• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.365-371
• /
• 2021

With the rapid growth in Internet users, web applications are becoming the main target of hackers. Most previous WAFs (Web Application Firewalls) target every single HTTP request packet rather than the overall behavior of the attacker, and are known to be difficult to detect new types of attacks. In this paper, we propose a web attack detection system based on user behavior using machine learning to detect attacks of unknown patterns. In order to define user behavior, we focus on features excluding areas where an attacker can camouflage as a normal user. The experimental results shows that by using the path and query information to define users' behaviors, best results for an accuracy of 99% with Decision forest.

• Geomechanics and Engineering
• /
• v.33 no.2
• /
• pp.203-209
• /
• 2023

One major advantage of ground penetrating radar (GPR) over other field test methods is its ability to obtain subsurface images of roads in an efficient and non-intrusive manner. Not only can the strata of pavement structure be retrieved from the GPR scan images, but also various irregularities, such as cracks and internal cavities. This article introduces a deep learning-based approach, focusing on detecting subsurface cracks by recognizing their distinctive hyperbolic signatures in the GPR scan images. Given the limited road sections that contain target features, two data augmentation methods, i.e., feature insertion and generation, are implemented, resulting in 9,174 GPR scan images. One of the most popular real-time object detection models, You Only Learn One Representation (YOLOR), is trained for detecting the target features for two types of subsurface cracks: bottom cracks and full cracks from the GPR scan images. The former represents partial cracks initiated from the bottom of the asphalt layer or base layers, while the latter includes extended cracks that penetrate these layers. Our experiments show the test average precisions of 0.769, 0.803 and 0.735 for all cracks, bottom cracks, and full cracks, respectively. This demonstrates the practicality of deep learning-based methods in detecting subsurface cracks from GPR scan images.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.219-222
• /
• 2006

In this paper an intrusion detection system technique of wireless Ad Hoc network is explained and the advantage of making them work in IEEE 802.15.4/ZigBee wireless standard is also discussed. The methodology that is mentioned here is intrusion detection architecture based on a local intrusion database [1]. An ad hoc network is a collection of nodes that is connected through a wireless medium forming rapidly changing topologies. Due to increased connectivity (especially on the Internet), and the vast spectrum of financial possibilities that are opening up, more and more systems are subject to attack by intruders. An ideal IDS should able to detect an anomaly caused by the intruders quickly so that the misbehaving node/nodes can be identified and appropriate actions (e.g. punish or avoid misbehaving nodes) can be taken so that further damage to the network is minimized

• Journal of Positioning, Navigation, and Timing
• /
• v.11 no.2
• /
• pp.109-117
• /
• 2022

This paper proposes a method for detecting flight anomalies of drones through the difference between the command of flight controller (FC) and the navigation solution. If the drones make a flight normally, control errors generated by the difference between the desired control command of FC and the navigation solution should converge to zero. However, there is a risk of sudden change or divergence of control errors when the FC control feedback loop preset for the normal flight encounters interferences such as strong winds or navigation sensor abnormalities. In this paper, we propose the method with a deep neural network model that predicts the control error in the normal flight so that the abnormal flight state can be detected. The performance of proposed method was evaluated using the real-world flight data. The results showed that the method effectively detects anomalies in various situation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.2
• /
• pp.313-316
• /
• 2022

In this paper, we implement a system that detects abnormalities in the charging data transmitted from the charger during the charging process of electric vehicles and controls them remotely. Using classification algorithms such as logistic regression, KNN, SVM, and decision trees, to do this, an analysis model is created that judges the data received from the charger as normal and abnormal. In addition, a model is created to determine the cause of the abnormality using the existing charging data based on the analysis of the type of charger abnormality. Finally, it is solved using unsupervised learning method to find new patterns of abnormal data.

