• Smart Structures and Systems
• /
• v.33 no.2
• /
• pp.93-103
• /
• 2024

Despite the rapid development of sensors, structural health monitoring (SHM) still faces challenges in monitoring due to the degradation of devices and harsh environmental loads. These challenges can lead to measurement errors, missing data, or outliers, which can affect the accuracy and reliability of SHM systems. To address this problem, this study proposes a classification method that detects anomaly patterns in sensor data. The proposed classification method involves several steps. First, data scaling is conducted to adjust the scale of the raw data, which may have different magnitudes and ranges. This step ensures that the data is on the same scale, facilitating the comparison of data across different sensors. Next, informative features in the time and frequency domains are extracted and used as input for a deep neural network model. The model can effectively detect the most probable anomaly pattern, allowing for the timely identification of potential issues. To demonstrate the effectiveness of the proposed method, it was applied to actual data obtained from a long-span cable-stayed bridge in China. The results of the study have successfully verified the proposed method's applicability to practical SHM systems for civil infrastructures. The method has the potential to significantly enhance the safety and reliability of civil infrastructures by detecting potential issues and anomalies at an early stage.

• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.43-53
• /
• 2007

Intrusion detection system(IDS) has recently evolved while combining signature-based detection approach with anomaly detection approach. Although signature-based IDS tools have been commonly used by utilizing machine learning algorithms, they only detect network intrusions with already known patterns, Ideal IDS tools should always keep the signature database of your detection system up-to-date. The system needs to generate the signatures to detect new possible attacks while monitoring and analyzing incoming network data. In this paper, we propose a new outlier cluster detection algorithm with density (or influence) function, Our method assumes that an outlier is a kind of cluster with similar instances instead of a single object in the context of network intrusion, Through extensive experiments using KDD 1999 Cup Intrusion Detection dataset. we show that the proposed method outperform the conventional outlier detection method using Euclidean distance function, specially when attacks occurs frequently.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.87-94
• /
• 2017

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.97-110
• /
• 2004

As modem web services become enormously complex, web attacks has become frequent and serious. Existing security solutions such as firewalls or signature-based intrusion detection systems are generally inadequate in securing web services, and analysis of raw web log data is simply impractical for most organizations. Visual display of "interpreted" web logs, with emphasis on anomalous web requests, is essential for an organization to efficiently track web usage patterns and detect possible web attacks. In this paper, we discuss various issues related to effective real-time visualization of web usage patterns and anomalies. We implemented a software tool named SAD (session anomaly detection) Viewer to satisfy such need and conducted an empirical study in which anomalous web traffics such as Misuse attacks, DoS attacks, Code-Red worms and Whisker scans were injected. Our study confirms that SAD Viewer is useful in assisting web security engineers to monitor web usage patterns in general and anomalous web sessions in particular.articular.

• Journal of Software Assessment and Valuation
• /
• v.15 no.2
• /
• pp.43-50
• /
• 2019

With the development of IT technology, computer-related crimes are rapidly increasing, and in recent years, the damage to ransomware infections is increasing rapidly at home and abroad. Conventional security solutions are not sufficient to prevent ransomware infections, and to prevent threats such as malware and ransomware that are evolving, a combination of deep learning technologies is needed to detect abnormal behavior and abnormal symptoms. In this paper, a method is proposed to detect user abnormal behavior using CNN-LSTM model and various deep learning models. Among the proposed models, CNN-LSTM model detects user abnormal behavior with 99% accuracy.

• Smart Media Journal
• /
• v.13 no.4
• /
• pp.23-32
• /
• 2024

Large-scale fires and their consequential damages are becoming increasingly common, but confidence in fire detection systems is waning. Recently, widely-used chemical fire detectors frequently generate lots of false alarms, while video-based deep learning fire detection is hampered by its time-consuming and expensive nature. To tackle these issues, this study proposes a fire detection model utilizing an autoencoder approach. The objective is to minimize false alarms while achieving swift and precise fire detection. The proposed model, employing an autoencoder methodology, can exclusively learn from normal data without the need for fire-related data, thus enhancing its adaptability to diverse environments. By amalgamating data from five distinct sensors, it facilitates rapid and accurate fire detection. Through experiments with various hyperparameter combinations, the proposed model demonstrated that out of 14 scenarios, only one encountered false alarm issues. Experimental results underscore its potential to curtail fire-related losses and bolster the reliability of fire detection systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2141-2155
• /
• 2020

In order to meet the requirements of background change, illumination variation, moving shadow interference and high accuracy in object detection of moving camera, and strive for real-time and high efficiency, this paper presents an object detection algorithm based on sparse approximation recursion and sparse coding migration in subspace. First, low-rank sparse decomposition is used to reduce the dimension of the data. Combining with dictionary sparse representation, the computational model is established by the recursive formula of sparse approximation with the video sequences taken as subspace sets. And the moving object is calculated by the background difference method, which effectively reduces the computational complexity and running time. According to the idea of sparse coding migration, the above operations are carried out in the down-sampling space to further reduce the requirements of computational complexity and memory storage, and this will be adapt to multi-scale target objects and overcome the impact of large anomaly areas. Finally, experiments are carried out on VDAO datasets containing 59 sets of videos. The experimental results show that the algorithm can detect moving object effectively in the moving camera with uniform speed, not only in terms of low computational complexity but also in terms of low storage requirements, so that our proposed algorithm is suitable for detection systems with high real-time requirements.

• The Journal of the Convergence on Culture Technology
• /
• v.8 no.4
• /
• pp.91-98
• /
• 2022

Lifelog data continuously collected through a wearable device may contain many outliers, so in order to improve data quality, it is necessary to find and remove outliers. In general, since the number of outliers is less than the number of normal data, a class imbalance problem occurs. To solve this imbalance problem, we propose a method that applies Variational AutoEncoder to outliers. After preprocessing the outlier data with proposed method, it is verified through a number of machine learning models(classification). As a result of verification using body weight data, it was confirmed that the performance was improved in all classification models. Based on the experimental results, when analyzing lifelog body weight data, we propose to apply the LightGBM model with the best performance after preprocessing the data using the outlier processing method proposed in this study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1027-1041
• /
• 2015

Recently, there are rapidly increasing cases of APT (Advanced Persistent Threat) attacks such as Verizon(2010), Nonghyup(2011), SK Communications(2011), and 3.20 Cyber Terror(2013), which cause leak of confidential information and tremendous damage to valuable assets without being noticed. Several anomaly detection technologies were studied to defend the APT attacks, mostly focusing on detection of obvious anomalies based on known malicious codes' signature. However, they are limited in detecting APT attacks and suffering from high false-negative detection accuracy because APT attacks consistently use zero-day vulnerabilities and have long latent period. Detecting APT attacks requires long-term analysis of data from a diverse set of sources collected over the long time, real-time analysis of the ingested data, and correlation analysis of individual attacks. However, traditional security systems lack sophisticated analytic capabilities, compute power, and agility. In this paper, we propose a Fast Data based real-time abnormal behavior detection system to overcome the traditional systems' real-time processing and analysis limitation.