• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.4
• /
• pp.318-324
• /
• 2017

We introduced a stereo camera on the aircraft to detect flight objects and to estimate the 3D position of them. The Saliency map algorithm based on PCT was proposed to detect a small object between clouds, and then we processed a stereo matching algorithm to find out the disparity between the left and right camera. In order to extract accurate disparity, cost aggregation region was used as a variable region to adapt to detection object. In this paper, we use the detection result as the cost aggregation region. In order to extract more precise disparity, sub-pixel interpolation is used to extract float type-disparity at sub-pixel level. We also proposed a method to estimate the spatial position of an object by using camera parameters. It is expected that it can be applied to image - based object detection and collision avoidance system of autonomous aircraft in the future.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.865-874
• /
• 2005

The information stored in the computer system needs to be protected from unauthorized access, malicious destruction or alteration and accidental inconsistency. In this paper, we propose an intrusion detection system based on sensor concept for defecting and preventing malicious attacks We use software sensor objects which consist of sensor file for each important directory and sensor data for each secret file. Every sensor object is a sort of trap against the attack and it's touch tan be considered as an intrusion. The proposed system is a new challenge of setting up traps against most interception threats that try to copy or read illicitly programs or data. We have implemented the proposed system on the Linux operating system using loadable kernel module technique. The proposed system combines host~based detection approach and network-based one to achieve reasonably complete coverage, which makes it possible to detect unknown interception threats.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.5
• /
• pp.99-106
• /
• 2011

In many applications, wireless sensor networks could be thought as data-centric networks, and the sensor nodes are densely distributed over a large sensor field. The sensor nodes are normally vulnerable in terms of security since they are very often deployed in a hostile environment and open space. In this paper, we propose a scheme for contents-based anomaly detection in wireless sensor networks. In this scheme we use the characteristics of sensor networks where several nodes surrounding an event point can simultaneously detect the phenomenon occurring and the contents detected from these sensors are limited to inside a certain range. The proposed scheme consists of several phases; training, testing and refining phases. Anomaly candidates detected by the distance-based anomaly detection scheme in the testing phase are sent to the refining phase. They are then compared in the sink node with previously collected data set to improve detection performance in the refining phase. Our simulation results suggest the effectiveness of the proposed scheme in this paper evidenced by the improvements of the detection rate and the false positive rate.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.3B
• /
• pp.311-317
• /
• 2009

The traditional network anomaly detection systems execute the threshold-based detection without considering dynamic network environments, which causes false positive and limits an effective resource utilization. To overcome the drawbacks, we present the adaptive network anomaly detection model based on artificial immune system (AIS) in centralized network. AIS is inspired from human immune system that has learning, adaptation and memory. In our proposed model, the interaction between dendritic cell and T-cell of human immune system is adopted. We design the main components, such as central node and router node, and define functions of them. The central node analyzes the anomaly information received from the related router nodes, decides response policy and sends the policy to corresponding nodes. The router node consists of detector module and responder module. The detector module perceives the anomaly depending on learning data and the responder module settles the anomaly according to the policy received from central node. Finally we evaluate the possibility of the proposed detection model through simulation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.10
• /
• pp.1311-1319
• /
• 2019

Currently, the web environment is a commonly used area for sharing information and conducting business. It is becoming an attack point for external hacking targeting on personal information leakage or system failure. Conventional signature-based detection is used in cyber threat but signature-based detection has a limitation that it is difficult to detect the pattern when it is changed like polymorphism. In particular, injection attack is known to the most critical security risks based on web vulnerabilities and various variants are possible at any time. In this paper, we propose a novelty detection technique to detect abnormal state that deviates from the normal state on web-server log dataset(WSLD). The proposed method is a machine learning-based technique to detect a minor anomalous data that tends to be different from a large number of normal data after replacing strings in web-server log dataset with vectors using machine learning-based embedding algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.17-28
• /
• 2006

