• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.52-60
• /
• 2024

APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.131-139
• /
• 2021

In current time, anomaly detection is the primary concern of the administrative authorities. Suspicious activity identification is shifting from a human operator to a machine-assisted monitoring in order to assist the human operator and react to an unexpected incident quickly. These automatic surveillance systems face many challenges due to the intrinsic complex characteristics of video sequences and foreground human motion patterns. In this paper, we propose a novel approach to detect anomalous human activity using a hybrid approach of statistical model and Genetic Programming. The feature-set of local motion patterns is generated by a statistical model from the video data in an unsupervised way. This features set is inserted to an enhanced Genetic Programming based classifier to classify normal and abnormal patterns. The experiments are performed using publicly available benchmark datasets under different real-life scenarios. Results show that the proposed methodology is capable to detect and locate the anomalous activity in the real time. The accuracy of the proposed scheme exceeds those of the existing state of the art in term of anomalous activity detection.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.10
• /
• pp.1-9
• /
• 2022

In this paper, we propose the Deep Learning-Based Companion Animal Abnormal Behavior Detection Service, which using video and sensor data. Due to the recent increase in households with companion animals, the pet tech industry with artificial intelligence is growing in the existing food and medical-oriented companion animal market. In this study, companion animal behavior was classified and abnormal behavior was detected based on a deep learning model using various data for health management of companion animals through artificial intelligence. Video data and sensor data of companion animals are collected using CCTV and the manufactured pet wearable device, and used as input data for the model. Image data was processed by combining the YOLO(You Only Look Once) model and DeepLabCut for extracting joint coordinates to detect companion animal objects for behavior classification. Also, in order to process sensor data, GAT(Graph Attention Network), which can identify the correlation and characteristics of each sensor, was used.

• Journal of Korean Institute of Industrial Engineers
• /
• v.40 no.5
• /
• pp.492-500
• /
• 2014

Activity monitoring has been widely recognized as important and critical tools in system monitoring for detection of abnormal behavior. In this research, we propose a data-driven activity monitoring method to measure relative sales performance which is not sensitive to special event which frequently occur in marketing area. Moreover, the proposed method can automatically updates the monitoring threshold that accommodates a drastically changing business environment. The results from simulation and practical case study from sales of electronic devices demonstrate the usefulness and applicability of the proposed activity monitoring method.

• Asian Pacific Journal of Cancer Prevention
• /
• v.17 no.7
• /
• pp.3147-3153
• /
• 2016

Background: Many strategies are required for cervical cancer reduction e.g. provision of education cautious sexual behavior, HPV vaccination, and early detection of pre-invasive cervical lesions and invasive cancer. Basic health data for cervical cytology/ HPV DNA and associated factors are important to make an appropriate policy to fight against cervical cancer. Aims: To assess the prevalence of abnormal cervical cytology and/or HPV DNA and associated factors, including sexual behavior, among Bangkok Metropolitan women. Materials and Methods: Thai women, aged 25-to-65 years old, had lived in Bangkok for ${\geq}5$ years were invited into the study. Liquid-based cervical cytology and HPV DNA tests were performed. Personal data were collected. Main Outcomes Measures: Rates of abnormal cytology and/ or high-risk HPV (HR-HPV) and factors associated with abnormal test (s) were studied. Results: Abnormal cytology and positive HR-HPV were found in 6.3% (279/4442 women) and 6.7% (295/4428), respectively. The most common abnormal cytology was ASC-US (3.5%) while the most common HR-HPV genotype was HPV 16 (1.4%) followed by HPV 52 (1.0%), HPV 58 (0.9%), and HPV 18 and HPV 51 at equal frequency (0.7%). Both tests were abnormal in 1.6% (71/4428 women). Rates of HR-HPV detection were directly associated with severity of abnormal cytology: 5.4% among normal cytology and 13.0%, 30.8%, 40.0%, 39.5%, 56.3% and 100.0% among ASC-US, ASC-H, AGC-NOS, LSIL, HSIL, and SCC, respectively. Some 5% of women who had no HR-HPV had abnormal cytology, in which 0.3% had ${\geq}$ HSIL. Factors associated with abnormal cytology or HR-HPV were: age ${\leq}40$ years, education lower than (for cytology) or higher than bachelor for HR-HPV), history of sexual intercourse, and sexual partners ${\geq}2$. Conclusions: Rates for abnormal cytology and HR-HPV detection were 6.3% and 6.7% HR-HPV detection was directly associated with severity of abnormal cytology. Significant associated factors were age ${\leq}40$ years, lower education, history of sexual intercourse, and sexual partners ${\geq}2$.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.634-636
• /
• 2023

