• The KIPS Transactions:PartC
• /
• v.15C no.5
• /
• pp.351-358
• /
• 2008

Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems(IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network environment. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. Secondly, we use a machine learning approach based on a Support Vector Machine(SVM) for attack classification. Using MIB and SVM, we achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. The proposed mechanism is constructed in a hierarchical structure, which first distinguishes attack traffic from normal traffic and then determines the type of attacks in detail. Using MIB data sets collected from real experiments involving a DDoS attack, we validate the possibility of our approaches. It is shown that network attacks are detected with high efficiency, and classified with low false alarms.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.5 no.1 s.9
• /
• pp.31-43
• /
• 2006

As of March 2005, the standard of traffic signal controllers became effective. The standard presents specifications and functions of a traffic signal controller which collects traffic information, sends it to the traffic control center, and controls traffic signal with adequate traffic signal timing provided by the traffic control center. Since the controllers by the previous standard lack parts compatibility and have different control functions and communication protocol, the maintenance cost has been increased. Also, some important functions like conflict detection have not worked out perfectly. To overcome these disadvantages, first of all, this standard secures hardware compatibility. Conflict detection method has been enhanced. Communication protocol to the traffic control center was included in the standard. With this standard, independent maintenance system and prompt treatment of hardware malfunctions becomes possible. Also, the unified intersection traffic control method will increase traffic safety.

• Journal of Communications and Networks
• /
• v.12 no.4
• /
• pp.375-381
• /
• 2010

A flooding attack, such as DoS or Worm, can be easily created or even downloaded from the Internet, thus, it is one of the main threats to servers on the Internet. This paper presents an online real-time network response system, which can determine whether a LAN is suffering from a flooding attack within a very short time unit. The detection engine of the system is based on the incremental mining of fuzzy association rules from network packets, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The incremental mining approach makes the system suitable for detecting, and thus, responding to an attack in real-time. This system is evaluated by 47 flooding attacks, only one of which is missed, with no false positives occurring. The proposed online system belongs to anomaly detection, not misuse detection. Moreover, a mechanism for dynamic firewall updating is embedded in the proposed system for the function of eliminating suspicious connections when necessary.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.2
• /
• pp.277-284
• /
• 2016

Various network attacks such as DDoS(Distributed Denial of service) and orm are one of the biggest problems in the modern society. These attacks reduce the quality of internet service and caused the cyber crime. To solve the above problem, signature based IDS(Intrusion Detection System) has been developed by network vendors. It has a high detection rate by using database of previous attack signatures or known malicious traffic pattern. However, signature based IDS have the fatal weakness that the new types of attacks can not be detected. The reason is signature depend on previous attack signatures. In this paper, we propose a k-means clustering based malicious traffic detection method to complement the problem of signature IDS. In order to demonstrate efficiency of the proposed method, we apply the bayesian theorem.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.20 no.3
• /
• pp.277-284
• /
• 2014

This paper describes the application method of bumper area defined in the ship domain theory and it is to identify risky sectors in VTS(Vessel Traffic Services) area. The final goal of this work is to develop early warning system providing the location information with high traffic risks in Mokpo VTS area and to prevent the human errors of VTS Officer(VTSO). The current goal of this paper is to find evaluation and detection method of risky sectors. The ratio between overlapped bumper area of each vessels and the summing area of a designated sector, Ratio to Evaluate Risk(RER) ${\gamma}$ is used as one of evaluation and detection parameter. The usability of overlapped bumper area is testified through three kinds of scenarios for various traffic situations. The marine traffic data used in the experiments is collected by AIS(Automatic Identification System) receiver and then compiled in the SQL(Structured Query Language) Server. Through the analysis of passing vessel's tracks within the boundary of Mokpo VTS area, the total of 11 sectors are identified as evaluation unit sector. As experiment results from risk evaluation for the 11 sectors, it is clearly known that the proposed method with RER ${\gamma}$ can provide the location information of high risky sectors which are need to keep traffic tracks of vessel movements and to maintain traffic monitoring by VTSO.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.12
• /
• pp.123-132
• /
• 2021

Malicious activities of Botnets are responsible for huge financial losses to Internet Service Providers, companies, governments and even home users. In this paper, we try to confirm the possibility of detecting botnet traffic by applying the deep learning model Convolutional Neural Network (CNN) using the CTU-13 botnet traffic dataset. In particular, we classify three classes, such as the C&C traffic between bots and C&C servers to detect C&C servers, traffic generated by bots other than C&C communication to detect bots, and normal traffic. Performance metrics were presented by accuracy, precision, recall, and F1 score on classifying both known and unknown botnet traffic. Moreover, we propose a stackable botnet detection system that can load modules for each botnet type considering scalability and operability on the real field.

