• Journal of Intelligence and Information Systems
• /
• v.17 no.4
• /
• pp.157-173
• /
• 2011

As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. This means the fatal damage can be caused by these intrusions in the government agency, public office, and company operating various systems. For such reasons, there are growing interests and demand about the intrusion detection systems (IDS)-the security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. The intrusion detection models that have been applied in conventional IDS are generally designed by modeling the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. These kinds of intrusion detection models perform well under the normal situations. However, they show poor performance when they meet a new or unknown pattern of the network attacks. For this reason, several recent studies try to adopt various artificial intelligence techniques, which can proactively respond to the unknown threats. Especially, artificial neural networks (ANNs) have popularly been applied in the prior studies because of its superior prediction accuracy. However, ANNs have some intrinsic limitations such as the risk of overfitting, the requirement of the large sample size, and the lack of understanding the prediction process (i.e. black box theory). As a result, the most recent studies on IDS have started to adopt support vector machine (SVM), the classification technique that is more stable and powerful compared to ANNs. SVM is known as a relatively high predictive power and generalization capability. Under this background, this study proposes a novel intelligent intrusion detection model that uses SVM as the classification model in order to improve the predictive ability of IDS. Also, our model is designed to consider the asymmetric error cost by optimizing the classification threshold. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, when considering total cost of misclassification in IDS, it is more reasonable to assign heavier weights on FNE rather than FPE. Therefore, we designed our proposed intrusion detection model to optimize the classification threshold in order to minimize the total misclassification cost. In this case, conventional SVM cannot be applied because it is designed to generate discrete output (i.e. a class). To resolve this problem, we used the revised SVM technique proposed by Platt(2000), which is able to generate the probability estimate. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 1,000 samples from them by using random sampling method. In addition, the SVM model was compared with the logistic regression (LOGIT), decision trees (DT), and ANN to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell 4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on SVM outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that our model reduced the total misclassification cost compared to the ANN-based intrusion detection model. As a result, it is expected that the intrusion detection model proposed in this paper would not only enhance the performance of IDS, but also lead to better management of FNE.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.3
• /
• pp.1-12
• /
• 2022

In the event of a maritime distress accident, rapid search and rescue operations using rescue assets are very important to ensure the safety and life of drowning person's at sea. In this paper, we analyzed the surface layer current in the northwest sea area of Ulleungdo by applying machine learning such as multiple linear regression, decision tree, support vector machine, vector autoregression, and LSTM to the meteorological information collected from the maritime observation buoy. And we predicted the drowning person's route at sea based on the predicted current direction and speed information by constructing each prediction model. Comparing the various machine learning models applied in this paper through the performance evaluation measures of MAE and RMSE, the LSTM model is the best. In addition, LSTM model showed superior performance compared to the other models in the view of the difference distance between the actual and predicted movement point of drowning person.

• Journal of Intelligence and Information Systems
• /
• v.18 no.1
• /
• pp.125-141
• /
• 2012

These days, the malicious attacks and hacks on the networked systems are dramatically increasing, and the patterns of them are changing rapidly. Consequently, it becomes more important to appropriately handle these malicious attacks and hacks, and there exist sufficient interests and demand in effective network security systems just like intrusion detection systems. Intrusion detection systems are the network security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. Conventional intrusion detection systems have generally been designed using the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. However, they cannot handle new or unknown patterns of the network attacks, although they perform very well under the normal situation. As a result, recent studies on intrusion detection systems use artificial intelligence techniques, which can proactively respond to the unknown threats. For a long time, researchers have adopted and tested various kinds of artificial intelligence techniques such as artificial neural networks, decision trees, and support vector machines to detect intrusions on the network. However, most of them have just applied these techniques singularly, even though combining the techniques may lead to better detection. With this reason, we propose a new integrated model for intrusion detection. Our model is designed to combine prediction results of four different binary classification models-logistic regression (LOGIT), decision trees (DT), artificial neural networks (ANN), and support vector machines (SVM), which may be complementary to each other. As a tool for finding optimal combining weights, genetic algorithms (GA) are used. Our proposed model is designed to be built in two steps. At the first step, the optimal integration model whose prediction error (i.e. erroneous classification rate) is the least is generated. After that, in the second step, it explores the optimal classification threshold for determining intrusions, which minimizes the total misclassification cost. To calculate the total misclassification cost of intrusion detection system, we need to understand its asymmetric error cost scheme. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, total misclassification cost is more affected by FNE rather than FPE. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 10,000 samples from them by using random sampling method. Also, we compared the results from our model with the results from single techniques to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell R4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on GA outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that the proposed model outperformed all the other comparative models in the total misclassification cost perspective. Consequently, it is expected that our study may contribute to build cost-effective intelligent intrusion detection systems.

• The Journal of Korea Robotics Society
• /
• v.12 no.2
• /
• pp.173-183
• /
• 2017

This paper proposes an integrated positioning system to localize a moving object in the shadow-area that exists in the water tank. The new water tank for underwater robots is constructed to evaluate the navigation performance of underwater vehicles. Several sensors are integrated in the water tank to provide the position information of the underwater vehicles. However there are some areas where the vehicle localization becomes very poor since the very limited sensors such as sonar and depth sensors are effective in underwater environment. Also there are many disturbances at sonar data. To reduce these disturbances, an extended Kalman filter has been adopted in this research. To localize the underwater vehicles under the hostile situations, a SVR (Support Vector Regression) has been systematically applied for estimating the position stochastically. To demonstrate the performance of the proposed algorithm (an extended Kalman filter + SVR analysis), a new UI (User Interface) has been developed.

