• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.507-516
• /
• 2001

In this paper, we implement sequence-based anomaly detection sensor using SOM and HMM, and analyze what is important information in system call and how a threshold is decided. The new filtering and reduction rules of SOM reduces the input size of HMM. This gives real-time processing to HMM-based anomaly detection sensor. Also, we introduced an anomaly count into the sensor. Due to lessened sensibility, a user easily understand easily the detection information and false-positive was decreased. And the active coordination of the threshold value makes the detection sensor adapt according to the system condition.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.680-683
• /
• 2001

As the rapid information communication technique, internet users have been continuously increasing every year, but on the other hand many damages have occurred on the internet because of dysfunction for computer system intrusion. To reduce damages, network and system security mechanism is variously developed by researcher, IDS(Intrusion Detection System) is commercialized to security technique. In this paper we describe for intrusion detection based on network, we design and implement IDS to detect illegal intrusion using misuse detection model. Implemented IDS can detect various intrusion types. When IDS detected illegal intrusion, we implemented for administrator to be possible management and control through mechanisms of alert message transmission, mail transmission, mail at the remote.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2023.05a
• /
• pp.40-41
• /
• 2023

This paper introduces the design of detection, recognition, and tracking algorithms for VTS radar image-based objects. The detection of objects in radar images utilizes artificial intelligence technology to determine the presence or absence of objects, and can classify the type of object using AI technology. Tracking involves the continuous tracking of detected objects over time, including technology to prevent confusion in the movement path. In particular, for land-based radar, there are unnecessary areas for detection depending on the terrain, so the function of detecting and recognizing vessels within the region of interest (ROI) set in the radar image is included. In addition, the extracted coordinate information is designed to enable various applications and interpretations by calculating speed, direction, etc.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.04a
• /
• pp.286-288
• /
• 2016

기존에 카메라는 침입자를 탐지할 때 정확성이 부족하고 열화상카메라는 가격이 비싸고 열 측정이 되지 않는 상황일 경우 감시가 힘들다는 단점이 있다. 이러한 단점을 보완하기 위해 빛의 간섭 및 회절에 의한 무아레 현상을 이용하여 이상징후 탐지 및 활용방안을 제시하려한다. 지형의 높낮이 및 형상을 저장하고 침입자가 탐지되었을 경우 무아레 이미지를 기반으로 처음 설정했던 지형 데이터와 비교하여 외부인의 침입을 탐지한다. 미세한 움직임이나 변화에도 크게 이미지가 변하는 무아레 현상의 성질을 이용하여 이상징후를 탐지하는 것이다. 이상징후를 탐지 했을 경우 보안 담당관에게 알림을 전송하거나 경보를 울리는 이상징후 탐지 솔루션 및 활용방안을 제안한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.229-231
• /
• 2001

최근들어 경제활동의 증가로 대부분의 성인들은 몇 장의 신용카드를 소지하고 있을 것이다. 이에 따른 신용카드의 도난 분실 사고는 카드사의 문제가 되고있다. 기존의 탐지 시스템은 도난신고 등의 일반적인 탐지와 갑작스런 사용 액수의 증가를 탐지하여 도난 분실 카드를 판별하였다. 이것은 소액의 부정거래탐지가 어렵다는 단점이 있다. 본 논문에서 제시하는 탐지 시스템은 outlier 기법을 사용하여 training set을 만들고 시간가중치와 거리기반 도표를 이용하여 도난 분실 카드를 탐지한다. 금액, 시간 도표에서 거래요구시간의 차를 계산하여 가중치를 주고 장소, 소비종류 도표에서는 training set에서 얻은 자료인 저녁 8시를 기준으로 소비종류의 배열을 바꾼다. 제안된 시스템은 소액의 부정거래 탐지에도 우수하고 이전의 시스템보다 정확함을 장점으로 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.1103-1105
• /
• 2015

Leaked Radioactive source in nuclear power station, radiation related facilities and the aging nuclear power plant for the dismantling must need to detect and remove early to prevent major accidents. In this paper, we implemented a single sensor-based gamma-ray detectors stereo which can provide the distance to the radiation source, a direction and doserate information for fast and efficient decontamination work the radiation source. And we have carried out an algorithm development for high-speed detection of the detection equipment. Two detectors are required for stereo structure for obtaining the distance information of the radioactive source, but we designed the only sensor-based detection device for the weight reduction. We have extracted the region of interest and obtained the distance calculation result and distribution of radiation source in order to minimize a stereo image acquisition time. Detection time of the algorithm showed a shorter time of about 41%.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.8
• /
• pp.355-364
• /
• 2023

