• Proceedings of the IEEK Conference
• /
• 2002.07b
• /
• pp.928-931
• /
• 2002

Network based intrusion detection system is a computer network security tool. In this paper, we present an intrusion detection system based on Self-Organizing Maps (SOM) and Resilient Propagation Neural Network (RPROP) for visualizing and classifying intrusion and normal patterns. We introduce a cluster matching equation for finding principal associated components in component planes. We apply data from The Third International Knowledge Discovery and Data Mining Tools Competition (KDD cup'99) for training and testing our prototype. From our experimental results with different network data, our scheme archives more than 90 percent detection rate, and less than 5 percent false alarm rate in one SYN flooding and two port scanning attack types.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.6
• /
• pp.1462-1470
• /
• 2013

This paper proposes an SWAD-KNH(Sybil & Wormhole Attack Detection using Key, Neighbor list and Hop count) technique which consists of an SWAD(Sybil & Wormhole Attack Detection) module detecting an Worm attack and a KGDC(Key Generation and Distribution based on Cluster) module generating and an sense node key and a Group key by the cluster and distributing them. The KGDC module generates a group key and an sense node key by using an ECDH algorithm, a hash function, and a key-chain technique and distributes them safely. An SWAD module strengthens the detection of an Sybil attack by accomplishing 2-step key acknowledgement procedure and detects a Wormhole attack by using the number of the common neighbor nodes and hop counts of an source and destination node. As the result of the SWAD-KNH technique shows an Sybil attack detection rate is 91.2% and its average FPR 3.82%, a Wormhole attack detection rate is 90%, and its average FPR 4.64%, Sybil and wormhole attack detection rate and its reliability are improved.

• Journal of The Korean Astronomical Society
• /
• v.37 no.5
• /
• pp.579-581
• /
• 2004

Recently, claims have been made of the detection of 'warm-hot' gas in the intergalactic medium. Kaastra et al. (2003) claimed detection of ${\~} 10^6$ K material in the Coma Cluster but studies by Arnaud et al. (2001), and our analysis of the Chandra observations of Coma (Vikhlinin et al. 2001), find no evidence for a $10^6$ K gas in the cluster. Finoguenov et al. (2003) claimed the detection of $3 {\times} 10^6$ gas slightly off-center from the Coma Cluster. However, our analysis of ROSAT data from this region shows no excess in this region. We propose an alternative explanation which resolves all these conflicting reports. A number of studies (e.g. Robertson et al., 2001) have shown that the local interstellar medium undergoes charge exchange with the solar wind. The resulting recombination spectrum shows lines of O VII and O VIII (Wargelin et al. 2004). Robertson & Cravens (2003) have .shown that as much as $25\%$ of the Galactic polar flux is heliospheric recombination radiation and that this component is highly variable. Sporadic heliospheric emission could account for all the claims of detections of 'warm-hot' gas and explain the conflicts cited above.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.3
• /
• pp.127-136
• /
• 2024

This study explores the correlation between system anomalies and large-scale logs within the Spark cluster environment. While research on anomaly detection using logs is growing, there remains a limitation in adequately leveraging logs from various components of the cluster and considering the relationship between anomalies and the system. Therefore, this paper analyzes the distribution of normal and abnormal logs and explores the potential for anomaly detection based on the occurrence of log templates. By employing Hadoop and Spark, normal and abnormal log data are generated, and through t-SNE and K-means clustering, templates of abnormal logs in anomalous situations are identified to comprehend anomalies. Ultimately, unique log templates occurring only during abnormal situations are identified, thereby presenting the potential for anomaly detection.

• 한국어정보학회:학술대회논문집
• /
• 2017.10a
• /
• pp.56-59
• /
• 2017

CNN(Convolutional Neural Network)을 이용하여 발화 주제 다중 분류 task를 multi-labeling 방법과, cluster 방법을 이용하여 수행하고, 각 방법론에 MSE(Mean Square Error), softmax cross-entropy, sigmoid cross-entropy를 적용하여 성능을 평가하였다. Network는 음절 단위로 tokenize하고, 품사정보를 각 token의 추가한 sequence와, Naver DB를 통하여 얻은 named entity 정보를 입력으로 사용한다. 실험결과 cluster 방법으로 문제를 변형하고, sigmoid를 output layer의 activation function으로 사용하고 cross entropy cost function을 이용하여 network를 학습시켰을 때 F1 0.9873으로 가장 좋은 성능을 보였다.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.11-16
• /
• 2013

