• Korean Journal of Remote Sensing
• /
• v.34 no.6_3
• /
• pp.1427-1443
• /
• 2018

Object-based image analysis (OBIA) allows higher computation efficiency and usability of information inherent in the image, as it reduces the complexity of the image while maintaining the image properties. Superpixel methods oversegment the image with a smaller image unit than an ordinary object segment and well preserve the edges of the image. SLIC (Simple linear iterative clustering) is known for outperforming the previous superpixel methods with high image segmentation quality. Although the input parameter for SLIC, number of superpixels has considerable influence on image segmentation results, impact analysis for SLIC parameter has not been investigated enough. In this study, we performed optimal parameter analysis and evaluation of change detection for SLIC-based superpixel techniques using KOMPSAT data. Forsuperpixel generation, three superpixel methods (SLIC; SLIC0, zero parameter version of SLIC; SNIC, simple non-iterative clustering) were used with superpixel sizes in ranges of $5{\times}5$ (pixels) to $50{\times}50$ (pixels). Then, the image segmentation results were analyzed for how well they preserve the edges of the change detection reference data. Based on the optimal parameter analysis, image segmentation boundaries were obtained from difference image of the bi-temporal images. Then, DBSCAN (Density-based spatial clustering of applications with noise) was applied to cluster the superpixels to a certain size of objects for change detection. The changes of features were detected for each superpixel and compared with reference data for evaluation. From the change detection results, it proved that better change detection can be achieved even with bigger superpixel size if the superpixels were generated with high regularity of size and shape.

• Journal of KIISE
• /
• v.43 no.6
• /
• pp.718-723
• /
• 2016

In streaming data analysis, detecting concept drift accurately is important to maintain the performance of classification model. Error rates are usually used for concept drift detection. However, by describing prediction results with only binary values of 0 or 1, useful information about a behavior pattern of a classifier can be lost. In this paper, we propose an effective concept drift detection method which describes performance pattern of a classifier by utilizing probability estimates for class prediction and detects a significant change in a classifier behavior. Experimental results on synthetic and real streaming data show the efficiency of the proposed method for detecting the occurrence of concept drift.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.727-738
• /
• 2003

Much research efforts are being exerted for the study of intrusion detection system(IDS). However little work has been for the communication medels and performance eveluation of the IDS. Here we present a communication framework for doing hybrid intrusion detection in which agents are used for local intrusion detections with a centralized data anaysis componenta for a global intrusion detection at multiple domains environment. We also assume the combination of host-based and network-based intrusion detection systems in the oberall framework. From the local domain, a set of information such as alert, and / or log data are reported to the upper level. At the root of the hierarchy, there is a global manager where data coalescing is performed. The global manager delivers a security policy to its lower levels as the result of aggregation and correlation of intrusion detection alerts. In this paper, we model the communication mechanisms for the hybrid IDS and develop a simular using OPNET modeller for the performance evaluation of transmission capabillities for the delivery of data and policy. We present and compare simulation results based on several scenarios focuding on communication delay.

• Annual Conference of KIPS
• /
• 2003.05c
• /
• pp.2001-2004
• /
• 2003

비정상 행위의 탐지를 위한 침입탐지 시스템의 성능을 좌우하는 가장 큰 요인들은 패킷의 손실없는 수집과 해당 도메인에 알맞은 분류 기법이라 할 수 있다. 본 논문에서는 기존의 탐지엔진에 적용된 알고리즘의 부류에서 벗어나 Instance 기반의 알고리즘인 IBL(Instance Based Learning)을 선택하여 학습시간의 단축과 패턴생성에 따른 분류근거의 명확성을 고려였다. 또한, 기존 IBL에 포함되어 있는 Symbolic value 의 거리계산 방식에서 네트워크의 로우 데이터인 패킷을 처리하는데 따르는 문제를 해결하기 위해 VDM(Value Difference Matrix)을 사용함으로써 탐지률을 향상시킬 수 있었다. Symbolic value간의 거리계산에 따른 성능향상의 정도를 알아보기 위해 VDM 적용 유무에 따른 실험결과와 탐지엔진에 적용되었던 알고리즘들인 COWEB 과 C4.5를 이용한 결과를 비교분석 하였다.

