• Journal of the Institute of Electronics Engineers of Korea SC
• /
• v.47 no.6
• /
• pp.27-32
• /
• 2010

77GHz FMCW(Frequency Modulation Continuous Wave) radar system has been used for automotive active safety systems. In typical automotive radar, the moving target detection and clutter cancellation including stationary targets are very important signal processing algorithms. This paper proposed the moving target detection algorithm which improve the detection probability and reduce the false alarm rate. First, the proposed moving target beat-frequency extraction filter is used in order to suppress clutter, and then the data association is applied by using the extracted moving target beat-frequency. Then, the zero-Doppler target is eliminated to remove the rest of clutter.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.12
• /
• pp.2555-2562
• /
• 2009

The algorithm that is proposed in this paper defined a probability function to count connection process and connection-end process to apply TRW algorithm to voice network. Set threshold to evaluate the algorithm that is proposed, Based on the type of connection attack traffic changing the probability to measure the effectiveness of the algorithm, and Attack packets based on the speed of attack detection time was measured. At the result of evaluation, proposed algorithm shows that DDoS attack starts at 10 packets per a second and it detects the attack after 1.2 seconds from the start. Moreover, it shows that the algorithm detects the attack in 0.5 second if the packets were 20 per a second.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.127-134
• /
• 2011

Malicious botnet has been used for more malicious activities, such as DDoS attacks, sending spam messages, steal personal information, etc. To prevent this, many studies have been preceded. But malicious botnets have evolved and evaded detection systems. In particular, HTTP GET Request attack that exploits the vulnerability of the application layer is used. ALAB of ALADDIN proposed by ETRI is DDoS attack detection system that HTTP GET, Incomplete GET request flooding attack detection algorithm is applied. In this paper, we extend Incomplete GET detection algorithm of ALAB and derive the optimal configuration parameters to verify the validity of the algorithm ALAB by the study of the normal and attack packets.

• Journal of Intelligence and Information Systems
• /
• v.29 no.3
• /
• pp.229-247
• /
• 2023

With the increasing emphasis on anomaly detection across various fields, diverse anomaly detection algorithms have been developed for various data types and anomaly patterns. However, the performance of anomaly detection algorithms is generally evaluated on publicly available datasets, and the specific performance of each algorithm on anomalies of particular types remains unexplored. Consequently, selecting an appropriate anomaly detection algorithm for specific analytical contexts poses challenges. Therefore, in this paper, we aim to investigate the types of anomalies and various attributes of data. Subsequently, we intend to propose approaches that can assist in the selection of appropriate anomaly detection algorithms based on this understanding. Specifically, this study compares the performance of anomaly detection algorithms for four types of anomalies: local, global, contextual, and clustered anomalies. Through further analysis, the impact of label availability, data quantity, and dimensionality on algorithm performance is examined. Experimental results demonstrate that the most effective algorithm varies depending on the type of anomaly, and certain algorithms exhibit stable performance even in the absence of anomaly-specific information. Furthermore, in some types of anomalies, the performance of unsupervised anomaly detection algorithms was observed to be lower than that of supervised and semi-supervised learning algorithms. Lastly, we found that the performance of most algorithms is more strongly influenced by the type of anomalies when the data quantity is relatively scarce or abundant. Additionally, in cases of higher dimensionality, it was noted that excellent performance was exhibited in detecting local and global anomalies, while lower performance was observed for clustered anomaly types.

• The KIPS Transactions:PartB
• /
• v.16B no.4
• /
• pp.289-298
• /
• 2009

Active Contour Model, that is, Snake algorithm is effective for detection and tracking the objects. However, this algorithm has some drawbacks; numerous parameters must be designed(weighting factors, iteration steps, etc.), a reasonable initialization must be available and moreover suffers from numerical instability. Therefore we propose a novel Energy Corrected Snake(ECS) algorithm which improved on external energy of Snake algorithm for detection and tracking the moving object more effectively. The proposed algorithm uses the difference image, getting when the object is moving. It copies four direction images from the difference image and performs the accumulating compute to erasing image noise, so that it gets external energy steadily. Then external energy united with contour that is computed by internal energy. Consequently we can detect and track the moving object more speedily and easily. To show the effectiveness of the proposed algorithm, we experiment on 3 situations. The experimental results showed that the proposed algorithm outperformed by 6$\sim$9% of detection rate and 6$\sim$11% of tracker detection rate compared with the Snake algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.111-121
• /
• 2006

