• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1385-1402
• /
• 2019

Quickly picking up some valuable information from massive manufacturing event stream usually faces with the problem of long detection time, high memory consumption and low detection efficiency due to its stream characteristics of large volume, high velocity, many variety and small value. Aiming to solve the problem above for the current complex event processing methods because of not sharing detection during the detecting process for massive manufacturing event streams, an efficient complex event processing method based on multipattern sharing is presented in this paper. The achievement of this paper lies that a multipattern sharing technology is successfully used to realize the quick detection of complex event for massive manufacturing event streams. Specially, in our scheme, we firstly use pattern sharing technology to merge all the same prefix, suffix, or subpattern that existed in single pattern complex event detection models into a multiple pattern complex event detection model, then we use the new detection model to realize the quick detection for complex events from massive manufacturing event streams, as a result, our scheme can effectively solve the problems above by reducing lots of redundant building, storing, searching and calculating operations with pattern sharing technology. At the end of this paper, we use some simulation experiments to prove that our proposed multiple pattern processing scheme outperforms some general processing methods in current as a whole.

• Journal of Electrical Engineering and Technology
• /
• v.13 no.2
• /
• pp.989-997
• /
• 2018

Massive event stream brings us great challenges in its volume, velocity, variety, value and veracity. Picking up some valuable information from it often faces with long detection time, high memory consumption and low detection efficiency. Aiming to solve the problems above, an efficient complex event detection method based on NFA_HTS (Nondeterministic Finite Automaton_Hash Table Structure) is proposed in this paper. The achievement of this paper lies that we successfully use NFA_HTS to realize the detection of complex event from massive RFID event stream. Specially, in our scheme, after using NFA to capture the related RFID primitive events, we use HTS to store and process the large matched results, as a result, our scheme can effectively solve the problems above existed in current methods by reducing lots of search, storage and computation operations on the basis of taking advantage of the quick classification and storage technologies of hash table structure. The simulation results show that our proposed NFA_HTS scheme in this paper outperforms some general processing methods in reducing detection time, lowering memory consumption and improving event throughput.

• IE interfaces
• /
• v.20 no.3
• /
• pp.288-297
• /
• 2007

Success of semiconductor/LCD industry depends on its yield and quality of product. For the purpose, FDC (Fault Detection and Classification) system is used to diagnose fault state in main manufacturing processes by monitoring time series data collected by equipment sensors which represent various conditions of the equipment. The data set is segmented at the start and end of each product lot processing by a trigger event module. However, in practice, segmented sensor data usually have the features of data asynchronization such as different start points, end points, and data lengths. Due to the asynchronization problem, false alarm (type I error) and missed alarm (type II error) occur frequently. In this paper, we propose a robust process fault detection system by integrating a process event detection method and a similarity measuring method based on dynamic time warping algorithm. An experiment shows that the proposed system is able to recognize abnormal condition correctly under the asynchronous data situation.

• International Journal of Computer Science & Network Security
• /
• v.23 no.12
• /
• pp.107-114
• /
• 2023

The attack technique by the malware distribution form is a dangerous, difficult to detect and prevent attack method. Current malware detection studies and proposals are often based on two main methods: using sign sets and analyzing abnormal behaviors using machine learning or deep learning techniques. This paper will propose a method to detect malware on Endpoints based on Event IDs using deep learning. Event IDs are behaviors of malware tracked and collected on Endpoints' operating system kernel. The malware detection proposal based on Event IDs is a new research approach that has not been studied and proposed much. To achieve this purpose, this paper proposes to combine different data mining methods and deep learning algorithms. The data mining process is presented in detail in section 2 of the paper.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4307-4325
• /
• 2016

With the aim of solving the problems of long processing times, high memory consumption and low event throughput in the current processing approaches in out-of-order RFID event streams, an efficient complex event processing method based on INFA-HTS (Improved Nondeterministic Finite Automaton-Hash Table Structure) is presented in this paper. The contribution of this paper lies in the fact that we use INFA and HTS to successfully realize the detection of complex events for out-of-order RFID event streams. Specifically, in our scheme, to detect the disorder of out-of-order event streams, we expand the traditional NFA model into a new INFA model to capture the related RFID primitive events from the out-of-order event stream. To high-efficiently manage the large intermediate capturing results, we use the HTS to store and process them. As a result, these problems in the existing methods can be effectively solved by our scheme. The simulation results of our experiments show that our proposed method in this paper outperforms some of the current general processing approaches used to process out-of-order RFID event streams.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.13-23
• /
• 2021

