• Journal of Internet Computing and Services
• /
• v.19 no.1
• /
• pp.1-10
• /
• 2018

Network threats such as Internet worms and computer viruses have been significantly increasing. In particular, APTs(Advanced Persistent Threats) and ransomwares become clever and complex. IDSes(Intrusion Detection Systems) have performed a key role as information security solutions during last few decades. To use an IDS effectively, IDS rules must be written properly. An IDS rule includes a key signature and is incorporated into an IDS. If so, the network threat containing the signature can be detected by the IDS while it is passing through the IDS. However, it is challenging to find a key signature for a specific network threat. We first need to analyze a network threat rigorously, and write a proper IDS rule based on the analysis result. If we use a signature that is common to benign and/or normal network traffic, we will observe a lot of false alarms. In this paper, we propose a scheme that analyzes a network threat and extracts key signatures corresponding to the threat. Specifically, our proposed scheme quantifies the degree of correspondence between a network threat and a signature using the LDA(Latent Dirichlet Allocation) algorithm. Obviously, a signature that has significant correspondence to the network threat can be utilized as an IDS rule for detection of the threat.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.11 no.5
• /
• pp.7-14
• /
• 2012

We frequently confront with cars interfering into our lane on the ramp. We suffered from serious traffic congestion due to the interfering cars. But the police enforcement has not done actively because it's hard to enforce. In this study, we have evaluated the systems to enforce cutting-in cars through the field test. Generally, the image processing method depends on the weather. To overcome this limitation we proposed a new algorithm combined with section detection method. In the filed test we concluded the results as follows. Whereas the violation detection rate of the general image processing was 58.2%, a new algorithm proposed by this study was 74.5%. And, an error rate enforcing vehicles that do not violate was 0.0%. Also, we can use the existing facilities, such as street light because of compact and lightweight systems which are integrated camera with controller. Therefore, we concluded that it is possible to enforce the interfering Cars using vehicle enforcement systems.

• Journal of Korean Society of Transportation
• /
• v.20 no.5
• /
• pp.163-174
• /
• 2002

Speeding has been reported as one of the major causes for fatal traffic accidents in Korea. The resolution against this dangerous speeding comes to make the automated speed enforcement system an enforcement tool. The speed detection device, which measures speeds of each incoming vehicles using double loop sensors, requires high accuracy. The object of this study is to develop an accurate speed measurement algorithm using double loop detectors. Some important findings are summarized as follows: 1) It was found that speed measurement errors are caused by scanning rate, distance of two loops, irregular vehicle trajectories, multiple vehicles in detection zone. 2) A proposed algorithm using two signal set proved to reduce variance as well as mean of speed measurement. 3) A proposed filtering algorithm was effective to filter irregular driving vehicles and multiple vehicles in detection zone. A comprehensive field test of developed algorithm resulted in significant improvement of speed measurement accuracy.

• Proceedings of the KSR Conference
• /
• 2008.11b
• /
• pp.687-694
• /
• 2008

Given the daily tactical schedule, the purpose of the traffic management system is to develop operating plan that will achieve the stated schedule as best as possible. The operating plan has to be modified during the day because of occurring disturbance(e.g. delay, infrastructure breakdown, etc.) Conflict detection and resolution(CDRS) are aimed for adjusting the distorted schedule to tactical schedule. Our research separate CDRS into two hierarchy modules, line conflict control module and station conflict control module. We define the role of each modules and design the cooperative architecture. We suggest the conflict detection and resolution approach based on mathematical model. These results can be implemented as prototype modules.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.4
• /
• pp.1224-1248
• /
• 2022

In various sensor network applications, such as climate observation organizations, sensor nodes need to collect information from time to time and pass it on to the recipient of information through multiple bounces. According to field tests, this information corresponds to most of the energy use of the sensor hub. Decreasing the measurement of information transmission in sensor networks becomes an important issue.Compression sensing (CS) can reduce the amount of information delivered to the network and reduce traffic load. However, the total number of classification of information delivered using pure CS is still enormous. The hybrid technique for utilizing CS was proposed to diminish the quantity of transmissions in sensor networks.Further the energy productivity is a test task for the sensor nodes. However, in previous studies, a clustering approach using hybrid CS for a sensor network and an explanatory model was used to investigate the relationship between beam size and number of transmissions of hybrid CS technology. It uses efficient data integration techniques for large networks, but leads to clone attacks or attacks. Here, a new algorithm called SBEA (Snowball Endurance Algorithm) was proposed and tested with a bow. Thus, you can extend the battery life of your WSN by running effective copy detection. Often, multiple nodes, called observers, are selected to verify the reliability of the nodes within the network. Personal data from the source centre (e.g. personality and geographical data) is provided to the observer at the optional witness stage. The trust and reputation system is used to find the reliability of data aggregation across the cluster head and cluster nodes. It is also possible to obtain a mechanism to perform sleep and standby procedures to improve the life of the sensor node. The sniffers have been implemented to monitor the energy of the sensor nodes periodically in the sink. The proposed algorithm SBEA (Snowball Endurance Algorithm) is a combination of ERCD protocol and a combined mobility and routing algorithm that can identify the cluster head and adjacent cluster head nodes.This algorithm is used to yield the network life time and the performance of the sensor nodes can be increased.

