• Journal of Intelligence and Information Systems
• /
• v.6 no.2
• /
• pp.15-27
• /
• 2000

The paper proposes a hybrid fire fighting control intelligent system(H-FFIS) using rules and cases to detect fire in Integrated Platform Management System. By far most conventional systems have been based on rule-based system in which expert knowledges are expressed with production rules. It is hard to express the knowledges to detect fire with production rules only. The knowledges of fire detection are often based on previously encountered situations of fires. For improvement of system capability renewing and adding of rules is needed in an already build-up system and such adding and renewing procedures could hinder users from fluent utilization of the system. We design and implement H-FFIS. Compared with rule-based FFIS(Fire Fighting control Intelligent System), H-FFIS extended with case-based reasoning shows that the system proposed here can lead to an improvement in fire detection rate.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.763-765
• /
• 2001

전통적인 네트워크기반 침입탐지시스템은 네트워크에 흐르는 모든 패킷을 수집하여 이를 가공, 분석, 보고하는 과정을 거친다. 하자만, 네트워크에서 과도한 트래픽의 발생이나 침입탐지시스템에 대한 의도적인 Dos(Denical of Service) 공격은 침입탐지시스템이 침입으로 간주될 수 있는 패킷을 처리하지 못하도록 함으로써 불법적인 접근을 얻어낼 수 있는 방법이 된다. 본 논문에서는 자체 개발한 내장형 리눅스 기반의 라우터에서 패킷의 필터링 작업을 수행함으로써 일차적으로 내부 네트워크와 네트워크 센서로의 트래픽을 줄이고, 이차적으로 정책기반 라우팅을 이용하여 네트워크 센서에게 직접 라우팅 하도록 함으로써 네트워크센서가 모든 트래픽을 수집하지 않고, 침입을 방지하고자 하는 정책에 기반하여 보내지는 패킷만을 수집, 분석 토록 함으로써 네트워크 센서에 집중되는 부하를 최소화하는 시스템의 구성을 제안한다.

• The Journal of the Korea Contents Association
• /
• v.9 no.4
• /
• pp.131-141
• /
• 2009

An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. This paper proposes an intrusion detection system based outflow traffic analysis. Many research efforts and commercial products have focused on preventing intrusion by filtering known exploits or unknown ones exploiting known vulnerabilities. Complementary to these solutions, the proposed IDS can detect intrusion of unknown new mal ware before their signatures are widely distributed. The proposed IDS is consists of a outflow detector, user monitor, process monitor and network monitor. To infer user intent, the proposed IDS correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. As a complement to existing prevention system, proposed IDS decreases the danger of information leak and protects computers and networks from more severe damage.

• Smart Media Journal
• /
• v.13 no.7
• /
• pp.9-17
• /
• 2024

Due to the increase in energy consumption, and eco-friendly policies, there is a need for efficient energy consumption in buildings. Anomaly power detection based on deep learning are being used. Because of the difficulty in collecting anomaly data, anomaly detection is performed using reconstruction error with a Recurrent Neural Network(RNN) based autoencoder. However, there are some limitations such as the long time required to fully learn temporal features and its sensitivity to noise in the train data. To overcome these limitations, this paper proposes the TCN-USAD, combined with Temporal Convolution Network(TCN) and UnSupervised Anomaly Detection for multivariate data(USAD). The proposed model using TCN-based autoencoder and the USAD structure, which uses two decoders and adversarial training, to quickly learn temporal features and enable robust anomaly detection. To validate the performance of TCN-USAD, comparative experiments were performed using two building energy datasets. The results showed that the TCN-based autoencoder can perform faster and better reconstruction than RNN-based autoencoder. Furthermore, TCN-USAD achieved 20% improved F1-Score over other anomaly detection models, demonstrating excellent anomaly detection performance.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.397-404
• /
• 2003

Intrusion detection techniques based on program behavior can detect potential intrusions against systems by analyzing system calls made by demon programs or root-privileged programs and building program profiles. But there is a drawback : large profiles must be built for each program. In this paper, we apply $X^2$ distance-based multivariate analysis to profiling program behavior and detecting abnormal behavior in order to reduce profiles. Experiment results show that profiles are relatively small and the detection rate is significant.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.47-48
• /
• 2024

