• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권3호
• /
• pp.1385-1402
• /
• 2019

Quickly picking up some valuable information from massive manufacturing event stream usually faces with the problem of long detection time, high memory consumption and low detection efficiency due to its stream characteristics of large volume, high velocity, many variety and small value. Aiming to solve the problem above for the current complex event processing methods because of not sharing detection during the detecting process for massive manufacturing event streams, an efficient complex event processing method based on multipattern sharing is presented in this paper. The achievement of this paper lies that a multipattern sharing technology is successfully used to realize the quick detection of complex event for massive manufacturing event streams. Specially, in our scheme, we firstly use pattern sharing technology to merge all the same prefix, suffix, or subpattern that existed in single pattern complex event detection models into a multiple pattern complex event detection model, then we use the new detection model to realize the quick detection for complex events from massive manufacturing event streams, as a result, our scheme can effectively solve the problems above by reducing lots of redundant building, storing, searching and calculating operations with pattern sharing technology. At the end of this paper, we use some simulation experiments to prove that our proposed multiple pattern processing scheme outperforms some general processing methods in current as a whole.

• Journal of Electrical Engineering and Technology
• /
• 제13권2호
• /
• pp.989-997
• /
• 2018

Massive event stream brings us great challenges in its volume, velocity, variety, value and veracity. Picking up some valuable information from it often faces with long detection time, high memory consumption and low detection efficiency. Aiming to solve the problems above, an efficient complex event detection method based on NFA_HTS (Nondeterministic Finite Automaton_Hash Table Structure) is proposed in this paper. The achievement of this paper lies that we successfully use NFA_HTS to realize the detection of complex event from massive RFID event stream. Specially, in our scheme, after using NFA to capture the related RFID primitive events, we use HTS to store and process the large matched results, as a result, our scheme can effectively solve the problems above existed in current methods by reducing lots of search, storage and computation operations on the basis of taking advantage of the quick classification and storage technologies of hash table structure. The simulation results show that our proposed NFA_HTS scheme in this paper outperforms some general processing methods in reducing detection time, lowering memory consumption and improving event throughput.

• 산업공학
• /
• 제20권3호
• /
• pp.288-297
• /
• 2007

Success of semiconductor/LCD industry depends on its yield and quality of product. For the purpose, FDC (Fault Detection and Classification) system is used to diagnose fault state in main manufacturing processes by monitoring time series data collected by equipment sensors which represent various conditions of the equipment. The data set is segmented at the start and end of each product lot processing by a trigger event module. However, in practice, segmented sensor data usually have the features of data asynchronization such as different start points, end points, and data lengths. Due to the asynchronization problem, false alarm (type I error) and missed alarm (type II error) occur frequently. In this paper, we propose a robust process fault detection system by integrating a process event detection method and a similarity measuring method based on dynamic time warping algorithm. An experiment shows that the proposed system is able to recognize abnormal condition correctly under the asynchronous data situation.

• International Journal of Computer Science & Network Security
• /
• 제23권12호
• /
• pp.107-114
• /
• 2023

The attack technique by the malware distribution form is a dangerous, difficult to detect and prevent attack method. Current malware detection studies and proposals are often based on two main methods: using sign sets and analyzing abnormal behaviors using machine learning or deep learning techniques. This paper will propose a method to detect malware on Endpoints based on Event IDs using deep learning. Event IDs are behaviors of malware tracked and collected on Endpoints' operating system kernel. The malware detection proposal based on Event IDs is a new research approach that has not been studied and proposed much. To achieve this purpose, this paper proposes to combine different data mining methods and deep learning algorithms. The data mining process is presented in detail in section 2 of the paper.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권9호
• /
• pp.4307-4325
• /
• 2016

With the aim of solving the problems of long processing times, high memory consumption and low event throughput in the current processing approaches in out-of-order RFID event streams, an efficient complex event processing method based on INFA-HTS (Improved Nondeterministic Finite Automaton-Hash Table Structure) is presented in this paper. The contribution of this paper lies in the fact that we use INFA and HTS to successfully realize the detection of complex events for out-of-order RFID event streams. Specifically, in our scheme, to detect the disorder of out-of-order event streams, we expand the traditional NFA model into a new INFA model to capture the related RFID primitive events from the out-of-order event stream. To high-efficiently manage the large intermediate capturing results, we use the HTS to store and process them. As a result, these problems in the existing methods can be effectively solved by our scheme. The simulation results of our experiments show that our proposed method in this paper outperforms some of the current general processing approaches used to process out-of-order RFID event streams.

• 한국산업정보학회논문지
• /
• 제29권4호
• /
• pp.67-76
• /
• 2024

본 연구에서는 다중 에이전트를 이용한 타깃 감지 문제를 다루는데, 특히 이동식 에이전트를 활용한 감지 문제는 경로 계획에 대한 전략이 추가로 필요하다. 문제의 목표는 특정 기간 내 감지 프로세스를 통해 총 효용을 극대화할 수 있는 각 에이전트의 경로를 찾는 것인데, 시간에 따라 타깃의 사건 발생 확률이 변하도록 하는 포아송 프로세스(Poisson process) 기반의 확률적 프로세스(stochastic process)를 고려하여 현실적인 효용 값을 반영한다. 본 감지 문제의 목적함수는 비선형(non-linearity)이고, NP-난해(NP-hard) 문제로 표현된다. 효율적인 계산 시간 내에 효과적인 해를 찾기 위해, 본 연구에서는 하위모듈성(submodularity)의 특성을 갖는 목적함수임을 증명하고, 이를 활용해 비교적 낮은 계산 시간으로 합리적인 전략을 얻기 위한 휴리스틱 알고리즘을 제안한다. 제안한 알고리즘은 해의 성능과 적절한 계산 시간 내에 해를 도출할 수 있다는 측면에서 우수한 알고리즘임을 이론 및 실험적으로 제시한다.

