보 오남용 및 내부 정보 유출에 따른, 대용량 사용자 로그 데이터를 기반으로 기존의 시그니처(Signature) 보안 대응 방식에 비해, 실시간 및 대용량 데이터 분석기술에 적합한 행위 기반 이상 탐지방식을 제안하였다. 행위 기반 이상 탐지방식이 대용량 데이터를 처리하는 기술을 필요로 함에 따라, 역방향 인덱스(Inverted Index) 기반의 실시간 검색 엔진인 엘라스틱서치(Elasticsearch)를 사용하였다. 또한 데이터 분석을 위해 통계 기반의 빈도 분석과 전 처리 과정을 수행하였으며, 밀도 기반의 군집화 방법인 DBSCAN 알고리즘을 적용하여 이상 데이터를 분류하는 방법과 시각화를 통해 분석을 간편하게 하기위한 한 사례를 보였다. 이는 기존의 이상 탐지 시스템과 달리 임계값을 별도로 설정하지 않고 이상 탐지 분석을 시도하였다는 것과 통계적인 측면에서 이상 탐지 방식을 제안하였다는 것에 의의가 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권8호
• /
• pp.3946-3965
• /
• 2018

Network anomaly detection in Software Defined Networking, especially the detection of DDoS attack, has been given great attention in recent years. It is convenient to build the Traffic Matrix from a global view in SDN. However, the monitoring and management of high-volume feature-rich traffic in large networks brings significant challenges. In this paper, we propose a moving window Principal Components Analysis based anomaly detection and mitigation approach to map data onto a low-dimensional subspace and keep monitoring the network state in real-time. Once the anomaly is detected, the controller will install the defense flow table rules onto the corresponding data plane switches to mitigate the attack. Furthermore, we evaluate our approach with experiments. The Receiver Operating Characteristic curves show that our approach performs well in both detection probability and false alarm probability compared with the entropy-based approach. In addition, the mitigation effect is impressive that our approach can prevent most of the attacking traffic. At last, we evaluate the overhead of the system, including the detection delay and utilization of CPU, which is not excessive. Our anomaly detection approach is lightweight and effective.

• 품질경영학회지
• /
• 제50권3호
• /
• pp.459-471
• /
• 2022

Purpose: The purpose of this study was to increase prediction accuracy for an anomaly interval identified using an artificial intelligence-based time series anomaly detection technique by establishing a pre-processing process. Methods: Significant variables were extracted by applying feature selection techniques, and anomalies were derived using the TadGAN time series anomaly detection algorithm. After applying machine learning and deep learning methodologies using normal section data (excluding anomaly sections), the explanatory power of the anomaly sections was demonstrated through performance comparison. Results: The results of the machine learning methodology, the performance was the best when SHAP and TadGAN were applied, and the results in the deep learning, the performance was excellent when Chi-square Test and TadGAN were applied. Comparing each performance with the papers applied with a Conventional methodology using the same data, it can be seen that the performance of the MLR was significantly improved to 15%, Random Forest to 24%, XGBoost to 30%, Lasso Regression to 73%, LSTM to 17% and GRU to 19%. Conclusion: Based on the proposed process, when detecting unsupervised learning anomalies of data that are not actually labeled in various fields such as cyber security, financial sector, behavior pattern field, SNS. It is expected to prove the accuracy and explanation of the anomaly detection section and improve the performance of the model.

• Journal of Information Processing Systems
• /
• 제1권1호
• /
• pp.14-21
• /
• 2005

Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.

• 한국BIM학회 논문집
• /
• 제13권3호
• /
• pp.12-20
• /
• 2023

Deep learning-based anomaly detection technology is used in various fields such as computer vision, speech recognition, and natural language processing. In particular, this technology is applied in various fields such as monitoring manufacturing equipment abnormalities, detecting financial fraud, detecting network hacking, and detecting anomalies in medical images. However, in the field of construction and architecture, research on deep learning-based data anomaly detection technology is difficult due to the lack of digitization of domain knowledge due to late digital conversion, lack of learning data, and difficulties in collecting and processing field data in real time. This study acquires necessary data through IoT (Internet of Things) from the viewpoint of monitoring for environmental management of architectural spaces, converts them into a database, learns deep learning, and then supports anomaly patterns using AI (Artificial Infelligence) deep learning-based anomaly detection. We propose an implementation process. The results of this study suggest an effective environmental anomaly pattern detection solution architecture for environmental management of architectural spaces, proving its feasibility. The proposed method enables quick response through real-time data processing and analysis collected from IoT. In order to confirm the effectiveness of the proposed method, performance analysis is performed through prototype implementation to derive the results.