• Annual Conference on Human and Language Technology
• /
• 2022.10a
• /
• pp.437-441
• /
• 2022

문맥 독립 주장 탐지는 논점에 대한 정보가 주어지지 않은 상황에서 문서 내부의 문장들 또는 단일 문장에 대한 주장을 탐지하는 작업이다. 본 논문에서는 GCN 계층을 통해 얻은 구조 정보와 사전 학습된 언어 모델을 통해 얻은 의미 정보를 활용하는 문맥 독립 주장 탐지 모델을 제안한다. 특히 문장의 전체 구조 정보를 나타내는 부모-자식 그래프와 문장의 특정 구조 정보를 나타내는 조부모-조손 그래프를 활용해 추가적인 구조 정보를 활용하여 주장 탐지 성능을 향상시켰다. 제안 모델은 IAM 데이터셋을 사용한 실험에서 기본 RoBERTa base 모델과 비교하여 최대 2.66%p의 성능 향상을 보였다.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.48-59
• /
• 2018

Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.

• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.862-865
• /
• 2011

지난 3 월 3 일 발생한 분산서비스 거부 공격의 경우 보안 패치 업데이트를 방해하는 현상이 신고되어 공격 시작 전에 악성코드가 분석됨으로 초동 대응이 가능하였다. 하지만 일반적인 분산서비스 거부 공격은 이러한 초동 분석이 불가능한 경우가 대부분이다. 따라서 네트워크에서 공격 트래픽을 효과적으로 탐지 차단하는 DDoS 탐지 엔진이 필요하다. 또한 빠른 트래픽 증가로 인하여 10Gbps Ethernet 사용이 일반화 되고 있고, 이미 수 백 Gbps 의 공격 트래픽이 수시로 발생하고 있다. 본 논문에서는 선로 속도 10Gbps 성능의 분산서비스거부 공격 탐지 칩 셋의 구현에 대해 기술한다. 칩 구현을 위한 고려 사항, 엔진 구조, 하드웨어 합성 결과 및 시스템에 장착된 칩의 성능에 대하여 소개하고자 한다.

• Annual Conference of KIPS
• /
• 2021.11a
• /
• pp.837-840
• /
• 2021

안정적인 서버 운영을 위해 이상 패턴 및 개체를 식별하는 이상탐지 연구가 활발하게 연구되어 오고 있다. 이상탐지의 대표적인 예로 서버의 사용량 증가를 꼽을 수 있지만, 실제 이상 데이터 수집 및 현상의 재현이 어렵다는 점은 해당 연구의 어려움으로 존재한다. 본 연구는 다양한 시나리오 기반의 부하테스트를 설계하고, 클라우드 환경에서 이상 데이터를 생성 및 수집하였다. 해당 데이터는 이상탐지에 대표적으로 사용되는 알고리즘의 성능을 비교 분석에 활용하였으며, 실험을 통해 각 알고리즘의 신뢰 수준을 확인하였다. 이는 다양한 서버 운영 환경에 적합한 알고리즘을 채택하는데 활용 가능하며, 결과적으로 안정적이고 효율적인 서버 운영에 기여할 수 있을 것으로 사료된다.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.30 no.5
• /
• pp.389-398
• /
• 2019

In this paper, we propose a method to detect small unmanned aerial vehicles(UAVs) flying in a real-world environment. Small UAV signals are frequently obscured by clutter signals because UAVs usually fly at low altitudes over urban or mountainous terrain. Therefore, to obtain a desirable detection performance, clutter signals must be considered in addition to noise, and thus, a performance analysis of each clutter removal technique is required. The proposed detection process uses clutter removal and pulse integration methods to suppress clutter and noise signals, and then detects small UAVs by utilizing a constant false alarm rate detector. After applying three clutter removal techniques, we analyzed the performance of each technique in detecting small UAVs. Based on experimental data acquired in a real-world outdoor environment, we found it was possible to derive a clutter removal method suitable for the detection of small UAVs.

• Journal of Digital Contents Society
• /
• v.19 no.2
• /
• pp.363-370
• /
• 2018

Ransomware detection has become a hot topic in computer security for protecting digital contents. Unfortunately, current signature-based and static detection models are often easily evadable by compress, and encryption. For overcoming the lack of these detection approach, we have proposed the dynamic ransomware detection system using data mining techniques such as RF, SVM, SL and NB algorithms. We monitor the actual behaviors of software to generate API calls flow graphs. Thereafter, data normalization and feature selection were applied to select informative features. We improved this analysis process. Finally, the data mining algorithms were used for building the detection model for judging whether the software is benign software or ransomware. We conduct our experiment using more suitable real ransomware samples. and it's results show that our proposed system can be more effective to improve the performance for ransomware detection.