• Journal of KIISE:Information Networking
• /
• v.32 no.3
• /
• pp.279-290
• /
• 2005

Recently, as the serious damage caused by DDoS attacks increases, the rapid detection and the proper response mechanisms are urgent. However, existing security mechanisms do not effectively defend against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. In this paper, we propose a detection architecture against DDoS attack using data mining technology that can classify the latest types of DDoS attack, and can detect the modification of existing attacks as well as the novel attacks. This architecture consists of a Misuse Detection Module modeling to classify the existing attacks, and an Anomaly Detection Module modeling to detect the novel attacks. And it utilizes the off-line generated models in order to detect the DDoS attack using the real-time traffic. We gathered the NetFlow data generated at an access router of our network in order to model the real network traffic and test it. The NetFlow provides the useful flow-based statistical information without tremendous preprocessing. Also, we mounted the well-known DDoS attack tools to gather the attack traffic. And then, our experimental results show that our approach can provide the outstanding performance against existing attacks, and provide the possibility of detection against the novel attack.

• Geomechanics and Engineering
• /
• v.25 no.1
• /
• pp.59-73
• /
• 2021

There frequently exists inadequacy regarding the number of boreholes installed along tunnel alignment. While geophysical imaging techniques are available for pre-tunnelling geological characterization, they aim to detect specific object (e.g., water body and karst cave). There remains great motivation for the industry to develop a real-time identification technology relating complex geological conditions with the existing tunnelling parameters. This study explores the potential for the use of machine learning-based data driven approaches to identify the change in geology during tunnel excavation. Further, the feasibility for machine learning-based anomaly detection approaches to detect the development of clayey clogging is also assessed. The results of an application of the machine learning-based approaches to Xi'an Metro line 4 are presented in this paper where two tunnels buried in the water-rich sandy soils at depths of 12-14 m are excavated using a 6.288 m diameter EPB shield machine. A reasonable agreement with the measurements verifies their applicability towards widening the application horizon of machine learning-based approaches.

• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.95-102
• /
• 2023

The emergence of Internet of Things (IoT) into our daily lives has grown rapidly. It's been integrated to our homes, cars, and cities, increasing the intelligence of devices involved in communications. Enormous amount of data is exchanged over smart devices through the internet, which raises security concerns in regards of privacy evasion. This paper is focused on the forensics and intrusion detection on one of the most common protocols in IoT environments, especially smart home environments, which is the Message Queuing Telemetry Transport (MQTT) protocol. The paper covers general IoT infrastructure, MQTT protocol and attacks conducted on it, and multiple network forensics frameworks in smart homes. Furthermore, a machine learning model is developed and tested to detect several types of attacks in an IoT network. A forensics tool (MQTTracker) is proposed to contribute to the investigation of MQTT protocol in order to provide a safer technological future in the warmth of people's homes. The MQTT-IOT-IDS2020 dataset is used to train the machine learning model. In addition, different attack detection algorithms are compared to ensure the suitable algorithm is chosen to perform accurate classification of attacks within MQTT traffic.

• Journal of Biomedical Engineering Research
• /
• v.25 no.5
• /
• pp.335-342
• /
• 2004

This paper describes a trans-admittance scanner for breast cancer detection. A FPGA-based sinusoidal waveform generator produces a constant voltage. The voltage is applied between a hand-held electrode and a scan probe placed on the breast. The scan probe contains an 8x8 array of electrodes that are kept at the ground potential. Multi-channel precision digital ammeters using the phase-sensitive demodulation technique were developed to measure the exit current from each electrode in the array. Different regions of the breast are scanned by moving the probe on the breast. We could get trans-admittance images of resistor and saline phantoms with an anomaly inside. The images provided the information on the depth and location of the anomaly. In future studies, we need to improve the accuracy through a better calibration method. We plan to test the scanner's ability to detect a cancer lesion inside the human breast.

• Geophysics and Geophysical Exploration
• /
• v.6 no.2
• /
• pp.57-63
• /
• 2003

For the dectection of small cavity in the hard rock, we investigated the feasibility of crosswell travel-time tomography and Kirchhoff migration technique. In travel-time tomography, first arrival anomaly caused by small cavity was investigated by numerical modeling based on the knowledge of actual field information. First arrival delay was very small (<0.125 msec) and detectable receiver offset range was limited to 4m with respect to $1\%$ normalized first arrival anomaly. As a consequence, it was turned out that carefully designed survey array with both sufficient narrow spatial spacing and temporal (<0.03125 msec) sampling were required for small cavity detection. Also, crosswell Kirchhoff migration technique was investigated with both numerical and real data. Stack section obtained by numerical data shows the good cavity image. In crosswell seismic data, various unwanted seismic events such as direct wave and various mode converted waves were alto recorded. To remove these noises und to enhance the diffraction signal, combination of median and bandpass filtering was applied and prestack and stacked migration images were created. From this, we viewed the crosswell migration technique as one of the adoptable method for small cavity detection.

