• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.01a
• /
• pp.307-309
• /
• 2023

본 논문에서는 LSTM Autoencoder를 활용한 전동기의 Anomaly Detection을 제안한다. 전동기의 Anomaly Detection를 통해 전동킥보드의 고장을 예방하여 이용자의 안전을 보장한다. 전동기로부터 얻은 시계열 진동 데이터와 시계열 데이터 분석에 유의미한 LSTM을 활용한 Autoencoder를 통해 Anomaly Detection을 구현했다. 그 결과 99.9%의 정확도를 기록하였다.

• The Magazine of the IEIE
• /
• v.15 no.1
• /
• pp.57-64
• /
• 1988

이 글에서는 통신 전자전의 ESM과 ECM에 대한 일반적인 내용보다는, 그 중 한 특수 분야로서 전술 및 전략적으로 매우 큰 비중을 차지하고 있는 전파방향 탐지 및 방해기법을 위주로 하여 운용면 보다는 기술적 이론을 보안에 저촉되지 않는 한도내에서 상세히 설명하였다. 전파 방향 탐지 기법에 대해서는 주요 기법들의 분류 및 설명, 장비 구성방법을 비롯하여 이를 운용하며 방위각을 구하고 자동망에 의하여 위치표정을 하기까지의 주요 사항들을 항목별로 정리하였으며, 전파 방해 기법에 대해서는 기법별 특성에 대한 간략한 비교, 장비 구성방법과 필수 핵심부에 대한 분석 등을 수록하므로써 전파 방향 탐지 및 방해 기법의 전반에 걸친 내용을 다루었다.

• Review of KIISC
• /
• v.30 no.5
• /
• pp.101-109
• /
• 2020

온라인게임은 부정로그인 및 게임봇 (Game BOT) 탐지 등 서비스에 악영향을 주는 이상징후를 조기에 탐지해야 하는 서비스 분야이다 보니, 데이터기반 보안 (Data-Driven Security)이 상당히 오랜 기간 자생적으로 구축이 되어왔다. 온라인 게임은 초당 동시접속이 800만~1천만에 육박하는 게임도 시장에 빈번히 존재하기 때문에, 게임유저들의 로그데이터를 빅데이터 기술을 접목한 데이터 분석이 필수적이다. 본고에서는 온라인게임 분야에 존재하는 다양한 위협요소 중 하나인 게임봇 및 작업장 탐지에 적용된 데이터기반 보안 기술들에 대해 조사하고 향후 온라인게임분야에서의 데이터기반 보안의 연구 방향을 제시해 보고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.970-972
• /
• 2004

최근 들어 웜 바이러스의 출현과 더불어, 인터넷 대란과 같은 서비스 거부 공격의 피해 사례가 급증하고 있다. 이에 따라 네트워크 보안이 많은 관심을 받고 있는데, 보안의 여러 분야 가운데에서도 특히 침입탐지와 대응에 관한 연구가 활발히 이루어지고 있다. 또한 이러한 작업들을 자동화하기 위한 도구들이 개발되고 있지만 그 정확성이 아직 신뢰할 만한 수준에 이르지 못하고 있는 것이 지금의 현실이다. 본 논문에서는 이벤트 로그를 분석하여 침입 패턴을 예측하고, 이를 기반으로 자동화된 침입 탐지 및 대응을 구현할 수 있는 String Matching 알고리즘을 제안하고자 한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.2
• /
• pp.199-206
• /
• 2022

A malfunction or breakdown of a manufacturing facility leads to product defects and the suspension of production lines, resulting in huge financial losses for manufacturers. Due to the spread of smart factory services, a large amount of data is being collected in factories, and AI-based research is being conducted to predict and diagnose manufacturing facility breakdowns or manufacturing site efficiency. However, because of the characteristics of manufacturing data, such as a severe class imbalance about abnormalities and ambiguous label information that distinguishes abnormalities, developing classification or anomaly detection models is highly difficult. In this paper, we present an deep learning algorithm for anomaly detection of a manufacturing facility using reconstruction loss of CNN-based model and ananlyze its performance. The algorithm detects anomalies by relying solely on normal data from the facility's manufacturing data in the exclusion of abnormal data.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.48-59
• /
• 2018

Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.5 no.3
• /
• pp.158-163
• /
• 2012

This paper proposes an FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) design that detects anomaly and misuse attacks by using a Naive Bayesian algorithm, Data Mining, and Fuzzy Logic. The NB-AAD(Naive Bayesian based Anomaly Attack Detection) technique using a Naive Bayesian algorithm within the FHIDS detects anomaly attacks. The DM-MAD(Data Mining based Misuse Attack Detection) technique using Data Mining within it analyzes the correlation rules among packets and detects new attacks or transformed attacks by generating the new rule-based patterns or by extracting the transformed rule-based patterns. The FLD(Fuzzy Logic based Decision) technique within it judges the attacks by using the result of the NB-AAD and DM-MAD. Therefore, the FHIDS is the hybrid attack detection system that improves a transformed attack detection ratio, and reduces False Positive ratio by making it possible to detect anomaly and misuse attacks.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.45-51
• /
• 2018

As data utilization and importance becomes important, data-related accidents and damages are gradually increasing. Especially, insider threats are the most harmful threats. And these insider threats are difficult to detect by traditional security systems, so rule-based abnormal behavior detection method has been widely used. However, it has a lack of adapting flexibly to changes in new attacks and new environments. Therefore, in this paper, we propose an adaptive anomaly movement detection framework based on a statistical Markov model to detect insider threats in advance. This is designed to minimize false positive rate and false negative rate by adopting environment factors that directly influence the behavior, and learning data based on statistical Markov model. In the experimentation, the framework shows good performance with a high F2-score of 0.92 and suspicious behavior detection, which seen as a normal behavior usually. It is also extendable to detect various types of suspicious activities by applying multiple modeling algorithms based on statistical learning and environment factors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.693-704
• /
• 2020

As a company's network structure is getting bigger and the number of security system is increasing, it is not easy to quickly detect abnormal traffic from huge amounts of security system events. In this paper, We propose traffic visualization analysis system(FDANT-PCSV) that can detect and analyze security events of information security systems such as firewalls in real time. FDANT-PCSV consists of Parallel Coordinates visualization using five factors(source IP, destination IP, destination port, packet length, processing status) and Sankey visualization using four factors(source IP, destination IP, number of events, data size) among security events. In addition, the use of big data-based SIEM enables real-time detection of network attacks and network failure traffic from the internet and intranet. FDANT-PCSV enables cyber security officers and network administrators to quickly and easily detect network abnormal traffic and respond quickly to network threats.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.13-23
• /
• 2021

The attacker's techniques and tools are becoming intelligent and sophisticated. Existing Anti-Virus cannot prevent security accident. So the security threats on the endpoint should also be considered. Recently, EDR security solutions to protect endpoints have emerged, but they focus on visibility. There is still a lack of detection and responsiveness. In this paper, we use real-world EDR event logs to aggregate knowledge-based MITRE ATT&CK and autoencoder-based anomaly detection techniques to detect anomalies in order to screen effective analysis and analysis targets from a security manager perspective. After that, detected anomaly attack signs show the security manager an alarm along with log information and can be connected to legacy systems. The experiment detected EDR event logs for 5 days, and verified them with hybrid analysis search. Therefore, it is expected to produce results on when, which IPs and processes is suspected based on the EDR event log and create a secure endpoint environment through measures on the suspicious IP/Process.