• Nuclear Engineering and Technology
• /
• v.52 no.6
• /
• pp.1188-1200
• /
• 2020

In this paper, we consider a SDMS (Self-Diagnostic Monitoring System) for a reciprocating pump for the purpose of not only diagnosis but also prognosis. We have replaced a multi class estimator that selects only the most probable one with a multi label estimator such that we are able to see the state of each of the components. We have introduced a measure called certainty so that we are able to represent the symptom and its state. We have built a flow loop for a reciprocating pump system and presented some results. With these changes, we are not only able to detect both the dominant symptom as well as others but also to monitor how the degree of severity of each component changes. About the dominant ones, we found that the overall recognition rate of our algorithm is about 99.7% which is slightly better than that of the former SDMS. Also, we are able to see the trend and to make a base to find prognostics to estimate the remaining useful life. With this we hope that we have gone one step closer to the final goal of prognosis of SDMS.

• ETRI Journal
• /
• v.42 no.3
• /
• pp.311-323
• /
• 2020

Encrypted traffic classification plays a vital role in cybersecurity as network traffic encryption becomes prevalent. First, we briefly introduce three traffic encryption mechanisms: IPsec, SSL/TLS, and SRTP. After evaluating the performances of support vector machine, random forest, naïve Bayes, and logistic regression for traffic classification, we propose the combined approach of entropy estimation and artificial neural networks. First, network traffic is classified as encrypted or plaintext with entropy estimation. Encrypted traffic is then further classified using neural networks. We propose using traffic packet's sizes, packet's inter-arrival time, and direction as the neural network's input. Our combined approach was evaluated with the dataset obtained from the Canadian Institute for Cybersecurity. Results show an improved precision (from 1 to 7 percentage points), and some application classification metrics improved nearly by 30 percentage points.

• Journal of Soil and Groundwater Environment
• /
• v.21 no.3
• /
• pp.21-34
• /
• 2016

In the present study, we applied various machine learning techniques comparatively for prediction of subsurface structures based on multiple secondary information (i.e., well-logging data). The machine learning techniques employed in this study are Naive Bayes classification (NB), artificial neural network (ANN), support vector machine (SVM) and logistic regression classification (LR). As an alternative model, conventional hidden Markov model (HMM) and modified hidden Markov model (mHMM) are used where additional information of transition probability between primary properties is incorporated in the predictions. In the comparisons, 16 boreholes consisted with four different materials are synthesized, which show directional non-stationarity in upward and downward directions. Futhermore, two types of the secondary information that is statistically related to each material are generated. From the comparative analysis with various case studies, the accuracies of the techniques become degenerated with inclusion of additive errors and small amount of the training data. For HMM predictions, the conventional HMM shows the similar accuracies with the models that does not relies on transition probability. However, the mHMM consistently shows the highest prediction accuracy among the test cases, which can be attributed to the consideration of geological nature in the training of the model.

• Journal of Electrical Engineering and Technology
• /
• v.10 no.3
• /
• pp.1342-1348
• /
• 2015

The objective of this study is to propose a method to calculate prediction intervals for one-day-ahead hourly forecasts of photovoltaic power generation and to evaluate its performance. One year of data of two systems, representing contrasting examples of forecast’ accuracy, were used. The method is based on the maximum likelihood estimation, the similarity between the input data of future and past forecasts of photovoltaic power, and on an assumption about the distribution of the error of the forecasts. Two assumptions for the forecast error distribution were evaluated, a Laplacian and a Gaussian distribution assumption. The results show that the proposed method models well the photovoltaic power forecast error when the Laplacian distribution is used. For both systems and intervals calculated with 4 confidence levels, the intervals contained the true photovoltaic power generation in the amount near to the expected one.

• Journal of Multimedia Information System
• /
• v.3 no.2
• /
• pp.35-42
• /
• 2016

Electrocardiogram (ECG) signal gives a clear indication whether the heart is at a healthy status or not as the early notification of a cardiac problem in the heart could save the patient's life. Several methods were launched to clarify how to diagnose the abnormality over the ECG signal waves. However, some of them face the problem of lack of accuracy at diagnosis phase of their work. In this research, we present an accurate and successive method for the diagnosis of abnormality through Discrete Wavelet Transform (DWT), QRS complex detection and Support Vector Machines (SVM) classification with overall accuracy rate 95.26%. DWT Refers to sampling any kind of discrete wavelet transform, while SVM is known as a model with related learning algorithm, which is based on supervised learning that perform regression analysis and classification over the data sample. We have tested the ECG signals for 10 patients from different file formats collected from PhysioNet database to observe accuracy level for each patient who needs ECG data to be processed. The results will be presented, in terms of accuracy that ranged from 92.1% to 97.6% and diagnosis status that is classified as either normal or abnormal factors.

• Communications for Statistical Applications and Methods
• /
• v.16 no.6
• /
• pp.1005-1012
• /
• 2009

The area under the curve(AUC) is commonly used as a measure of the receiver operating characteristic(ROC) curve which displays the performance of a set of binary classifiers for all feasible ratios of the costs associated with true positive rate(TPR) and false positive rate(FPR). In the bipartite ranking problem where one has to compare two different observations and decide which one is "better", the AUC measures the quantity that ranking score of a randomly chosen sample in one class is larger than that of a randomly chosen sample in the other class and hence, the function which maximizes an AUC of bipartite ranking problem is different to the function which maximizes (minimizes) accuracy (misclassification error rate) of binary classification problem. In this paper, we develop a way to construct the unified framework for AUC maximizer including support vector machines based on maximizing large margin and logistic regression based on estimating posterior probability. Moreover, we develop an efficient algorithm for the proposed unified framework. Numerical results show that the propose unified framework can treat various methodologies successfully.