• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.29 no.8
• /
• pp.40-48
• /
• 2015

In this paper, battery charging and discharging circuit with a single voltage power supply is proposed. The proposed circuit has the separated current path and charging-monitoring sequence control scheme. In the charging sequence, the proposed 2-level comparator combined with control signal of the micro-processor can control the constant charging current to protect the over current of the battery. Furthermore, the proposed circuit uses a periodic main power switch control to detect the discharging characteristics to estimate the approximated battery life-time. In the experiments, the proposed emergency power supply for emergency call system has 89% efficiency with 98% power factor. And the proposed sequence control scheme is well operated in the designed emergency power system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.7
• /
• pp.2736-2754
• /
• 2015

Android dominates the mobile operating system market, which stimulates the rapid spread of mobile malware. It is quite challenging to detect mobile malware. System call sequence analysis is widely used to identify malware. However, the malware detection accuracy of existing approaches is not satisfactory since they do not consider correlation of system calls in the sequence. In this paper, we propose a new scheme called Artificial Neural Networks (ANNs) on Co-occurrence Matrices Droid (ANNCMDroid), using co-occurrence matrices to mine correlation of system calls. Our key observation is that correlation of system calls is significantly different between malware and benign software, which can be accurately expressed by co-occurrence matrices, and ANNs can effectively identify anomaly in the co-occurrence matrices. Thus at first we calculate co-occurrence matrices from the system call sequences and then convert them into vectors. Finally, these vectors are fed into ANN to detect malware. We demonstrate the effectiveness of ANNCMDroid by real experiments. Experimental results show that only 4 applications among 594 evaluated benign applications are falsely detected as malware, and only 18 applications among 614 evaluated malicious applications are not detected. As a result, ANNCMDroid achieved an F-Score of 0.981878, which is much higher than other methods.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.11
• /
• pp.2341-2348
• /
• 2009

An intrusion detection technique based on host consider system call sequence or system call arguments. These two ways are suitable when system call sequence or order and length of system call arguments are out of order. However, there are two disadvantages which a false positive rate and a false negative rate are high. In this paper we propose the T-N2SCD detection model based on Time Window in order to reduce false positive rate and false negative rate. Data for using this experiment is provided from DARPA. As experimental results, the proposed model showed that the false positive rate and the false negative rate are lowest at an interval of 1000ms than at different intervals.

• Journal of KIISE
• /
• v.44 no.11
• /
• pp.1125-1129
• /
• 2017

LSTM(Long Short-term Memory) is a kind of RNN(Recurrent Neural Network) in which a next-state is updated by remembering the previous states. The information of calling a sequence in a malware can be defined as system call function that is called at each time. In this paper, we use calling sequences of system calls in malware codes as input for malware classification to utilize the feature remembering previous states via LSTM. We run an experiment to show that our method can classify malware and measure accuracy by changing the length of system call sequences.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.26 no.12B
• /
• pp.1677-1685
• /
• 2001

In this paper, we propose a call admission control scheme that can be performed within guaranteeing of required QoS(Quality of Services) in DS-CDMA(Direct Sequence-Code Division Multiple Access) reverse link. It has been performed rely on a physical channel numberonly and based on quality of received signal from MODEM(modulator/demodulator) part in established study. In other methods, the standard for services would have been set from statistical analysis of users\` location and using received power level in BTS(Base Transceiver Station). These ways bring about not only system loads but time delay or great differences from real environment. To solve these problems, we propose a call drop rate estimation algorithm for the purpose of call admission control based on measured value at LNA(Low Noise Amplifier) ports of BTS(Base Transceiver Station) in real time. This method proposed in this paper estimates a quality of offered service in real time, reduce system loads and shorten time delay which is needed to determine the standard for call admission control. But it requires a additional 17W complexity which can measure received signal power in BTS and estimate call drop rate.

• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.119-124
• /
• 2003

Although there have been many studies on using finite automata for intrusion detection, it has been a difficult problem to generate compact finite automata automatically. In a previous research an approach to profile normal behaviors using finite automata was proposed. They divided the system call sequence of each process into three parts prefix, main portion, and suffix, and then substituted macros for frequently occurring substrings. However, the procedure was not automatic. In this paper we present algorithms to automatically generate intrusion detection automata from the sequence of system calls resulting from the normal runs of the programs. We also show the effectiveness of the proposed method through experiments.

• Journal of Convergence for Information Technology
• /
• v.12 no.2
• /
• pp.47-53
• /
• 2022

Recently, with the change of the intelligent security paradigm, study to apply various information generated from various information security systems to AI-based anomaly detection is increasing. Therefore, in this study, in order to convert log-like time series data into a vector, which is a numerical feature, the CBOW and Skip-gram inference methods of deep learning-based Word2Vec model and statistical method based on the coincidence frequency were used to transform the published ADFA system call data. In relation to this, an experiment was carried out through conversion into various embedding vectors considering the dimension of vector, the length of sequence, and the window size. In addition, the performance of the embedding methods used as well as the detection performance were compared and evaluated through GRU-based anomaly detection model using vectors generated by the embedding model as an input. Compared to the statistical model, it was confirmed that the Skip-gram maintains more stable performance without biasing a specific window size or sequence length, and is more effective in making each event of sequence data into an embedding vector.

• The Journal of the Acoustical Society of Korea
• /
• v.17 no.4E
• /
• pp.28-34
• /
• 1998

In most switching system, the processing unit is designed to work efficiently even at relatively high loads, but when the offered traffic exceeds a particular level, the rate of completed calls can fall drastically. A single call handled by the switching system consists of a sequence of events or messages that has to be processed by the control unit. The control unit is not only incapable of handling all of the offered calls, but also its call handling capability can drop as the offered load increases. The real time available for call processing is a critical resource that requires careful management. Therefore, the overloading of this resource must be detected by a subscriber in the from of a dial tone delay or an uncompleted call which is either blocked or mishandled. The subscriber may respond by either dialing prematurely or by re-attempting a call. This action can further escalate the processors load, which is spent for uncompleted calls. Unless a proper control is used, the switching system can finally break down. In this paper, we paper, we propose a fuzzy overload detection and control method for switching systems, which can by generating fuzzy rules via fuzzy aggregation networks. Simulation results involving a switching system is given.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.5
• /
• pp.1066-1072
• /
• 2011

In the method to analyze the relationship in the system call orders, the normal system call orders are divided into a certain size of system call orders to generates gene and use them as the detectors. In the method to consider the system call parameters, the mean and standard deviation of the parameter lengths are used as the detectors. The attack of which system call order is normal but the parameter values are changed, such as the format string attack, cannot be detected by the method that considers only the system call orders, whereas the model that considers only the system call parameters has the drawback of high positive defect rate because of the information obtained from the interval where the attack has not been initiated, since the parameters are considered individually. To solve these problems, it is necessary to develop a more efficient learning and detecting method that groups the continuous system call orders and parameters as the approach that considers various characteristics of system call related to attacking simultaneously. In this article, we detected the anomaly of the system call orders and parameters by applying the temporal concept to the system call orders and parameters in order to improve the rate of positive defect, that is, the misjudgment of anomaly as normality. The result of the experiment where the DARPA data set was employed showed that the proposed method improved the positive defect rate by 13% in the system call order model where time was considered in comparison with that of the model where time was not considered.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.10
• /
• pp.159-166
• /
• 2009

A nature immunity system responds sensitively to an external invasion with various functions in a lot of bodies, besides it there is a function to remember information to have been currently infected. we propose a hybrid model similar to immune system which combine with the antibody which applied genetic algorithm as select antibody and the arbitrary abnormal system call sequence that applied negative selection of a nature immunity system. A proposed model uses an arbitrary abnormal system Kol sequence in order to reduce a positive defect and a negative defect. Data used to experiment are send mail data processed UNM (University of New Maxico). The negative defect that an experiment results proposal model judged system call more abnormal than the existing negative selection to normal system call appeared 0.55% low.