• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.10
• /
• pp.4176-4197
• /
• 2020

Botnet is a type of dangerous malware. Botnet attack with a collection of bots attacking a similar target and activity pattern is called bot group activities. The detection of bot group activities using intrusion detection models can only detect single bot activities but cannot detect bots' behavioral relation on bot group attack. Detection of bot group activities could help network administrators isolate an activity or access a bot group attacks and determine the relations between bots that can measure the correlation. This paper proposed a new model to measure the similarity between bot activities using the intersections-probability concept to define bot group activities called as B-Corr Model. The B-Corr model consisted of several stages, such as extraction feature from bot activity flows, measurement of intersections between bots, and similarity value production. B-Corr model categorizes similar bots with a similar target to specify bot group activities. To achieve a more comprehensive view, the B-Corr model visualizes the similarity values between bots in the form of a similar bot graph. Furthermore, extensive experiments have been conducted using real botnet datasets with high detection accuracy in various scenarios.

• Structural Engineering and Mechanics
• /
• v.81 no.2
• /
• pp.195-203
• /
• 2022

This paper presents the quantification and location damage detection of plane and space truss structures in a two-phase method to reduce the computations efforts significantly. In the first phase, a proposed damage indicator based on the residual force vector concept is used to get the suspected damaged members. In the second phase, using damage quantification as a variable, a teaching-learning based optimization algorithm (TLBO) is used to obtain the damage quantification value of the suspected members obtained in the first phase. TLBO is a relatively modern algorithm that has proved distinguished in solving optimization problems. For more verification of TLBO effeciency, the classical particle swarm optimization (PSO) is used in the second phase to make a comparison between TLBO and PSO algorithms. As it is clear, the first phase reduces the search space in the second phase, leading to considerable reduction in computations efforts. The method is applied on three examples, including plane and space trusses. Results have proved the capability of the proposed method to precisely detect the quantification and location of damage easily with low computational efforts, and the efficiency of TLBO in comparison to the classical PSO.

• The Korean Journal of Applied Statistics
• /
• v.29 no.7
• /
• pp.1385-1398
• /
• 2016

A pressurizer is a major equipment system in a nuclear power plant (NPP) and controls the reactor cooling system pressure within the allowable range. Faults in the pressurizer can be critical to the NPP; therefore, early fault detection in the pressurizer is significant for NPP safety. This study applies Mahalanobis Taguchi system (MTS), which is one of the promising pattern classification methods, based on the Mahalanobis distance concept and Taguchi quality engineering theory to the early fault detection problem of the pressurizer pressure control system. We conducted experiments using data from full scope NPP simulator based on a pressurizer pressure transmitter faults scenario to validate the faults detection performance of MTS. As a result, MTS can rapidly detect the faults compared to conventional faults detection based on single sensor monitoring.

• Journal of Digital Contents Society
• /
• v.9 no.1
• /
• pp.33-39
• /
• 2008

Mobile Ad Hoc Network is easy to be attacked because nodes are distributed not network based infrastructure. Intrusion detection system perceives the trust values of neighboring nodes and receives inspection on local security of nodes and observation ability. This study applied clustering mechanism to reduce overhead in intrusion detection. And, in order to measure the trust values, it associates the trust information cluster head received from member nodes with its own value and evaluates the trust of neighboring nodes. Secure data transmission is received by proposed concept because the trust of nodes on network is achieved accurately.

• Journal of the Korean Society of Manufacturing Technology Engineers
• /
• v.5 no.2
• /
• pp.57-62
• /
• 1996

Basically, the idea underlying most edge-detection technique is the computation of a local derivative operator used for edge detection in gray level image. This concept can be easily illustrated with the aid of object which shows an image of a simple lilght on a dark background, Using the gray level profile along a horizontal scan line of the image. the first and second derivatives of it were acquired. This study is to develop an automatic measuring system based on the digital image processing which can be applied to the real time measurement of the characteristics of the ultra-thin thickness. The experimental results indicate that the developed automatic inspection can be applied in real situation.

• Transactions of the Korean Society for Noise and Vibration Engineering
• /
• v.19 no.9
• /
• pp.884-891
• /
• 2009

This study investigates some of swarm intelligence algorithms to tackle a traditional damage detection problem having stiffness degradation or damage in mechanical structures. Particle swarm(PSO) and ant colony optimization(ACO) methods have been exploited for localizing and estimating the location and extent damages in a structure. Both PSO and ACO are population-based, stochastic algorithms that have been developed from the underlying concept of swarm intelligence and search heuristic. A finite element (FE) model updating is implemented to minimize the difference in a set of natural frequencies between measured and baseline vibration data. Stiffness loss of certain elements is considered to simulate structural damages in the FE model. It is numerically shown that PSO and ACO algorithms successfully completed the optimization process of model updating in locating unknown damages in a truss structure.

