• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.807-816
• /
• 2015

During the last decade most of coordinated security breaches are performed by the means of botnets, which is a large overlay network of compromised computers being controlled by remote botmaster. Due to high volumes of traffic to be analyzed, the challenge is posed by managing tradeoff between system scalability and accuracy. We propose a novel Hadoop-based P2P botnet detection method solving the problem of scalability and having high accuracy. Moreover, our approach is characterized not to require labeled data and applicable to encrypted traffic as well.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.2
• /
• pp.279-285
• /
• 2012

Most national critical key infrastructure, such like electricity, nuclear power plant, and petroleum is run on SCADA (Supervisory Control And Data Acquisition) system as the closed network type. These systems have treated the open protocols like TCP/IP, and the commercial operating system, which due to gradually increasing dependence on IT(Information Technology) is a trend. Recently, concerns have been raised about the possibility of these facilities being attacked by cyber terrorists, hacking, or viruses. In this paper, the method to minimize threats and vulnerabilities is proposed, with the virtual honeynet system architecture and the attack detection algorithm, which can detect the unknown attack patterns of Zero-Day Attack are reviewed.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.6
• /
• pp.63-71
• /
• 2021

This paper propose an development of the unmanned automatic test system for a portable detector using TRIZ Methodology. A new development scheme among of the unmanned automatic test system configurations was obtained after application of the TESE(Trends of Engineering System Evolution) one of the TRIZ methods. Using Pugh matrix drives some improving ideas. The key idea of this unmanned automatic test system scheme is to minimize whole test procedure time of each portable detector and to maximize the amount of portable detectors at once. Between the before and the after configurations of the 3D mechanical model find out improvements. This paper shows that the proposed development scheme improves the test performance efficiency compared to previous scheme.

• Korean Journal of Remote Sensing
• /
• v.36 no.5_2
• /
• pp.989-1006
• /
• 2020

Building change monitoring based on building detection is one of the most important fields in terms of monitoring artificial structures using high-resolution multi-temporal images such as CAS500-1 and 2, which are scheduled to be launched. However, not only the various shapes and sizes of buildings located on the surface of the Earth, but also the shadows or trees around them make it difficult to detect the buildings accurately. Also, a large number of misdetection are caused by relief displacement according to the azimuth and elevation angles of the platform. In this study, object-based building detection was performed using the azimuth angle of the Sun and the corresponding main direction of shadows to improve the results of building change detection. After that, the platform's azimuth and elevation angles were used to detect changed buildings. The object-based segmentation was performed on a high-resolution imagery, and then shadow objects were classified through the shadow intensity, and feature information such as rectangular fit, Gray-Level Co-occurrence Matrix (GLCM) homogeneity and area of each object were calculated for building candidate detection. Then, the final buildings were detected using the direction and distance relationship between the center of building candidate object and its shadow according to the azimuth angle of the Sun. A total of three methods were proposed for the building change detection between building objects detected in each image: simple overlay between objects, comparison of the object sizes according to the elevation angle of the platform, and consideration of direction between objects according to the azimuth angle of the platform. In this study, residential area was selected as study area using high-resolution imagery acquired from KOMPSAT-3 and Unmanned Aerial Vehicle (UAV). Experimental results have shown that F1-scores of building detection results detected using feature information were 0.488 and 0.696 respectively in KOMPSAT-3 image and UAV image, whereas F1-scores of building detection results considering shadows were 0.876 and 0.867, respectively, indicating that the accuracy of building detection method considering shadows is higher. Also among the three proposed building change detection methods, the F1-score of the consideration of direction between objects according to the azimuth angles was the highest at 0.891.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.9-15
• /
• 2013

Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user's behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).

• Korean Journal of Remote Sensing
• /
• v.38 no.6_1
• /
• pp.1463-1478
• /
• 2022

Maritime transport accounts for 99.7% of the exports and imports of the Republic of Korea; therefore, developing a vessel monitoring system for efficient operation is of significant interest. Several studies have focused on tracking and monitoring vessel movements based on automatic identification system (AIS) data; however, ships without AIS have limited monitoring and tracking ability. High-resolution optical satellite images can provide the missing layer of information in AIS-based monitoring systems because they can identify non-AIS vessels and small ships over a wide range. Therefore, it is necessary to investigate vessel monitoring and small vessel classification systems using high-resolution optical satellite images. This study examined the possibility of developing ship monitoring systems using Compact Advanced Satellite 500-1 (CAS500-1) satellite images by first training a deep learning model using satellite image data and then performing detection in other images. To determine the effectiveness of the proposed method, the learning data was acquired from ships in the Yellow Sea and its major ports, and the detection model was established using the You Only Look Once (YOLO) algorithm. The ship detection performance was evaluated for a domestic and an international port. The results obtained using the detection model in ships in the anchorage and berth areas were compared with the ship classification information obtained using AIS, and an accuracy of 85.5% and 70% was achieved using domestic and international classification models, respectively. The results indicate that high-resolution satellite images can be used in mooring ships for vessel monitoring. The developed approach can potentially be used in vessel tracking and monitoring systems at major ports around the world if the accuracy of the detection model is improved through continuous learning data construction.