• Journal of the Korean Society of Fisheries and Ocean Technology
• /
• v.56 no.4
• /
• pp.384-394
• /
• 2020

This paper proposes an outlier detection model based on machine learning that can diagnose the presence or absence of major engine parts through unsupervised learning analysis of main engine big data of a ship. Engine big data of the ship was collected for more than seven months, and expert knowledge and correlation analysis were performed to select features that are closely related to the operation of the main engine. For unsupervised learning analysis, ensemble model wherein many predictive models are strategically combined to increase the model performance, is used for anomaly detection. As a result, the proposed model successfully detected the anomalous engine status from the normal status. To validate our approach, clustering analysis was conducted to find out the different patterns of anomalies the anomalous point. By examining distribution of each cluster, we could successfully find the patterns of anomalies.

• Journal of Information Processing Systems
• /
• v.19 no.5
• /
• pp.688-701
• /
• 2023

The conventional methods of network intrusion detection system (NIDS) cannot measure the trend of intrusiondetection targets effectively, which lead to low detection accuracy. In this study, a NIDS method which based on a deep neural network in a big-data environment is proposed. Firstly, the entire framework of the NIDS model is constructed in two stages. Feature reduction and anomaly probability output are used at the core of the two stages. Subsequently, a convolutional neural network, which encompasses a down sampling layer and a characteristic extractor consist of a convolution layer, the correlation of inputs is realized by introducing bidirectional long short-term memory. Finally, after the convolution layer, a pooling layer is added to sample the required features according to different sampling rules, which promotes the overall performance of the NIDS model. The proposed NIDS method and three other methods are compared, and it is broken down under the conditions of the two databases through simulation experiments. The results demonstrate that the proposed model is superior to the other three methods of NIDS in two databases, in terms of precision, accuracy, F1- score, and recall, which are 91.64%, 93.35%, 92.25%, and 91.87%, respectively. The proposed algorithm is significant for improving the accuracy of NIDS.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.1
• /
• pp.55-60
• /
• 2012

Recent botnets are widely using the DNS services at the connection of C&C server in order to evade botnet's detection. It is necessary to study on DNS analysis in order to counteract anomaly-based technique using the DNS. This paper studies collection of DNS traffic for experimental data and supervised learning for DNS traffic-based malicious domain classification such as query of domain name corresponding to C&C server from zombies. Especially, this paper would aim to determine significant features of DNS-based classification system for malicious domain extraction by the Principal Component Analysis(PCA).

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.1
• /
• pp.130-140
• /
• 2010

SIP (Session Initiation Protocol) is a signaling protocol to provide IP-based VoIP (Voice over IP) service. However, many security vulnerabilities exist as the SIP protocol utilizes the existing IP based network. The SIP Malformed message attacks may cause malfunction on VoIP services by changing the transmitted SIP header information. Additionally, there are several threats such that an attacker can extract personal information on SIP client system by inserting malicious code into SIP header. Therefore, the alternative measures should be required. In this study, we analyzed the existing research on the SIP anomaly message detection mechanism against SIP attack. And then, we proposed a Co-occurrence based SIP packet analysis mechanism, which has been used on language processing techniques. We proposed a association rule generation and an attack detection technique by using the actual SIP session state. Experimental results showed that the average detection rate was 87% on SIP attacks in case of using the proposed technique.

• Journal of Korean Society of Steel Construction
• /
• v.17 no.1 s.74
• /
• pp.1-11
• /
• 2005

A bi-level damage detection algorithm that utilizes the dynamic responses of the structure as input and neural network (NN) as pattern classifier is presented. Signal anomaly index (SAI) is proposed to express the amount of changes in the shape of frequency response functions (FRF) or strain frequency response function (SFRF). SAI is calculated using the acceleration and dynamic strain responses acquired from intact and damaged states of the structure. In a bi-level damage identification algorithm, the presence of damage is first identified from the magnitude of the SAI value, then the location of the damage is identified using the pattern recognition capability of NN. The proposed algorithm is applied to an experimental model bridge to demonstrate the feasibility of the algorithm. Numerically simulated signals are used for training the NN, and experimentally-acquired signals are used to test the NN. The results of this example application suggest that the SAI-based pattern recognition approach may be applied to the structural health monitoring system for a real bridge.