• Journal of Intelligence and Information Systems
• /
• v.21 no.4
• /
• pp.1-16
• /
• 2015

Traffic accident is one of the major cause of death worldwide for the last several decades. According to the statistics of world health organization, approximately 1.24 million deaths occurred on the world's roads in 2010. In order to reduce future traffic accident, multipronged approaches have been adopted including traffic regulations, injury-reducing technologies, driving training program and so on. Records on traffic accidents are generated and maintained for this purpose. To make these records meaningful and effective, it is necessary to analyze relationship between traffic accident and related factors including vehicle design, road design, weather, driver behavior etc. Insight derived from these analysis can be used for accident prevention approaches. Traffic accident data mining is an activity to find useful knowledges about such relationship that is not well-known and user may interested in it. Many studies about mining accident data have been reported over the past two decades. Most of studies mainly focused on predict risk of accident using accident related factors. Supervised learning methods like decision tree, logistic regression, k-nearest neighbor, neural network are used for these prediction. However, derived prediction model from these algorithms are too complex to understand for human itself because the main purpose of these algorithms are prediction, not explanation of the data. Some of studies use unsupervised clustering algorithm to dividing the data into several groups, but derived group itself is still not easy to understand for human, so it is necessary to do some additional analytic works. Rule based learning methods are adequate when we want to derive comprehensive form of knowledge about the target domain. It derives a set of if-then rules that represent relationship between the target feature with other features. Rules are fairly easy for human to understand its meaning therefore it can help provide insight and comprehensible results for human. Association rule learning methods and subgroup discovery methods are representing rule based learning methods for descriptive task. These two algorithms have been used in a wide range of area from transaction analysis, accident data analysis, detection of statistically significant patient risk groups, discovering key person in social communities and so on. We use both the association rule learning method and the subgroup discovery method to discover useful patterns from a traffic accident dataset consisting of many features including profile of driver, location of accident, types of accident, information of vehicle, violation of regulation and so on. The association rule learning method, which is one of the unsupervised learning methods, searches for frequent item sets from the data and translates them into rules. In contrast, the subgroup discovery method is a kind of supervised learning method that discovers rules of user specified concepts satisfying certain degree of generality and unusualness. Depending on what aspect of the data we are focusing our attention to, we may combine different multiple relevant features of interest to make a synthetic target feature, and give it to the rule learning algorithms. After a set of rules is derived, some postprocessing steps are taken to make the ruleset more compact and easier to understand by removing some uninteresting or redundant rules. We conducted a set of experiments of mining our traffic accident data in both unsupervised mode and supervised mode for comparison of these rule based learning algorithms. Experiments with the traffic accident data reveals that the association rule learning, in its pure unsupervised mode, can discover some hidden relationship among the features. Under supervised learning setting with combinatorial target feature, however, the subgroup discovery method finds good rules much more easily than the association rule learning method that requires a lot of efforts to tune the parameters.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.4
• /
• pp.753-762
• /
• 2024

Tunnels have limited evacuation areas, and It is difficult for cars coming from behind to recognize the accident situation in front. Since an accident is very likely to lead to a serious secondary accident, a IoT-based smart tunnel accident warning system was studied to prepare for traffic accidents that occur in tunnels. If the measured values from the flame detection sensor, gas detection sensor, and shock detection sensor in the tunnel exceed the standard, it is judged to be an emergency situation and an alert system is designed to operate. The accident information message was designed to be displayed on the LCD and transmitted to drivers inside and outside the tunnel through a Wi-Fi communication network. A performance test system was established and performance evaluation was performed for several accident scenarios. As a result of the test, it was confirmed that the accident alert system can accurately detect accidents based on given reference values, perform alert procedures, and transmit alert messages to smart phones through Wi-Fi wireless communication. And through this, its effectiveness could be confirmed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.584-587
• /
• 2012

MANET, which can be constructed with only terminal devices, has structural advantages of ease installation and operation, also has environmental change of rapid supply of smart phone, it's usage can be extended to application area likes as emergency communication, leasure, exploration and investigations. But, as one characteristic of MANET, no use of communicaton infrastructure caused disadvantage of weakness for information intrusion which is frequently occurred, nowadays. In this paper, the effects of IDS(Intrusion Detection System), one of defence tools for information intrusion, is analyzed for transmission performance. Blackhole attack is assumed as a type of intrusion, MANET defence with IDS from intrusions. Computer simulation based on NS-2 used for performance measurement. In this paper, performance measurement is done for application service to analyze application level effects of IDS. VoIP service is used as application service.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.2
• /
• pp.1-7
• /
• 2012

DDoS attack is a malicious attempt to exhaust resources of target system and network capacities using lots of distributed zombi systems. DDoS attack introduced in early 2000 has being evolved over time and presented in a various form of attacks. This paper proposes a scheme to detect DDoS attacks and to reduce possibility of such attacks that are especially based on vulnerabilities presented by using control packets of existing network protocols. To cope with DDoS attacks, the proposed scheme utilizes a buffer management techniques commonly used for congestion control in Internet. Our scheme is not intended to detect DDoS attacks perfectly but to minimize possibility of overloading of internal system and to mitigate possibility of attacks by discarding control packets at the time of detecting DDoS attacks. In addition, the detection module of our scheme can adapt dynamically to instantly increasing traffic unlike previously proposed schemes.