Mobile node must move optionally and perform the router and the host functions at the same time. These characteristics of nodes have become a potential threatening element of a variety of attacks. In particular, a black hole which malicious node causes packet loss among them is one of the most important issues. In this paper, we propose distributed detection technique using monitoring tables in all node and cooperative detection technique based cluster for an efficient detection of black hole attack. The proposed technique performs by dividing into local detection and cooperative detection process which is composed of process of step 4 in order to improve the accuracy of the attack detection. Cluster head uses a black hole list to cooperative detection. The performance of the proposed technique was evaluated using ns-2 simulator and its excellent performance could be confirmed in the experiment result.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4342-4366
• /
• 2016

Congestion control in Cluster Wireless Sensor Networks (CWSNs) has drawn widespread attention and research interests. The increasing number of nodes and scale of networks cause more complex congestion control and management. Active Queue Management (AQM) is one of the major congestion control approaches in CWSNs, and Random Early Detection (RED) algorithm is commonly used to achieve high utilization in AQM. However, traditional RED algorithm depends exclusively on source-side control, which is insufficient to maintain efficiency and state stability. Specifically, when congestion occurs, deficiency of feedback will hinder the instability of the system. In this paper, we adopt the Additive-Increase Multiplicative-Decrease (AIMD) adjustment scheme and propose an improved RED algorithm by using neighbor feedback and scheduling scheme. The congestion control model is presented, which is a linear system with a non-linear feedback, and modeled by Lur'e type system. In the context of delayed Lur'e dynamical network, we adopt the concept of cluster synchronization and show that the congestion controlled system is able to achieve cluster synchronization. Sufficient conditions are derived by applying Lyapunov-Krasovskii functionals. Numerical examples are investigated to validate the effectiveness of the congestion control algorithm and the stability of the network.

• Communications for Statistical Applications and Methods
• /
• v.25 no.4
• /
• pp.373-383
• /
• 2018

The spatial scan statistic is a widely used method to detect spatial clusters. The method imposes a large number of scanning windows with pre-defined shapes and varying sizes on the entire study region. The likelihood ratio test statistic comparing inside versus outside each window is then calculated and the window with the maximum value of test statistic becomes the most likely cluster. The results of cluster detection respond sensitively to the shape and the maximum size of scanning windows. The shape of scanning window has been extensively studied; however, there has been relatively little attention on the maximum scanning window size (MSWS) or maximum reported cluster size (MRCS). The Gini coefficient has recently been proposed by Han et al. (International Journal of Health Geographics, 15, 27, 2016) as a powerful tool to determine the optimal value of MRCS for the Poisson-based spatial scan statistic. In this paper, we apply the Gini coefficient to normal-based spatial scan statistics. Through a simulation study, we evaluate the performance of the proposed method. We illustrate the method using a real data example of female colorectal cancer incidence rates in South Korea for the year 2009.

• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.655-670
• /
• 2014

In this paper, we propose an efficient and robust lane detection method for detecting immediate left and right lane boundaries of the lane in the roads. The proposed method are based on hyperbolic lane model and the reliable line segment clustering. The reliable line segment cluster is determined from the most probable cluster obtained from clustering line segments extracted by the efficient LSD algorithm. Experiments show that the proposed method works robustly against lanes with difficult environments such as ones with occlusions or with cast shadows in addition to ones with dashed lane marks, and that the proposed method performs better compared with other lane detection methods on an CMU/VASC lane dataset.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.1
• /
• pp.35-43
• /
• 2018

MANET composed of only wireless nodes is increasingly utilized in various fields. However, it is exposed to many security vulnerabilities because it doesn't have any infrastructure and transmits data by using multi-hop method. Therefore, MANET should be applied the intrusion detection technique that can detect efficiently malicious nodes and decrease impacts of various attacks. In this paper, we propose a distributed intrusion detection technique that can detect the various attacks while improving the efficiency of attack detection and reducing the false positive rate. The proposed technique uses the cluster structure to manage the information in the center and monitor the traffic of their neighbor nodes directly in all nodes. We use three parameters for attack detection. We also applied an efficient authentication technique using only key exchange without the help of CA in order to provide integrity when exchanging information between cluster heads. This makes it possible to free the forgery of information about trust information of the nodes and attack nodes. The superiority of the proposed technique can be confirmed through comparative experiments with existing intrusion detection techniques.