• Smart Media Journal
• /
• v.13 no.4
• /
• pp.48-56
• /
• 2024

In the livestock industry, detecting environmental outliers and predicting data are crucial tasks. Outliers in livestock environment data, typically gathered through time-series methods, can signal rapid changes in the environment and potential unexpected epidemics. Prompt detection and response to these outliers are essential to minimize stress in livestock and reduce economic losses for farmers by early detection of epidemic conditions. This study employs two methods to experiment and compare performances in setting thresholds that define outliers in livestock environment data outlier detection. The first method is an outlier detection using Mean Squared Error (MSE), and the second is an outlier detection using a Dynamic Threshold, which analyzes variability against the average value of previous data to identify outliers. The MSE-based method demonstrated a 94.98% accuracy rate, while the Dynamic Threshold method, which uses standard deviation, showed superior performance with 99.66% accuracy.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.12
• /
• pp.287-296
• /
• 2019

Due to the development and increased usage of Internet services such as IoT and cloud computing, a large number of packets are being generated on the Internet. In order to create a safe Internet environment, malicious data that may exist among these packets must be processed and detected quickly. In this paper, we apply MongoDB, which is specialized for unstructured data analysis and big data processing, to intrusion detection system for rapid processing of big data security events. In addition, building the intrusion detection system(IDS) using some of the private cloud resources which is the target of protection, elastic and dynamic reconfiguration of the IDS is made possible as the number of security events increase or decrease. In order to evaluate the performance of MongoDB - based IDS proposed in this paper, we constructed prototype systems of IDS based on MongoDB as well as existing relational database, and compared their performance. Moreover, the number of virtual machine has been increased to find out the performance change as the IDS is distributed. As a result, it is shown that the performance is improved as the number of virtual machine is increased to make IDS distributed in MongoDB environment but keeping the overall system performance unchanged. The security event input rate based on distributed MongoDB was faster as much as 60%, and distributed MongoDB-based intrusion detection rate was faster up to 100% comparing to the IDS based on relational database.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.27 no.1
• /
• pp.127-134
• /
• 2021

In this study, an anomaly detection (AD) algorithm was implemented to detect the failure of a marine air compressor. A lab-scale experiment was designed to produce fault datasets (time-series electric current measurements) for 10 failure modes of the air compressor. The results demonstrated that the temporal pattern of the datasets showed periodicity with a different period, depending on the failure mode. An AD model with a convolutional autoencoder was developed and trained based on a normal operation dataset. The reconstruction error was used as the threshold for AD. The reconstruction error was noted to be dependent on the AD model and hyperparameter tuning. The AD model was applied to the synthetic dataset, which comprised both normal and abnormal conditions of the air compressor for validation. The AD model exhibited good detection performance on anomalies showing periodicity but poor performance on anomalies resulting from subtle load changes in the motor.

• Journal of the Korea Society for Simulation
• /
• v.18 no.3
• /
• pp.83-90
• /
• 2009

Since wireless sensor networks are deployed in open environments, an attacker can physically capture some sensor nodes. Using information of compromised nodes, an attacker can launch false data injection attacks that report nonexistent events. False data can cause false alarms and draining the limited energy resources of the forwarding nodes. In order to detect and discard such false data during the forwarding process, various security solutions have been proposed. But since they are prevention-based solutions that involve additional operations, they would be energy-inefficient if the corresponding attacks are not launched. In this paper, we propose a detection method that can detect false data injection attacks without extra overheads. The proposed method is designed based on the signature of false data injection attacks that has been derived through simulation. The proposed method detects the attacks based on the number of reporting nodes, the correctness of the reports, and the variation in the number of the nodes for each event. We show the proposed method can detect a large portion of attacks through simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.69-78
• /
• 2004

The change of attack techniques paradigm was begun by fast extension of the latest Internet and new attack form appearing. But, Most intrusion detection systems detect only known attack type as IDS is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, the experiments to apply various techniques of anomaly detection are appearing. In this paper, we propose an behavior profiling method using Bayesian framework based on graphics from audit data and visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate host/network audit data into BF-XML which is behavior profile of semi-structured data type for anomaly detection and to visualize BF-XML as SVG.