• 융합보안논문지
• /
• 제21권3호
• /
• pp.13-23
• /
• 2021

공격자의 무기가 점차 지능화 및 고도화되고 있어 기존 백신만으로는 보안 사고를 막을 수 없으므로 endpoint까지 보안 위협이 검토되고 있다. 최근 endpoint를 보호하기 위한 EDR 보안 솔루션이 등장했지만, 가시성에 중점을 두고 있으며, 이에 대한 탐지 및 대응 기술은 부족하다. 본 논문에서는 보안 관리자 관점에서 효과적인 분석과 분석 대상을 선별하기 위해 실 환경 EDR 이벤트 로그를 사용하여 지식 기반 MITRE ATT&CK 및 AutoEncoder 기반 Anomaly Detection 기술을 종합적으로 사용하여 이상 공격징후를 탐지한다. 이후, 탐지된 이상 공격징후는 보안 관리자에게 로그정보와 함께 alarm을 보여주며, 레거시 시스템과의 연계가 가능하다. 실험은 5일에 대한 EDR 이벤트 로그를 하루 단위로 탐지했으며, Hybrid Analysis 검색을 통해 이를 검증한다. 따라서, EDR 이벤트 로그 기반 언제, 어떤 IP에서, 어떤 프로세스가 얼마나 의심스러운지에 대한 결과를 산출하며, 산출된 의심 IP/Process에 대한 조치를 통해 안전한 endpoint 환경을 조성할 것으로 기대한다.

• 정보보호학회논문지
• /
• 제28권3호
• /
• pp.591-603
• /
• 2018

윈도우 이벤트 로그는 윈도우 운영체제에서 시스템 로그를 기록하는 형식이며, 시스템 운영에 대한 정보를 체계적으로 관리한다. 이벤트는 시스템 자체 또는 사용자의 특정 행위로 인해 발생할 수 있고, 특정 이벤트 로그는 기업 보안 감사, 악성코드 탐지 등에 사용될 수 있다. 본 논문에서는 기업 보안 감사 및 악성코드 탐지와 관련된 이벤트 로그(외부장치 연결, 응용 프로그램 설치, 공유 폴더 사용, 프린터 사용, 원격 연결/해제, PC 시작/종료, 로그온/오프, 절전모드, 네트워크 연결/해제, 이벤트 로그 삭제, 시스템 시간 변경, 파일/레지스트리 조작, 프로세스 생성, DNS 질의, 윈도우 서비스 추가)들을 선정하고, 발생하는 이벤트 ID를 분류 및 분석하였다. 또한, 기존의 이벤트 로그 분석도구는 EVTX 파싱 기능만을 포함하고 있어 이를 포렌식 수사에 이용할 경우 사용자의 행적을 추적하기 어렵다. 이에 본 연구에서 새로운 분석도구를 구현하였으며, EVTX 파싱과 행위 분석이 가능하다.

• 대한전자공학회:학술대회논문집
• /
• 대한전자공학회 2004년도 ICEIC The International Conference on Electronics Informations and Communications
• /
• pp.237-243
• /
• 2004

A multichannel smart sound sensor capable to detect and identify sound events in noisy conditions is presented in this paper. Sound information extraction is a complex task and the main difficulty consists is the extraction of high­level information from an one-dimensional signal. The input of smart sound sensor is composed of data collected by 5 microphones and its output data is sent through a network. For a real time working purpose, the sound analysis is divided in three steps: sound event detection for each sound channel, fusion between simultaneously events and sound identification. The event detection module find impulsive signals in the noise and extracts them from the signal flow. Our smart sensor must be capable to identify impulsive signals but also speech presence too, in a noisy environment. The classification module is launched in a parallel task on the channel chosen by data fusion process. It looks to identify the event sound between seven predefined sound classes and uses a Gaussian Mixture Model (GMM) method. Mel Frequency Cepstral Coefficients are used in combination with new ones like zero crossing rate, centroid and roll-off point. This smart sound sensor is a part of a medical telemonitoring project with the aim of detecting serious accidents.

• 대한산업공학회지
• /
• 제39권6호
• /
• pp.577-586
• /
• 2013

In a shipyard, it is hard to predict block movement due to the uncertainty caused during the long period of shipbuilding operations. For this reason, block movement is rarely scheduled, while main operations such as assembly, outfitting and painting are scheduled properly. Nonetheless, the high operating costs of block movement compel task managers to attempt its management. To resolve this dilemma, this paper proposes a new block movement analysis framework consisting of the following operations: understanding the entire process, log clustering to obtain manageable processes, discovering the process model and detecting exceptional processes. The proposed framework applies fuzzy mining and trace clustering among the process mining technologies to find main process and define process models easily. We also propose additional methodologies including adjustment of the semantic expression level for process instances to obtain an interpretable process model, definition of each cluster's process model, detection of exceptional processes, and others. The effectiveness of the proposed framework was verified in a case study using real-world event logs generated from the Block Process Monitoring System (BPMS).