The appearance of variant malicious codes using obfuscation techniques is accelerating the spread of malicious codes around the detection by a vaccine. n a system does not patch detection patterns for vulnerabilities and worms to the vaccine, it can be infected by the worms and malicious codes can be spreaded rapidly to other systems and networks in a few minute. Moreover, It is limited to the conventional pattern based detection and treatment for variants or new malicious codes. In this paper, we propose a method of behavior based detection by the static analysis, the dynamic analysis and the dynamic monitoring to detect a malicious code using obfuscation techniques with the PE compression. Also we show that dynamic monitoring can detect worms with the PE compression which accesses to important resources such as a registry, a cpu, a memory and files with the proposed method for similarity.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.449-455
• /
• 2021

This paper proposes an encryption web transaction attack detection system based on the existing web application monitoring system. Although there was difficulty in detecting attacks on the encrypted web traffic because the existing web traffic security systems detect and defend attacks based on encrypted packets in the network area of the encryption section between the client and server, by utilizing the technology of the web application monitoring system, it is possible to detect various intelligent cyber-attacks based on information that is already decrypted in the memory of the web application server. In addition, since user identification is possible through the application session ID, statistical detection of attacks such as IP tampering attacks, mass web transaction call users, and DDoS attacks are also possible. Thus, it can be considered that it is possible to respond to various intelligent cyber attacks hidden in the encrypted traffic by collecting and detecting information in the non-encrypted section of the encrypted web traffic.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.6
• /
• pp.23-31
• /
• 2022

Due to the recent outbreak of COVID-19 and an aging population and an increase in single-person households, the amount of time that household members spend doing various activities at home has increased significantly. In this study, we propose an algorithm for detecting anomalies in members of single-person households, including the elderly, based on the results of human movement and fall detection using an image sensor algorithm through home CCTV, an activity sensor algorithm using an acceleration sensor built into a smartphone, and a 2D LiDAR sensor-based LiDAR sensor algorithm. However, each single sensor-based algorithm has a disadvantage in that it is difficult to detect anomalies in a specific situation due to the limitations of the sensor. Accordingly, rather than using only a single sensor-based algorithm, we developed a fusion method that combines each algorithm to detect anomalies in various situations. We evaluated the performance of algorithms through the data collected by each sensor, and show that even in situations where only one algorithm cannot be used to detect accurate anomaly event through certain scenarios we can complement each other to efficiently detect accurate anomaly event.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04d
• /
• pp.307-309
• /
• 2003

초고속 인터넷 망이 빠른 속도로 구축이 되고, 네트워크에 대한 해커나 침입자들의 수가 급속히 증가함에 따라, 실시간 고속 패킷 처리가 가능한 네트워크 침입 탐지 시스템이 요구되고 있다. 이러한 실시간 고속 네트워크 침입 탐지 시스템의 핵심 기술로써 수신된 패킷에서 침입 정보를 고속으로 탐지해내는 침입 탐지 엔진 기술은 필수적이다. 본 논문에서는 인텔의 IXP1200 네트워크 프로세서를 기반으로 하는 하드웨어 구조상에서 고성능 네트워크 침입 탐지 시스템을 위한 실시간 고속 탐지 엔진 구조와 프로그래밍 방법을 제안하였다.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.1007-1014
• /
• 2005

A generation of rules or patterns for detecting attacks from network is very difficult. Detection rules and patterns are usually generated by Expert's experiences that consume many man-power, management expense, time and so on. This paper proposes statistical methods that effectively detect intrusion and attacks without expert's experiences. The methods are to select useful measures in measures of network connection(session) and to detect attacks. We extracted the network session data of normal and each attack, and selected useful measures for detecting attacks using relative entropy. And we made probability patterns, and detected attacks using likelihood ratio testing. The detecting method controled detection rate and false positive rate using threshold. We evaluated the performance of the proposed method using KDD CUP 99 Data set. This paper shows the results that are to compare the proposed method and detection rules of decision tree algorithm. So we can know that the proposed methods are useful for detecting Intrusion and attacks.