• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.31-38
• /
• 2021

Tor, known as Onion Router, guarantees strong anonymity. For this reason, Tor is actively used not only for criminal activities but also for hacking attempts such as rapid port scan and the ex-filtration of stolen credentials. Therefore, fast and accurate detection of Tor traffic is critical to prevent the crime attempts in advance and secure the organization's information system. This paper proposes a novel classification model that can detect Tor traffic and classify the traffic types based on CNN(Convolutional Neural Network). We use UNB Tor 2016 Dataset to evaluate the performance of our model. The experimental results show that the accuracy is 99.98% and 97.27% in binary classification and multiclass classification respectively.

• Journal of Korea Multimedia Society
• /
• v.19 no.11
• /
• pp.1852-1861
• /
• 2016

Drowsy driving is a significant factor in traffic accidents, so driver drowsiness detection system based on computer vision for convenience and safety has been actively studied. However, it is difficult to accurately detect the driver drowsiness in complex background and environmental change. In this paper, it proposed the driver drowsiness detection algorithm to determine whether the driver is drowsy through the measurement standard of a yawn, eyes drowsy status, and nod based on facial features. The proposed algorithm detect the driver drowsiness in the complex background, and it is robust to changes in the environment. The algorithm can be applied in real time because of the processing speed faster. Throughout the experiment, we confirmed that the algorithm reliably detected driver drowsiness. The processing speed of the proposed algorithm is about 0.084ms. Also, the proposed algorithm can achieve an average detection rate of 98.48% and 97.37% for a yawn, drowsy eyes, and nod in the daytime and nighttime.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.10
• /
• pp.4176-4197
• /
• 2020

Botnet is a type of dangerous malware. Botnet attack with a collection of bots attacking a similar target and activity pattern is called bot group activities. The detection of bot group activities using intrusion detection models can only detect single bot activities but cannot detect bots' behavioral relation on bot group attack. Detection of bot group activities could help network administrators isolate an activity or access a bot group attacks and determine the relations between bots that can measure the correlation. This paper proposed a new model to measure the similarity between bot activities using the intersections-probability concept to define bot group activities called as B-Corr Model. The B-Corr model consisted of several stages, such as extraction feature from bot activity flows, measurement of intersections between bots, and similarity value production. B-Corr model categorizes similar bots with a similar target to specify bot group activities. To achieve a more comprehensive view, the B-Corr model visualizes the similarity values between bots in the form of a similar bot graph. Furthermore, extensive experiments have been conducted using real botnet datasets with high detection accuracy in various scenarios.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.9-19
• /
• 2019

Service and users over the Internet are increasing rapidly. Cyber attacks are also increasing. As a result, information leakage and financial damage are occurring. Government, public agencies, and companies are using security systems that use signature-based detection rules to respond to known malicious codes. However, it takes a long time to generate and validate signature-based detection rules. In this paper, we propose and develop signature based detection rule generation and verification systems using the signature extraction scheme developed based on the LDA(latent Dirichlet allocation) algorithm and the traffic analysis technique. Experimental results show that detection rules are generated and verified much more quickly than before.

• Journal of Korea Society of Industrial Information Systems
• /
• v.27 no.1
• /
• pp.11-18
• /
• 2022

The use of multi-spectral cameras is essential for day and night pedestrian detection. In this paper, a color camera and a thermal imaging infrared camera were used to detect pedestrians near a crosswalk for 24 hours at an intersection with a high risk of traffic accidents. For pedestrian detection, the YOLOv5 object detector was used, and the detection performance was improved by using color images and thermal images at the same time. The proposed system showed a high performance of 0.940 mAP in the day/night multi-spectral (color and thermal image) pedestrian dataset obtained from the actual crosswalk site.

• Smart Structures and Systems
• /
• v.2 no.3
• /
• pp.275-293
• /
• 2006

For health monitoring purpose usually the structure is instrumented with a large scale and multichannel measurement system. In case of highway bridges, operating vehicle could be utilized to reduce the number of measuring devices. First this paper presents a static damage detection algorithm of using operating vehicle load. The technique has been validated by finite element simulation and simple laboratory test. Next the paper presents an approach of using this technique to field application. Here operating vehicle load data has been used by instrumenting the bridge at single location. This approach gives an upper hand to other sophisticated global damage detection methods since it has the potential of reducing the measuring points and devices. It also avoids the application of artificial loading and interruption of any traffic flow.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.1A
• /
• pp.1-6
• /
• 2008

TDM-PON has a disadvantage that entire PON system gets into trouble when only one ONU is out of order and sends optical signal constantly. This paper suggests a scheme to find the fault location. TDMA is impossible when upstream traffic is interrupted by continuous wave signal from a troubled ONU. Therefore, CDMA coding is introduced in separating fault ONUs, and detection algorithm is verified.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.112-114
• /
• 2021

In order to detect urban conditions, the number of means of transportation and traffic flow are essential factors to be identified. This paper improved the detection system capabilities shown in previous studies using the SwinTransformer model, which showed higher performance than existing convolutional neural networks, by learning various vehicle types using existing Mask R-CNN and introducing today's widely used transformer model to detect certain types of vehicles in urban aerial images.

• The KIPS Transactions:PartD
• /
• v.17D no.2
• /
• pp.87-102
• /
• 2010

A vast amount of traffic data is produced every day from detection devices but this data includes a considerable amount of errors and missing values. Moreover, this information is periodically deleted before it could be used as important analysis information. Therefore, this paper discusses the implementation of an integrated traffic history database system that continuously stores the traffic data as a multidimensional model and increases the validity and completeness of the data via a flow of processing steps, and provides a what-if analysis function. The implemented system provides various techniques to correct errors and missing data patterns, and a what-if analysis function that enables the analysis of results under various conditions by allowing the flexible definition of various process related environment variables and combinations of the processing flows. Such what-if analysis functions dramatically increase the usability of traffic data but are not provided by other traffic data systems. Experimantal results for cleaning the traffic history data showed that it provides superior performance in terms of validity and completeness.

• Annual Conference of KIPS
• /
• 2017.04a
• /
• pp.315-318
• /
• 2017

Nowadays, Distributed Denial of Service (DDoS) attacks have gained increasing popularity and have been a major factor in a number of massive cyber-attacks. It could easily exhaust the computing and communicating resources of a victim within a short period of time. Therefore, we have to find the method to detect and prevent the DDoS attack. Recently, there have been some researches that provide the methods to resolve above problem, but it still gets some limitations such as low performance of detecting and preventing, scope of method, most of them just use on cloud server instead of network, and the reliability in the network. In this paper, we propose solutions for (1) handling multiple DDoS attacks from multiple IP address and (2) handling the suspicious attacks in the network. For the first solution, we assume that there are multiple attacks from many sources at a times, it should be handled to avoid the conflict when we setup the preventing rule to switches. In the other, there are many attacks traffic with the low volume and same destination address. Although the traffic at each node is not much, the traffic at the destination is much more. So it is hard to detect that suspicious traffic with the sampling based method at each node, our method reroute the traffic to another server and make the analysis to check it deeply.