• Korean Journal of Remote Sensing
• /
• v.28 no.4
• /
• pp.357-367
• /
• 2012

This paper presents a two-stage methodology for anomaly detection from hyperspectral imagery that consists of transform-based feature extraction and selection, and computation of a local spatial auto-correlation statistic. First, principal component transform and 3D wavelet transform are applied to reduce redundant spectral information from hyperspectral imagery. Then feature selection based on global skewness and the portion of highly skewed sub-areas is followed to find optimal features for anomaly detection. Finally, a local indicator of spatial association (LISA) statistic is computed to account for both spectral and spatial information unlike traditional anomaly detection methodology based only on spectral information. An experiment using airborne CASI imagery is carried out to illustrate the applicability of the proposed anomaly detection methodology. From the experiments, anomaly detection based on the LISA statistic linked with the selection of optimal features outperformed both the traditional RX detector which uses only spectral information, and the case using major principal components with large eigen-values. The combination of low- and high-frequency components by 3D wavelet transform showed the best detection capability, compared with the case using optimal features selected from principal components.

• Korean Journal of Remote Sensing
• /
• v.34 no.5
• /
• pp.787-799
• /
• 2018

Accurate and effective mapping is critical step to monitor the spatial distribution and change of flood inundated area in large scale flood event. In this study, we try to suggest methods to use low spatial resolution satellite optical imagery for flood mapping, which has high temporal resolution to cover wide geographical area several times per a day. We selected the Sebou watershed flood in Morocco that was occurred in early 2010, in which several hundred $km^2$ area of the Gharb lowland plain was inundated. MODIS daily surface reflectance product was used to detect the flooded area. The study area showed several distinct spectral patterns within the flooded area, which included pure turbid water and turbid water with vegetation. The flooded area was extracted by thresholding on selected band reflectance and water-related spectral indices. Accuracy of these flooding detection methods were assessed by the reference map obtained from Landsat-5 TM image and qualitative interpretation of the flood map derived. Over 90% of accuracies were obtained for three methods except for the NDWI threshold. Two spectral bands of SWIR and red were essential to detect the flooded area and the simple thresholding on these bands was effective to detect the flooded area. NIR band did not play important role to detect the flooded area while it was useful to separate the water-vegetation mixed flooded classes from the purely water surface.

• Korean Journal of Remote Sensing
• /
• v.31 no.5
• /
• pp.361-370
• /
• 2015

Various algorithms such as Chronochrome(CC), Principle Component Analysis(PCA), and spectral unmixing have been studied for hyperspectral change detection. Change detection by spectral unmixing offers useful information on the nature of the change compared to the other change detection methods which provide only the locations of changes in the scene. However, hyperspectral change detection by spectral unmixing is still in an early stage. This research proposed a new approach to extract endmembers, which have identical properties in temporally different images, by Iterative Error Analysis (IEA) and Spectral Angle Mapper(SAM). The change map obtained from the difference of abundance efficiently showed the changed pixels. Simulated images generated from Compact Airborne Spectrographic Imager (CASI) and Hyperion were used for change detection, and the experimental results showed that the proposed method performed better than CC, PCA, and spectral unmixing using N-FINDR. The proposed method has the advantage of automatically extracting endmembers without prior information, and it could be applicable for the real images composed of many materials.

• Korean Journal of Remote Sensing
• /
• v.34 no.6_1
• /
• pp.1025-1032
• /
• 2018

Snow Cover is a form of precipitation that is defined by snow on the surface and is the single largest component of the cryosphere that plays an important role in maintaining the energy balance between the earth's surface and the atmosphere. It affects the regulation of the Earth's surface temperature. However, since snow cover is mainly distributed in area where human access is difficult, snow cover detection using satellites is actively performed, and snow cover detection in forest area is an important process as well as distinguishing between cloud and snow. In this study, we applied the Normalized Difference Snow Index (NDSI) and the Normalized Difference Vegetation Index (NDVI) to the geostationary satellites for the snow detection of forest area in existing polar orbit satellites. On the rest of the forest area, the snow cover detection using $R_{1.61{\mu}m}$ anomaly technique and NDSI was performed. As a result of the indirect validation using the snow cover data and the Visible Infrared Imaging Radiometer (VIIRS) snow cover data, the probability of detection (POD) was 99.95 % and the False Alarm Ratio (FAR) was 16.63 %. We also performed qualitative validation using the Himawari-8 Advanced Himawari Imager (AHI) RGB image. The result showed that the areas detected by the VIIRS Snow Cover miss pixel are mixed with the area detected by the research false pixel.