As Internet lastly grows, network attack techniques are transformed and new attack types are appearing. The existing network-based intrusion detection systems detect well known attack, but the false-positive or false-negative against unknown attack is appearing high. In addition, The existing network-based intrusion detection systems is difficult to real time detection against a large network pack data in the network and to response and recognition against new attack type. Therefore, it requires method to heighten the detection rate about a various large dataset and to reduce the false-positive. In this paper, we propose method to reduce the false-positive using multi-level detection algorithm, that is combine the multidimensional Apriori algorithm and the modified Negative Selection algorithm. And we apply this algorithm in intrusion detection and, to be sure, it has a good performance.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.144-146
• /
• 2002

현재 침입탐지 시스템은 인터넷의 확장과 더불어 네트워크 보안을 보장하기 위한 광범위한 수단으로 이용되고 있다. 이러한 탐지 시스템중 신경망의 적용은 분산된 네트워크와 다양한 공격환경하의 오용탐지와 비정상행위 탐지에 좋은 응용이 되고 있다. 본 연구에서는 RBF-신경망을 이용한 침입탐지 시스템이 가지고 있는 단점 중 하나인 학습데이터의 공격과 정상의 비율에 따라 탐지 율의 차이가 큰 것에 착안, 보다 자동화되고 안정된 학습을 위한 데이터 결정 알고리즘을 제안한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.706-708
• /
• 2003

침입탐지 시스템 중 하나인 오용탐지 시스템은 축적된 침입패턴 정보를 이용하기 때문에 새로운 침입에 대하여 새로운 정의가 필요하다. 이러한 문제점을 극복하여 새로운 침입에 대하여 일일이 정의하지 않고 자동으로 새로운 규칙을 생성하도록 하는 것이 좀 더 바람직하다. 본 논문에서는 새로운 규칙을 찾기 위한 방법으로 생물의 진화과정을 모델링한 유전자 알고리즘(GA)을 이용하였다. GA는 계산에 의존한 방법에 비하여 전역적인 해를 구할 때 더 효율적이다. GA를 이용하여 규칙을 자동 생성하고 침입을 탐지할 수 있는 규칙을 찾아가는 방식을 제안하였다. 실험 결과에서는 GA를 이용하여 자동 생성된 규칙으로 40~60%의 탐지율로 침입을 탐지할 수 있다는 것을 확인하였다.

• Review of KIISC
• /
• v.29 no.1
• /
• pp.34-37
• /
• 2019

지난 5년동안 전통적인 차량에 적용된 CAN 버스 상에서의 침입탐지시스템에 대한 연구가 활발히 진행되고 있다. 초기에 rule-base 로 탐지하거나, 단순한 경량 알고리즘을 통해 침입탐지를 하는 알고리즘이 주를 이루었다면, 최근에는 machine learning을 적용한 탐지 알고리즘들 역시 많이 개발되고 있다. CAN 용 침입탐지시스템이 그간 학계에서 주로 연구가 이루어 졌었다면 2019년 이후에는 상용차량들에 침입탐지시스템을 실제 탑재하여 출시될 예정에 있기 때문에, 이제는 산업계 주도적인 개발과 적용이 이루어질 것으로 보여진다. 다만, CAN 버스의 설계 구조상 공격 노드를 특정하기 어렵다는 한계와 전송량 대역폭의 제한으로 인해 기술적인 한계가 있어 왔기 때문에, 최근에는 IP 체계가 적용되고 automotive ethernet 기반으로 차량 네트워크가 빠르게 적용될 예정에 있다. 이에, 본 기고문에서는 automotive ethernet 의 보안기술에 대해 살펴보고, automotive ethernet 상에서 침입탐지시스템을 개발하기 위해 필요한 사항들은 어떤 것들이 있을지 살펴보고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.621-623
• /
• 2023

전자금융거래 시장이 활발해지며 이에 따라 신용 카드 이상 거래가 증가하고 있다. 따라서 많은 금융 기관은 신용 카드 이상 거래 탐지 시스템을 사용하여 신용 카드 이상 거래를 탐지하고 개인 피해를 줄이는 등 소비자를 보호하기 위해 큰 노력을 하고 있으며, 이에 따라 높은 정확도로 신용 카드 이상 거래를 탐지할 수 있는 실시간 자동화 시스템에 대한 개발이 요구되었다. 이에 본 논문에서는 머신러닝 기법 중 부스팅 알고리즘을 사용하여 더욱 정확한 신용 카드 이상 거래 탐지 시스템을 제안하고자 한다. XGBoost, LightGBM, CatBoost 부스팅 알고리즘을 사용하여 보다 정확한 신용 카드 이상 거래 탐지 시스템을 개발하였으며, 실험 결과 평균적으로 정밀도 99.95%, 재현율 99.99%, F1-스코어 99.97%를 취득하여 높은 신용 카드 이상 거래 탐지 성능을 보여주는 것을 확인하였다.