• Journal of Electrical Engineering and Technology
• /
• v.10 no.1
• /
• pp.92-101
• /
• 2015

As one type of power quality (PQ) disturbance sources, high-speed rail (HSR) can have major impacts on the power supply grid. Providing timely and accurate warning information for PQ problems of HSR is important for the safe and stable operation of traction power supply systems and the power supply grid. This study proposes a novel warning approach to identify PQ problems and provide warning prompts based on the monitored data of HSR. To embody the displacement and status change of monitored data, multi-features of different sliding windows are computed. To reflect the relative importance degree of these features in the overall evaluation, an analytic hierarchy process (AHP) is used to analyse the weights of multi-features. Finally, a multi-features similarity algorithm is applied to analyse the difference between monitored data and the reference data of HSR, and PQ warning results based on dynamic thresholds can be analysed to quantify its severity. Cases studies demonstrate that the proposed approach is effective and feasible, and it has now been applied to an actual PQ monitoring platform.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.489-494
• /
• 2007

침입방지 시스템(IPS, Intrusion Prevention System)은 인라인모드(in-line mode)로 네트워크에 설치되어, 네트워크를 지나는 패킷 또는 세션을 검사하여 만일 그 패킷에서 공격이 감지되면 해당 패킷을 폐기하거나 세션을 종료시킴으로서 외부의 침입으로부터 네트워크를 보호하는 시스템을 의미한다. 침입방지 시스템은 크게 두 가지 종류의 동작을 수행한다. 하나는 이미 알려진 공격으로부터 방어하는 시그너처 기반 필터링(signature based filtering)이고 다른 하나는 알려지지 않은 공격이나 비정상 세션으로부터 방어하는 자기 학습 기반의 변칙 탐지 및 방지(anomaly detection and prevention based on selflearning)이다. 시그너처 기반 필터링에서는 침입방지시스템을 통과하는 패킷의 페이로드와 시그너처라고 불리는 공격 패턴들과 비교하여 같으면 그 패킷을 폐기한다. 시그너처의 개수가 증가함에 따라 하나의 들어온 패킷에 대하여 요구되는 패턴 매칭 시간은 증가하게 되어 패킷지연 없이 동작하는 고성능 침입탐지시스템을 개발하는 것이 어렵게 되었다. 공개 침입방지 소프트웨어인 SNORT를 위한 여러 개의 효율적인 패턴 매칭 방식들이 제안되었는데 시그너처들의 공통된 부분에 대해 한번만 매칭을 수행하거나 한 바이트 단위 비교대신 여러 바이트 비교 동작을 수행함으로써 불필요한 매칭동작을 줄이려고 하였다. 본 논문에서는 패턴 매칭 시간을 시그너처의 개수와 무관하게 하기 위하여 시그너처 해싱 기반에 기반한 고성능 침입방지시스템을 제안한다.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.8
• /
• pp.2411-2420
• /
• 2000

Far detecting variaus camputer intrusians effectively, many researches have develaped the misuse based intrusian detectian systems. Recently, warks related ta anamaly detectian, which have impraved the drawback .of misuse detectian technique, have been under focus. In this paper, a new clustering algarithm based an support constraint far generating user's narmal activity patterns in the anamaly detectian can praposed. It can grant a user's activity .observed recently ta mare weight than that .observed in the past. In order that a user's anamaly can be analyzed in variaus angles, a user's activity is classified by many measures, and far each .of them user's narmal patterns can be generated. by using the proposed algarithm. As a result, using generated narmal patterns, user's anamaly can be detected easily and effectively.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.5
• /
• pp.1066-1072
• /
• 2011

In the method to analyze the relationship in the system call orders, the normal system call orders are divided into a certain size of system call orders to generates gene and use them as the detectors. In the method to consider the system call parameters, the mean and standard deviation of the parameter lengths are used as the detectors. The attack of which system call order is normal but the parameter values are changed, such as the format string attack, cannot be detected by the method that considers only the system call orders, whereas the model that considers only the system call parameters has the drawback of high positive defect rate because of the information obtained from the interval where the attack has not been initiated, since the parameters are considered individually. To solve these problems, it is necessary to develop a more efficient learning and detecting method that groups the continuous system call orders and parameters as the approach that considers various characteristics of system call related to attacking simultaneously. In this article, we detected the anomaly of the system call orders and parameters by applying the temporal concept to the system call orders and parameters in order to improve the rate of positive defect, that is, the misjudgment of anomaly as normality. The result of the experiment where the DARPA data set was employed showed that the proposed method improved the positive defect rate by 13% in the system call order model where time was considered in comparison with that of the model where time was not considered.

• The Journal of Bigdata
• /
• v.6 no.1
• /
• pp.23-35
• /
• 2021

In the era of the 4th industrial revolution, smart factories have received great attention, where production and manufacturing technology and ICT converge. With the development of IoT technology and big data, automation of production systems has become possible. In the advanced manufacturing industry, production systems are subject to unscheduled performance degradation and downtime, and there is a demand to reduce safety risks by detecting and reparing potential errors as soon as possible. This study designs a model based on supervised and unsupervised learning for detecting anomalies. The accuracy of XGBoost, LightGBM, and CNN models was compared as a supervised learning analysis method. Through the evaluation index based on the confusion matrix, it was confirmed that LightGBM is most predictive (97%). In addition, as an unsupervised learning analysis method, MD, AE, and LSTM-AE models were constructed. Comparing three unsupervised learning analysis methods, the LSTM-AE model detected 75% of anomalies and showed the best performance. This study aims to contribute to the advancement of the smart factory by combining supervised and unsupervised learning techniques to accurately diagnose equipment failures and predict when abnormal situations occur, thereby laying the foundation for preemptive responses to abnormal situations. do.