• Bulletin of the Korean Chemical Society
• /
• v.32 no.12
• /
• pp.4215-4220
• /
• 2011

This study introduces a new concept for a simple, efficient and cheap sensitivity amplification of a Quartz Crystal Microbalance (QCM) based immunosensor system for the detection of tumor necrosis factor-alpha (TNF-${\alpha}$, TNF) by using an in-built magnetic system. The frequency shift due to the applied magnetic field was successfully observed on magnetic particles labeled detection antibodies, anti-human TNF-${\alpha}$, which were bound to the immunologically captured TNF-${\alpha}$ on the gold coated quartz crystals. In the present system, the magnitude of frequency shift depends on both the strength of magnetic field and the amount of target antigen applied. Significant signal amplification was observed when the additional built-in residual stress generated by the modified magnetic particles under the magnetic field applied. Used in conjunction with a sandwich type non-competitive immunoassay format, the lower detection limit was calculated to be 25 $ngmL^{-1}$ and showed good linearity up to TNF-${\alpha}$ concentrations as high as 2.0 ${\mu}gmL^{-1}$. The sensitivity, most importantly, was improved up to 4.3 times compared with the same QCM system which was used only an antigen-antibody binding without additional magnetic amplification.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.544-555
• /
• 2009

This work continues a trend of developments aimed at exploiting the physical layer of the open systems interconnection (OSI) model to enhance wireless network security. The goal is to augment activity occurring across other OSI layers and provide improved safeguards against unauthorized access. Relative to intrusion detection and anti-spoofing, this paper provides details for a proof-of-concept investigation involving "air monitor" applications where physical equipment constraints are not overly restrictive. In this case, RF fingerprinting is emerging as a viable security measure for providing device-specific identification (manufacturer, model, and/or serial number). RF fingerprint features can be extracted from various regions of collected bursts, the detection of which has been extensively researched. Given reliable burst detection, the near-term challenge is to find robust fingerprint features to improve device distinguishability. This is addressed here using wavelet domain (WD) RF fingerprinting based on dual-tree complex wavelet transform (DT-$\mathbb{C}WT$) features extracted from the non-transient preamble response of OFDM-based 802.11a signals. Intra-manufacturer classification performance is evaluated using four like-model Cisco devices with dissimilar serial numbers. WD fingerprinting effectiveness is demonstrated using Fisher-based multiple discriminant analysis (MDA) with maximum likelihood (ML) classification. The effects of varying channel SNR, burst detection error and dissimilar SNRs for MDA/ML training and classification are considered. Relative to time domain (TD) RF fingerprinting, WD fingerprinting with DT-$\mathbb{C}WT$ features emerged as the superior alternative for all scenarios at SNRs below 20 dB while achieving performance gains of up to 8 dB at 80% classification accuracy.

• Journal of KIISE:Databases
• /
• v.35 no.2
• /
• pp.112-124
• /
• 2008

RDF and OWL are the primary base technologies for implementing Semantic Web. Recently, many researches related with them, or applying them into the other application domains, have been introduced. However, relatively little work has been done for securing the RDF and OWL data. In this article, we briefly introduce an RDF triple based model for specifying RDF access authorization related with RDF security. Next, to efficiently find the authorization conflict by RDF inference, we introduce a method using prime number graph labeling in detail. The problem of authorization conflict by RDF inference is that although the lower concept is permitted to be accessed, it can be inaccessible due to the disapproval for the upper concept. Because by the RDF inference, the lower concept can be interpreted into the upper concept. Some experimental results show that the proposed method using the prime number graph labeling has better performance than the existing simple method for the detection of the authorization conflict.

• Journal of Biomedical Engineering Research
• /
• v.28 no.4
• /
• pp.441-448
• /
• 2007

Heart rate variability (HRV) in electrocardiogram (ECG) is an important index for understanding the health status of heart and the autonomic nervous system. Most HRV analysis approaches are based on the proper heart rate (HR) data. Estimation of heart rate is thus a key process in the HRV study. In this paper, we report an innovative method to estimate the heart rate. This method is mainly based on the concept of periodicity transform (PT) and instantaneous period (IP) estimate. The method presented is accordingly called the "PT-IP method." It does not require ECG R-wave detection and thus possesses robust noise-immune capability. While the noise contamination, ECG time-varying morphology, and subjects' physiological variations make the R-wave detection a difficult task, this method can help us effectively estimate HR for medical research and clinical diagnosis. The results of estimating HR from empirical ECG data verify the efficacy and reliability of the proposed method.