• Journal of Radiation Protection and Research
• /
• v.35 no.4
• /
• pp.167-171
• /
• 2010

Fixed radiation portal monitors (RPMs) deployed at border, seaport, airport and key traffic checkpoints have played an important role in preventing the illicit trafficking and transport of nuclear and radioactive materials. However, the RPM is usually large and heavy and can't easily be moved to different locations. These reasons motivate us to develop a mobile radiation detection system. The objective of this paper is to report our experience on developing the mobile radiation detection system for search and detection of nuclear and radioactive materials during road transport. Field tests to characterize the developed detection system were performed at various speeds and distances between the radioactive isotope (RI) transporting car and the measurement car. Results of measurements and detection limits of our system are described in this paper. The mobile radiation detection system developed should contribute to defending public's health and safety and the environment against nuclear and radiological terrorism by detecting nuclear or radioactive material hidden illegally in a vehicle.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.3
• /
• pp.58-64
• /
• 2021

As the number of registered vehicles increases, traffic congestion will worsen worse, which may act as an inhibitory factor for urban social and economic development. Through accurate traffic flow prediction, various AI techniques have been used to prevent traffic congestion. This paper uses the data from a VDS (Vehicle Detection System) as input variables. This study predicted traffic flow in five levels (free flow, somewhat delayed, delayed, somewhat congested, and congested), rather than predicting traffic flow in two levels (free flow and congested). The Catboost model, which is a machine-learning algorithm, was used in this study. This model predicts traffic flow in five levels and compares and analyzes the accuracy of the prediction with other algorithms. In addition, the preprocessed model that went through RandomizedSerachCv and One-Hot Encoding was compared with the naive one. As a result, the Catboost model without any hyper-parameter showed the highest accuracy of 93%. Overall, the Catboost model analyzes and predicts a large number of categorical traffic data better than any other machine learning and deep learning models, and the initial set parameters are optimized for Catboost.

• Journal of the Korean Society of Safety
• /
• v.32 no.4
• /
• pp.114-121
• /
• 2017

In order to overcome the limitations of the mobile speed system for 1 lane, this study is used a multi-laser beam to develop a mobile speed measuring system, using a multi-phase beam. By using multi-laser beam, least squares algorithms and speed error processing algorithms were developed to improve speed accordancy and speed error rates compared to conventional mobile speed meters using a single laser beam. A field test showed that 80.0 percent of 3 lane and 87.0 percent of 4 lane were appropriate for the mobile speed system. With the development of the mobile speed measuring system, it is expected to dramatically reduce the accidents caused by the speed of traffic. It is also expected to effectively operate equipment and manage the cost by improving manpower and providing improved enforcement accuracy, by contributing positively to public institution and public affairs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.2
• /
• pp.610-630
• /
• 2020

A large number of people suffered from traffic accidents each year, so people pay more attention to traffic safety. However, the traditional methods use laser sensors to calculate the vehicle distance at a very high cost. In this paper, we propose a method based on deep learning to calculate the vehicle distance with a monocular camera. Our method is inexpensive and quite convenient to deploy on the mobile platforms. This paper makes two contributions. First, based on Light-Head RCNN, we propose a new vehicle detection framework called Light-Car Detection which can be used on the mobile platforms. Second, the planar homography of projective geometry is used to calculate the distance between the camera and the vehicles ahead. The results show that our detection system achieves 13FPS detection speed and 60.0% mAP on the Adreno 530 GPU of Samsung Galaxy S7, while only requires 7.1MB of storage space. Compared with the methods existed, the proposed method achieves a better performance.