• Journal of IKEEE
• /
• v.24 no.2
• /
• pp.475-485
• /
• 2020

Recently, a crowdsensing system that provides a new sensing service with real-time sensing data provided from a user's device including a sensor without installing a separate sensor has attracted attention. In the crowdsensing system, meaningless data may be provided due to a user's operation error or communication problem, or false data may be provided to obtain compensation. Therefore, the detection and removal of the abnormal data determines the quality of the crowdsensing service. The proposed methods in the past to detect these anomalies are not efficient for the fast-changing environment of crowdsensing. This paper proposes an anomaly data detection method by extracting the characteristics of continuously and rapidly changing sensing data environment by using machine learning technology and modeling it with an appropriate algorithm. We show the performance and feasibility of the proposed system using deep learning binary classification model of supervised learning and autoencoder model of unsupervised learning.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.865-867
• /
• 2017

본 논문에서는 데이터스트림 환경에서 개념 변화를 탐지하기 위해 합성곱 신경망(CNN)을 사용하는 방법을 제시한다. 데이터스트림 환경에서 입력될 수 있는 데이터를 패턴화하여 신경망 모델에 학습시키고, 패턴화한 데이터를 학습시킨 신경망 모델을 이용하여 스트림 환경에서 개념 변화를 검출 가능함을 보인다.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.12 no.6
• /
• pp.531-536
• /
• 2002

In this paper, we have applied Genetic Algorithms(GAs) to Intrusion Detection System(TDS), and then proposed and simulated the misuse detection model firstly. We have implemented with the KBD contest data, and tried to simulated in the same environment. In the experiment, the set of record is regarded as a chromosome, and GAs are used to produce the intrusion patterns. That is, the intrusion rules are generated. We have concentrated on the simulation and analysis of classification among the Data Mining techniques and then the intrusion patterns are produced. The generated rules are represented by intrusion data and classified between abnormal and normal users. The different rules are generated separately from three models "Time Based Traffic Model", "Host Based Traffic Model", and "Content Model". The proposed system has generated the update and adaptive rules automatically and continuously on the misuse detection method which is difficult to update the rule generation. The generated rules are experimented on 430M test data and almost 94.3% of detection rate is shown.3% of detection rate is shown.

• Journal of the Society of Disaster Information
• /
• v.19 no.4
• /
• pp.968-975
• /
• 2023

Purpose: We would like to confirm that the false positive rate of flames/smoke is high when detecting fires. Propose a method and dataset to recognize and classify fire situations to reduce the false detection rate. Method: Using the video as learning data, the characteristics of the fire situation were extracted and applied to the classification model. For evaluation, the model performance of Yolov8 and Slowfast were compared and analyzed using the fire dataset conducted by the National Information Society Agency (NIA). Result: YOLO's detection performance varies sensitively depending on the influence of the background, and it was unable to properly detect fires even when the fire scale was too large or too small. Since SlowFast learns the time axis of the video, we confirmed that detects fire excellently even in situations where the shape of an atypical object cannot be clearly inferred because the surrounding area is blurry or bright. Conclusion: It was confirmed that the fire detection rate was more appropriate when using a video-based artificial intelligence detection model rather than using image data.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.45-51
• /
• 2018

As data utilization and importance becomes important, data-related accidents and damages are gradually increasing. Especially, insider threats are the most harmful threats. And these insider threats are difficult to detect by traditional security systems, so rule-based abnormal behavior detection method has been widely used. However, it has a lack of adapting flexibly to changes in new attacks and new environments. Therefore, in this paper, we propose an adaptive anomaly movement detection framework based on a statistical Markov model to detect insider threats in advance. This is designed to minimize false positive rate and false negative rate by adopting environment factors that directly influence the behavior, and learning data based on statistical Markov model. In the experimentation, the framework shows good performance with a high F2-score of 0.92 and suspicious behavior detection, which seen as a normal behavior usually. It is also extendable to detect various types of suspicious activities by applying multiple modeling algorithms based on statistical learning and environment factors.