The attacker's techniques and tools are becoming intelligent and sophisticated. Existing Anti-Virus cannot prevent security accident. So the security threats on the endpoint should also be considered. Recently, EDR security solutions to protect endpoints have emerged, but they focus on visibility. There is still a lack of detection and responsiveness. In this paper, we use real-world EDR event logs to aggregate knowledge-based MITRE ATT&CK and autoencoder-based anomaly detection techniques to detect anomalies in order to screen effective analysis and analysis targets from a security manager perspective. After that, detected anomaly attack signs show the security manager an alarm along with log information and can be connected to legacy systems. The experiment detected EDR event logs for 5 days, and verified them with hybrid analysis search. Therefore, it is expected to produce results on when, which IPs and processes is suspected based on the EDR event log and create a secure endpoint environment through measures on the suspicious IP/Process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.591-603
• /
• 2018

Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

• Proceedings of the IEEK Conference
• /
• summer
• /
• pp.237-243
• /
• 2004

A multichannel smart sound sensor capable to detect and identify sound events in noisy conditions is presented in this paper. Sound information extraction is a complex task and the main difficulty consists is the extraction of high­level information from an one-dimensional signal. The input of smart sound sensor is composed of data collected by 5 microphones and its output data is sent through a network. For a real time working purpose, the sound analysis is divided in three steps: sound event detection for each sound channel, fusion between simultaneously events and sound identification. The event detection module find impulsive signals in the noise and extracts them from the signal flow. Our smart sensor must be capable to identify impulsive signals but also speech presence too, in a noisy environment. The classification module is launched in a parallel task on the channel chosen by data fusion process. It looks to identify the event sound between seven predefined sound classes and uses a Gaussian Mixture Model (GMM) method. Mel Frequency Cepstral Coefficients are used in combination with new ones like zero crossing rate, centroid and roll-off point. This smart sound sensor is a part of a medical telemonitoring project with the aim of detecting serious accidents.

• Journal of Korean Institute of Industrial Engineers
• /
• v.39 no.6
• /
• pp.577-586
• /
• 2013

In a shipyard, it is hard to predict block movement due to the uncertainty caused during the long period of shipbuilding operations. For this reason, block movement is rarely scheduled, while main operations such as assembly, outfitting and painting are scheduled properly. Nonetheless, the high operating costs of block movement compel task managers to attempt its management. To resolve this dilemma, this paper proposes a new block movement analysis framework consisting of the following operations: understanding the entire process, log clustering to obtain manageable processes, discovering the process model and detecting exceptional processes. The proposed framework applies fuzzy mining and trace clustering among the process mining technologies to find main process and define process models easily. We also propose additional methodologies including adjustment of the semantic expression level for process instances to obtain an interpretable process model, definition of each cluster's process model, detection of exceptional processes, and others. The effectiveness of the proposed framework was verified in a case study using real-world event logs generated from the Block Process Monitoring System (BPMS).

• The KIPS Transactions:PartD
• /
• v.18D no.4
• /
• pp.261-274
• /
• 2011

In recent competitive business environment each enterprise has to be agile and flexible. For these purposes run-time monitoring ofservices provided by an enterprise and early decision making through this becomes core competition of the enterprise. In addition, in order to process various innumerable events which are generated on enterprise systems techniques which make filtering of meaningful data are needed. However, the existing study related with this is nothing but discovering of service faults by monitoring depending upon API of BPEL engine or middleware, or is nothing but processing of simple events based on low-level events. Accordingly, there would be limitations to provide useful business information. In this paper, through situation detection an extended complex event model is presented, which is possible to provide more valuable and useful business information. Concretely, first of all an event processing architecture in an enterprise system is proposed, and event meta-model which is suitable to the proposed architecture is going to be defined. Based on the defined meta-model, It is presented that syntax and semantics of constructs in our event processing language including various and progressive event operators, complex event pattern, key, etc. In addition, an event context mechanism is proposed to analyze more delicate events. Finally, through application studies application possibility of this study would be shown and merits of this event model would be present through comparison with other event model.