• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.99-107
• /
• 2020

An underground integrated map is being built for underground safety management and is being updated periodically. The map update proceeds with the procedure of deleting all previously stored objects and saving newly entered objects. However, even unchanged objects are repeatedly stored, deleted, and stored. That causes the delay of the update time. In this study, in order to shorten the update time of the integrated map, an updated object and an unupdated object are separated, and only updated objects are reflected in the underground integrated map, and a system implementing this technology is described. For the updated object, an object comparison method using the center point of the object is used, and a quad tree is used to improve the search speed. The types of updated objects are classified into addition and deletion using the shape of the object, and change using its attributes. The proposed system consists of update object detection, extraction, conversion, storage, and history management modules. This system has the advantage of being able to update the integrated map about four times faster than the existing method based on the data used in the experiment, and has the advantage that it can be applied to both ground and underground facilities.

• Journal of Convergence for Information Technology
• /
• v.12 no.4
• /
• pp.260-269
• /
• 2022

In this paper, We propose an anomaly detection model using deep neural network to automate the identification of outliers of the national air pollution measurement network data that is previously performed by experts. We generated training data by analyzing missing values and outliers of weather data provided by the Institute of Environmental Research and based on the BeatGAN model of the unsupervised learning method, we propose a new model by changing the kernel structure, adding the convolutional filter layer and the transposed convolutional filter layer to improve anomaly detection performance. In addition, by utilizing the generative features of the proposed model to implement and apply a retraining algorithm that generates new data and uses it for training, it was confirmed that the proposed model had the highest performance compared to the original BeatGAN models and other unsupervised learning model like Iforest and One Class SVM. Through this study, it was possible to suggest a method to improve the anomaly detection performance of proposed model while avoiding overfitting without additional cost in situations where training data are insufficient due to various factors such as sensor abnormalities and inspections in actual industrial sites.

• Korean Journal of Remote Sensing
• /
• v.38 no.6_1
• /
• pp.991-1005
• /
• 2022

Satellite imaging is an effective supplementary data source for detecting and verifying nuclear activity. It is also highly beneficial in regions with limited access and information, such as nuclear installations. Time series analysis, in particular, can identify the process of preparing for the conduction of a nuclear experiment, such as relocating equipment or changing facilities. Differences in the semantic segmentation findings of time series photos were employed in this work to detect changes in meaningful items connected to nuclear activity. Building, road, and small object datasets made of KOMPSAT 3/3A photos given by AIHub were used to train deep learning models such as U-Net, PSPNet, and Attention U-Net. To pick relevant models for targets, many model parameters were adjusted. The final change detection was carried out by including object information into the first change detection, which was obtained as the difference in semantic segmentation findings. The experiment findings demonstrated that the suggested approach could effectively identify altered pixels. Although the suggested approach is dependent on the accuracy of semantic segmentation findings, it is envisaged that as the dataset for the region of interest grows in the future, so will the relevant scope of the proposed method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.377-380
• /
• 2022

An application called an app can be downloaded and used on mobile devices. Among them, Android-based apps have the disadvantage of being implemented on an open source basis and can be exploited by anyone, but unlike iOS, which discloses only a small part of the source code, Android is implemented as an open source, so it can analyze the code. However, since anyone can participate in changing the source code of open source-based Android apps, the number of malicious codes increases and types are bound to vary. Malicious codes that increase exponentially in a short period of time are difficult for humans to detect one by one, so it is efficient to use a technique to detect malicious codes using AI. Most of the existing malicious app detection methods are to extract Features and detect malicious apps. Therefore, three ways to select the optimal feature to be used for learning after feature extraction are proposed. Finally, in the step of modeling with optimal features, ensemble techniques are used in addition to a single model. Ensemble techniques have already shown results beyond the performance of a single model, as has been shown in several studies. Therefore, this paper presents a plan to select the optimal feature and implement a learning model for Android app-based malicious code detection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.591-603
• /
• 2018

Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.133-142
• /
• 2019

Although torrents and P2P sites or web hard are frequently used by users simply because they can be easily downloaded freely or at low prices, domestic torrent and P2P sites or web hard are very sensitive to copyright. Techniques have been researched and applied. Among these, title and string comparison method filtering techniques that block the number of cases such as file titles or combinations of key words are blocked by changing the title and spacing. Bypass is easy through. In order to detect and block illegal works for copyright protection, a technique for normalizing modified file titles is essential. In this paper, we compared the detection rate by searching before and after normalizing the modified file title of illegal works and normalizing the file title. Before the normalization, the detection rate was 77.72%, which was unfortunate while the detection rate was 90.23% after the normalization. In the future, it is expected that better handling of nonsense terms, such as common date and quality display, will yield better results.

• The Journal of Korean Association of Computer Education
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2010

NAC(Network Access Control) has been developed as a solution for the security of end-point user, to be a target computer of worm attack which does not use security patch of OS and install Anti-Virus, which spreads the viruses in the Intra-net. Currently the NAC products in market have a sufficient technology of pre-connect, but insufficient one of post-connect which detects the threats after the connect through regular authentication. Therefore NAC users have been suffered from Zero-day attacks and malware infection. In this paper, to solve the problems in the post-connect step we generate the normal behavior profiles using the traffic information of each host, host information through agent, information of open port and network configuration modification through network scanner addition to authentication of host and inspection of policy violation used before. Based on these we propose the system to detect the hosts infected malware.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.944-945
• /
• 2016

Gamma-ray Detector for gamma-ray imaging device is composed of a shielding body for shielding gamma-rays incident from the radiation source. Distribution of the gamma ray can be represented by the distribution information on the direction in which the detecting section and the signal through the incident hole of collimator. The role of the shield is important because all signals should be treated as noise except for the signal from the incident hole.In this paper In this paper, we have produced a compact, lightweight and Collimator shield by changing the structure and physical properties with respect to the collimator and shielding of lead-based gamma-ray detectors. And we analyzed the shielding effectiveness relative to the incident gamma ray sphere measured signal value through the gamma irradiation test facility. The results confirmed that the production and Collimator shielding the imaging device Implementing more efficient to implement.

• The Journal of the Acoustical Society of Korea
• /
• v.41 no.4
• /
• pp.419-425
• /
• 2022

This paper aims to evaluate the acoustic detection performance for the deployment of the source and receiver positions of a bi-static sonar. In contrast with a mono-static sonar, a bi-static sonar has a large amount of computation and complexity for deployment. Therefore, in this study, we propose an assessment method that reduces the amount of computation while considering the variability of the ocean environment as a method to apply to the placement of the source and receiver of a bi-static sonar. First, we assume the representative ocean environment in the shallow and deep water. The signal excess is calculated with the source to receiver ranges and sensor depths. And the result is compared with the proposed assessment method of acoustic detection performance.

• Journal of the Institute of Convergence Signal Processing
• /
• v.25 no.1
• /
• pp.1-6
• /
• 2024

The main function of intercept array sonar is to detect pulses radiated from enemy surface ships, submarines, and torpedoes. When a pulse is detected, it is a high risk situation for the own ship, so it is very important to find the target's location for the ship's maneuverability and survival. The target's location is calculated by finding the starting point of the pulse received form each sensor and calculating the time delay between sensors. In order to find starting point, the envelope of the signal is calculated and differential filtering is performed. However, since intercept array sonar has a high sampling frequency of the signal, the number of samples to be processed is large, so this process has a problem with a large computational amount. In this paper, we propose a pulse starting point calculation method using decimation for reducing computational amount. Simulations were performed while changing the decimation factor, and it was confirmed that computational amount was reduced. The proposed method is expected to be effective in real-time processing system and have advantages in resource utilization.