Heating, Ventilating, and Air Conditioning(HVAC) 시스템은 난방(Heating), 환기(Ventilating), 공기조화(Air Conditioning)를 제공하는 공조시스템으로, 실내 환경의 온도, 습도 조절 및 지속적인 순환 및 여과를 통해 실내 공기 질을 개선한다. 이러한 HVAC 시스템에 이상이 생기는 경우 공기 여과율이 낮아지며, COVID-19와 같은 법정 감염병 예방에 취약해진다. 또한 장비의 과부하를 유발하여, 시스템의 효율성 저하 및 에너지 낭비를 불러올 수 있다. 따라서 본 논문에서는 HVAC 시스템의 이상 탐지 및 조기 조치를 위한 Transformer 기반 이상 탐지 기법의 적용을 제안한다. Transformer는 기존 시계열 데이터 처리를 위한 기법인 Recurrent Neural Network(RNN)기반 모델의 구조적 한계점을 극복함에 따라 Long Term Dependency 문제를 해결하고, 병렬처리를 통해 효율적인 Feature 추출이 가능하다. Transformer 모델이 HVAC 시스템의 이상 탐지에서 RNN 기반의 비교군 모델보다 약 1.31%의 향상을 보이며, Transformer 모델을 통한 HVAC의 이상 탐지에 효율적임을 확인하였다.

• Information and Communications Magazine
• /
• v.16 no.11
• /
• pp.46-63
• /
• 1999

컴퓨터망의 확대 및 컴퓨터 이용의 급격한 증가에 따른 부작용으로 컴퓨터 보안 문제가 중요하게 대두되고 있다. 이에 따라 침입자들로부터 침입을 줄이기 위한 침입탐지시스템에 대한 요구가 증가되고 있다. 이에 본 논문에서는 침입탐지시스템의 기술적 구성요소 및 일반적인 요구사항과 침입탐지시스템의 분류방법, 그리고 대표적인 침입탐지기술에 대하여 살펴보고, 현재 국외에서 개발된 침입탐지시스템들을 데이터소스와 침입모델을 기반으로 분석하며, 국외 침입탐지시스템 현황과 국내 정보보호 산업에서 침입탐지시스템의 위상을 살펴본 후, 침입탐지시스템에 대한 연구 필요성에 대해 논한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.71-79
• /
• 2009

Currently much research is being done on host based intrusion detection using system calls which is a portion of kernel based data. Sequence based and frequency based preprocessing methods are mostly used in research for intrusion detection using system calls. Due to the large amount of data and system call types, it requires a significant amount of preprocessing time. Therefore, it is difficult to implement real-time intrusion detection systems. Despite this disadvantage, the frequency based method which requires a relatively small amount of preprocessing time is usually used. This paper proposes an effective method for detecting denial of service attacks using the frequency based method. Principal Component Analysis(PCA) will be used to select the principle system calls and a bayesian network will be composed and the bayesian classifier will be used for the classification.

• Journal of KIISE:Software and Applications
• /
• v.37 no.7
• /
• pp.568-572
• /
• 2010

Self-healing is one of the techniques that assure dependability of mission-critical system. Self-healing consists of fault detection and fault recovery and fault detection is important first step that enables fault recovery but it causes overhead. We can detect fault based on model, the detection tasks that notify system's behavior and compare normal behavior model and system's behavior are heavy jobs. In this paper, we propose architecture-based multi-level self-adaptive monitoring method that complements model-based fault detection. The priority of fault detection per component is different in the software architecture. Because the seriousness and the frequency of fault per component are different. If the monitor is adapted to intensive to the component that has high priority of monitoring and loose to the component that has low priority of monitoring, the overhead can be decreased and the efficiency can be maintained. Because the environmental changes of software and the architectural changes bring the changes at the priority of fault detection, the monitor learns the changes of fault frequency and that is adapted to intensive to the component that has high priority of fault detection.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.119-132
• /
• 2006

The network based security techniques well-known until now have week points to be passive in attacks and susceptible to roundabout attacks so that the misuse detection based intrusion prevention system which enables positive correspondence to the attacks of inline mode are used widely. But because the Misuse detection based Intrusion prevention system is proportional to the detection rules, it causes excessive false alarm and is linked to wrong correspondence which prevents the regular network flow and is insufficient to detect transformed attacks, This study suggests an Intrusion prevention system which uses Support Vector machines(hereinafter referred to as SVM) as one of rule based Intrusion prevention system and Anomaly System in order to supplement these problems, When this compared with existing intrusion prevention system, show performance result that improve about 20% and could through intrusion prevention system that propose false positive minimize and know that can detect effectively about new variant attack.