• Journal of the Institute of Electronics Engineers of Korea SC
• /
• v.48 no.5
• /
• pp.25-30
• /
• 2011

This paper present a method for abnormal traffic behavior, or trajectory, detection in static traffic surveillance camera with user-defined trajectories. The method computes the abnormality of moving object with a trajectory of the object and user-defined trajectories. Because of using user-define based information, the presented method have more accurate and faster performance than models need a learning about normal behaviors. The method also have adaptation process of assigned rule, so it can handle scene variation for more robust performance. The experimental results show that our method can detect abnormal traffic behaviors in various situation.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.689-690
• /
• 2016

밀집된 돈방에서 사육되는 돼지의 공격적인 행동들은 돼지의 성장에 심각한 악영향을 주고, 이는 농가의 경제적 손실로 이어진다. 따라서 돈방 내의 비정상 상황들을 지속적으로 모니터링할 수 있는 IT기반의 영상 감시 시스템이 요구된다. 본 논문에서는 돼지의 행동 분석 이전에 필수적으로 선행되어야 하는 개별 돼지의 탐지를 위한 키넥트 카메라 기반의 새로운 모니터링 시스템을 제안한다. 먼저, 배경차영상 기법과 깊이 임계값을 이용하여 서있는 돼지만을 탐지한다. 둘째, 서있는 돼지들 중에서 움직임이 있는 돼지만을 관심영역으로 설정하여 탐지한다. 마지막으로, 서서 움직이는 돼지들 사이에서 발생하는 근접 문제를 깊이 정보를 이용한 등고선기법을 제안 적용하여 돼지 객체의 탐지를 완성한다. 실제 세종에 위치한 한 돈사에서 취득한 깊이 영상 정보를 이용하여 본 논문에서 제안하는 시스템의 성능을 실험적으로 검증하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.804-807
• /
• 2012

Cloud service provider has to protect client's information securely since all the resources are offered by the service provider, and a large number of users share the resources. In this paper, a NoSQL-based anomaly detection system is proposed in order to enhance the security of mobile cloud services. The existing integrated security management system that uses a relational database can not be used for real-time processing of data since security log from a variety of security equipment and data from cloud node have different data format with unstructured features. The proposed system can resolve the emerging security problem because it provides real time processing and scalability in distributed processing environment.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.45-51
• /
• 2018

As data utilization and importance becomes important, data-related accidents and damages are gradually increasing. Especially, insider threats are the most harmful threats. And these insider threats are difficult to detect by traditional security systems, so rule-based abnormal behavior detection method has been widely used. However, it has a lack of adapting flexibly to changes in new attacks and new environments. Therefore, in this paper, we propose an adaptive anomaly movement detection framework based on a statistical Markov model to detect insider threats in advance. This is designed to minimize false positive rate and false negative rate by adopting environment factors that directly influence the behavior, and learning data based on statistical Markov model. In the experimentation, the framework shows good performance with a high F2-score of 0.92 and suspicious behavior detection, which seen as a normal behavior usually. It is also extendable to detect various types of suspicious activities by applying multiple modeling algorithms based on statistical learning and environment factors.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.9-15
• /
• 2013

Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user's behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).

• Journal of Digital Convergence
• /
• v.12 no.6
• /
• pp.289-295
• /
• 2014

Intrusion detection system is a means of security that detects abnormal use and illegal intension in advance in real time and reenforce the security of enterprises. Performance of intrusion detection system is judged by information collection, intrusion analysis, intrusion response, review and protection of intrusion detection result, reaction, loss protection that belong to the area of intrusion detection. In this paper, we developed a evaluation model based on the requirements of intrusion detection system and ISO international standard about software product evaluation.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.4
• /
• pp.11-19
• /
• 2021

An abnormal object refers to a person, an object, or a mechanical device that performs abnormal and unusual behavior and needs observation or supervision. In order to detect this through artificial intelligence algorithm without continuous human intervention, a method of observing the specificity of temporal features using optical flow technique is widely used. In this study, an abnormal situation is identified by learning an algorithm that translates an input image frame to an optical flow image using a Generative Adversarial Network (GAN). In particular, we propose a technique that improves the pre-processing process to exclude unnecessary outliers and the post-processing process to increase the accuracy of identification in the test dataset after learning to improve the performance of the model's abnormal behavior identification. UCSD Pedestrian and UMN Unusual Crowd Activity were used as training datasets to detect abnormal behavior. For the proposed method, the frame-level AUC 0.9450 and EER 0.1317 were shown in the UCSD Ped2 dataset, which shows performance improvement compared to the models in the previous studies.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.10
• /
• pp.319-326
• /
• 2016

Abnormal situation caused by aggressive behavior of pigs adversely affects the growth of pigs, and comes with an economic loss in intensive pigsties. Therefore, IT-based video surveillance system is needed to monitor the abnormal situations in pigsty continuously in order to minimize the economic demage. In this paper, we propose a new Kinect camera-based monitoring system for the detection of the individual pigs. The proposed system is characterized as follows. 1) The background subtraction method and depth-threshold are used to detect only standing-pigs in the Kinect-depth image. 2) The moving-pigs are labeled as regions of interest. 3) A contour method is proposed and applied to solve the touching-pigs problem in the Kinect-depth image. The experimental results with the depth videos obtained from a pig farm located in Sejong illustrate the efficiency of the proposed method.

• The Korean Journal of Applied Statistics
• /
• v.31 no.4
• /
• pp.497-505
• /
• 2018

Attacking computer systems using ransomware is very common all over the world. Since antivirus and detection methods are constantly improved in order to detect and mitigate ransomware, the ransomware itself becomes equally better to avoid detection. Several new methods are implemented and tested in order to optimize the protection against ransomware. In our work, 582 of ransomware and 942 of normalware sample data along with 30,967 dynamic action sequence variables are used to detect ransomware efficiently. Several variable selection techniques combined with various machine learning based classification techniques are tried to protect systems from ransomwares. Among various combinations, chi-square variable selection and random forest gives the best detection rates and accuracy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.797-808
• /
• 2012

In smart work environment, a company provides employees a flexible work environment for tele-working using mobile phone or portable devices. On the other hand, such environment are exposed to the risks which the attacker can intrude into computer systems or leak personal information of smart-workers' and gain a company's sensitive information. To reduce these risks, the security administrator needs to analyze the usage patterns of employees and detect abnormal behaviors by monitoring VPN(Virtual Private Network) access log. This paper proposes a decision support system that can notify the status by using visualization and similarity measure through clustering analysis. On average, 88.7% of abnormal event can be detected by this proposed method. With this proposed system, the security administrator can detect abnormal behaviors of the employees and prevent account theft.