As advanced cyber threats continue to increase in recent years, it is difficult to detect new types of cyber attacks with existing pattern or signature-based intrusion detection method. Therefore, research on anomaly detection methods using data learning-based artificial intelligence technology is increasing. In addition, supervised learning-based anomaly detection methods are difficult to use in real environments because they require sufficient labeled data for learning. Research on an unsupervised learning-based method that learns from normal data and detects an anomaly by finding a pattern in the data itself has been actively conducted. Therefore, this study aims to extract a latent vector that preserves useful sequence information from sequence log data and develop an anomaly detection learning model using the extracted latent vector. Word2Vec was used to create a dense vector representation corresponding to the characteristics of each sequence, and an unsupervised autoencoder was developed to extract latent vectors from sequence data expressed as dense vectors. The developed autoencoder model is a recurrent neural network GRU (Gated Recurrent Unit) based denoising autoencoder suitable for sequence data, a one-dimensional convolutional neural network-based autoencoder to solve the limited short-term memory problem that GRU can have, and an autoencoder combining GRU and one-dimensional convolution was used. The data used in the experiment is time-series-based NGIDS (Next Generation IDS Dataset) data, and as a result of the experiment, an autoencoder that combines GRU and one-dimensional convolution is better than a model using a GRU-based autoencoder or a one-dimensional convolution-based autoencoder. It was efficient in terms of learning time for extracting useful latent patterns from training data, and showed stable performance with smaller fluctuations in anomaly detection performance.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.33 no.4
• /
• pp.297-304
• /
• 2015

The change detection algorithms, based on remotely sensed satellite imagery, can be applied to various applications, such as the hazard/disaster analysis and the land monitoring. However, unchanged areas sometimes detected as the changed areas due to various errors in relief displacements and noise pixels, included in the original multi-temporal dataset at the application of unsupervised change detection algorithm. In this research, the object-based changed detection for the high-spatial resolution satellite images is applied by using the IR-MAD (Iteratively Reweighted- Multivariate Alteration Detection), which is one of those representative change detection algorithms. In additionally, we tried to increase the accuracy of change detection results with using the additional information, based on the cross-sharpening method. In the experiment, we used the KOMPSAT-2 satellite sensor, and resulted in the object-based IR-MAD algorithm, representing higher changed detection accuracy than that by the pixel-based IR-MAD. Also, the object-based IR-MAD, focused on cross-sharpened images, increased in accuracy of changed detection, compared to the original object-based IR-MAD. Through these experiments, we could conclude that the land monitoring and the change detection with the high-spatial-resolution satellite imagery can be accomplished efficiency by using the object-based IR-MAD algorithm.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.157-160
• /
• 2001

지금까지 침입탐지 시스템에 대한 많은 연구와 개발이 수행되었음에도 불구하고 시스템에 불법적인 접속이나 공격방법은 역으로 침입탐지 시스템을 무력화시키거나 침입탐지 시스템의 취약성을 이용하는 등 지능화되고 다양해지고 있는 실정이다. 따라서 단일침입탐지 시스템으로 현재의 고도화되고 지능화된 침입과 공격들을 정확하게 탐지하거나 완벽하게 대응할 수 없다. 본 논문에서는 침입탐지 시스템의 취약점 분석과 더불어 단일 침입탐지 시스템의 단점을 보완하고자 침입탐지 감사자료의 다양화를 통한 다중센서 기반의 침입탐지 시스템에 대하여 제안하고자 한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.471-480
• /
• 2016

Recently, the damage of cyber attack toward infra-system, national defence and security system is gradually increasing. In this situation, military recognizes the importance of cyber warfare, and they establish a cyber system in preparation, regardless of the existence of threaten. Thus, the study of Intrusion Detection System(IDS) that plays an important role in network defence system is required. IDS is divided into misuse and anomaly detection methods. Recent studies attempt to combine those two methods to maximize advantagesand to minimize disadvantages both of misuse and anomaly. The combination is called Hybrid IDS. Previous studies would not be inappropriate for near real-time network environments because they have computational complexity problems. It leads to the need of the study considering the structure of IDS that have high detection rate and low computational cost. In this paper, we proposed a Hybrid IDS which combines C4.5 decision tree(misuse detection method) and Weighted K-means algorithm (anomaly detection method) hierarchically. It can detect malicious network packets effectively with low complexity by applying mutual information and genetic algorithm based efficient feature selection technique. Also we construct upgraded the the hierarchical structure of IDS reusing feature weights in anomaly detection section. It is validated that proposed Hybrid IDS ensures high detection accuracy (98.68%) and performance at experiment section.