• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.4
• /
• pp.666-677
• /
• 2015

The importance of application traffic analysis for efficient network management has been emphasized continuously. Snort is a popular traffic analysis system which detects traffic matched to pre-defined signatures and perform various actions based on the rules. However, it is very difficult to get highly accurate signatures to meet various analysis purpose because it is very tedious and time-consuming work to search the entire traffic data manually or semi-automatically. In this paper, we propose a novel method to generate signatures in a fully automatic manner in the form of sort rule from raw packet data captured from network link or end-host. We use a sequence pattern algorithm to generate common substring satisfying the minimum support from traffic flow data. Also, we extract the location and header information of the signature which are the components of snort content rule. When we analyzed the proposed method to several application traffic data, the generated rule could detect more than 97 percentage of the traffic data.

• Journal of Internet Computing and Services
• /
• v.22 no.2
• /
• pp.77-87
• /
• 2021

With the development of the Internet and personal computers, various and complex attacks begin to emerge. As the attacks become more complex, signature-based detection become difficult. It leads to the research on behavior-based log anomaly detection. Recent work utilizes deep learning to learn the order and it shows good performance. Despite its good performance, it does not provide any explanation for prediction. The lack of explanation can occur difficulty of finding contamination of data or the vulnerability of the model itself. As a result, the users lose their reliability of the model. To address this problem, this work proposes an explainable log anomaly detection system. In this study, log parsing is the first to proceed. Afterward, sequential rules are extracted by Bayesian posterior probability. As a result, the "If condition then results, post-probability" type rule set is extracted. If the sample is matched to the ruleset, it is normal, otherwise, it is an anomaly. We utilize HDFS datasets for the experiment, resulting in F1score 92.7% in test dataset.

• Korean Journal of Remote Sensing
• /
• v.25 no.4
• /
• pp.383-389
• /
• 2009

The main objective of the research is a feasibility study on the intertidal zone using a X-band radar satellite, TerraSAR-X. The TerraSAR-X data have been acquired in the west coast of Korea where large tidal flats, Ganghwa and Yeongjong tidal flats, are developed. Investigations include: 1) waterline and backscattering characteristics of the high resolution X-band images in tidal flats; 2) polarimetric signature of halophytes (or salt marsh plants), specifically Suaeda japonica; and 3) phase and coherence of interferometric pairs. Waterlines from TerraSAR-X data satisfy the requirement of horizontal accuracy of 60 m that corresponds to 20 cm in average height difference while current other spaceborne SAR systems could not meet the requirement. HH-polarization was the best for extraction of waterline, and its geometric position is reliable due to the short wavelength and accurate orbit control of the TerraSAR-X. A halophyte or salt marsh plant, Suaeda japonica, is an indicator of local sea level change. From X-band ground radar measurements, a dual polarization of VV/VH-pol. is anticipated to be the best for detection of the plant with about 9 dB difference at 35 degree incidence angle. However, TerraSAR-X HH/TV dual polarization was turned to be more effective for salt marsh monitoring. The HH-HV value was the maximum of about 7.9 dB at 31.6 degree incidence angle, which is fairly consistent with the results of X-band ground radar measurement. The boundary of salt marsh is effectively traceable specifically by TerraSAR-X cross-polarization data. While interferometric phase is not coherent within normal tidal flat, areas of salt marsh where the landization is preceded show coherent interferometric phases regardless of seasons or tide conditions. Although TerraSAR-X interferometry may not be effective to directly measure height or changes in tidal flat surface, TanDEM-X or other future X-band SAR tandem missions within one-day interval would be useful for mapping tidal flat topography.