Surveillance systems play a pivotal role in ensuring the safety and security of various environments, including public spaces, critical infrastructure, and private properties. However, detecting abnormal human behavior in lowlight conditions is a critical yet challenging task due to the inherent limitations of visual data acquisition in such scenarios. This paper introduces a spatiotemporal framework designed to address the unique challenges posed by low-light environments, enhancing the accuracy and efficiency of human abnormality detection in surveillance camera systems. We proposed the pre-processing using lightweight exposure correction, patched frames pose estimation, and optical flow to extract the human behavior flow through t-seconds of frames. After that, we train the estimated-action-flow into autoencoder for abnormal behavior classification to get normal loss as metrics decision for normal/abnormal behavior.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1027-1041
• /
• 2015

Recently, there are rapidly increasing cases of APT (Advanced Persistent Threat) attacks such as Verizon(2010), Nonghyup(2011), SK Communications(2011), and 3.20 Cyber Terror(2013), which cause leak of confidential information and tremendous damage to valuable assets without being noticed. Several anomaly detection technologies were studied to defend the APT attacks, mostly focusing on detection of obvious anomalies based on known malicious codes' signature. However, they are limited in detecting APT attacks and suffering from high false-negative detection accuracy because APT attacks consistently use zero-day vulnerabilities and have long latent period. Detecting APT attacks requires long-term analysis of data from a diverse set of sources collected over the long time, real-time analysis of the ingested data, and correlation analysis of individual attacks. However, traditional security systems lack sophisticated analytic capabilities, compute power, and agility. In this paper, we propose a Fast Data based real-time abnormal behavior detection system to overcome the traditional systems' real-time processing and analysis limitation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1027-1037
• /
• 2019

Conventional cyber-attack detection solutions are generally based on signature-based or malicious behavior analysis so that have had difficulty in detecting unknown method-based attacks. Since the various information occurring all the time reflects the state of the system, by modeling it in a steady state and detecting an abnormal state, an unknown attack can be detected. Since a variety of system information occurs in a string form, word embedding, ie, techniques for converting strings into vectors preserving their order and semantics, can be used for modeling and detection. Novelty Detection, which is a technique for detecting a small number of abnormal data in a plurality of normal data, can be performed in order to detect an abnormal condition. This paper proposes a method to detect system anomaly by cyber attack using embedding and novelty detection.

• Journal of Korea Multimedia Society
• /
• v.23 no.12
• /
• pp.1519-1530
• /
• 2020

As livestock farms grow in size, the number of breeding individuals increases, making it difficult to manage livestock. Livestock farms require an integrated management system such as a monitoring system, an access control system, and an abnormal behavior detection system to manage livestock houses. In this paper, a smart korean cattle livestock management system using IoT and AI technology was proposed for livestock management in livestock farms. The smart korean cattle farm management system consists of a monitoring and control system, a vehicle access management system, and an abnormal cattle behavior detection system. It is expected that this will help manage large-scale livestock houses, and additional research is needed to improve the performance of abnormal behavior detection in the future.

• Journal of Korea Multimedia Society
• /
• v.10 no.12
• /
• pp.1726-1732
• /
• 2007

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. Anomaly detection is a pattern recognition task whose goal is to report the occurrence of abnormal or unknown behavior in a given system being monitored. This paper presents an efficient rough set based anomaly detection method that can effectively identify a group of especially harmful internal attackers - masqueraders in cellular mobile networks. Our scheme uses the trace data of wireless application layer by a user as feature value. Based on this, the used pattern of a mobile's user can be captured by rough sets, and the abnormal behavior of the mobile can be also detected effectively by applying a roughness membership function with the age of the user profile. The performance of the proposed scheme is evaluated by using a simulation. Simulation results demonstrate that the anomalies are well detected by the proposed scheme that considers the age of user profiles.