• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.49-57
• /
• 2017

IoT can be connected through a single network not only objects which can be connected to existing internet but also objects which has communication capability. This IoT environment will be a huge change to the existing communication paradigm. However, the big security problem must be solved in order to develop further IoT. Security mechanisms reflecting these characteristics should be applied because devices participating in the IoT have low processing ability and low power. In addition, devices which perform abnormal behaviors between objects should be also detected. Therefore, in this paper, we proposed D-IDS technique for efficient detection of malicious attack nodes between devices participating in the IoT. The proposed technique performs the central detection and distribution detection to improve the performance of attack detection. The central detection monitors the entire network traffic at the boundary router using SVM technique and detects abnormal behavior. And the distribution detection combines RSSI value and reliability of node and detects Sybil attack node. The performance of attack detection against malicious nodes is improved through the attack detection process. The superiority of the proposed technique can be verified by experiments.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.5
• /
• pp.978-985
• /
• 2003

The implementation of abnormal behavior detection IDS is more difficult than the implementation of misuse behavior detection IDS because usage patterns are various. Therefore, most of commercial IDS is misuse behavior detection IDS. However, misuse behavior detection IDS cannot detect system intrusion in case of modified intrusion patterns occurs. In this paper, we apply data mining so as to detect intrusion with only audit data related in intrusion among many audit data. The agent in the distributed IDS can collect log data as well as monitoring target system. False positive should be minimized in order to make detection accuracy high, that is, core of intrusion detection system. So We apply data mining algorithm for prediction of modified intrusion pattern in the level of audit data learning.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.12C
• /
• pp.744-752
• /
• 2011

In intelligent surveillance system, various methods for detecting abnormal behavior were proposed recently. However, most researches are not robust enough to be utilized for actual reality which often has occlusions because of assumption the researches have that individual objects can be tracked. This paper presents a novel method to detect abnormal behavior by analysing major motion of the scene for complex environment in which object tracking cannot work. First, we generate Visual Word and Visual Document from motion information extracted from input video and process them through LDA(Latent Dirichlet Allocation) algorithm which is one of document analysis technique to obtain major motion information(location, magnitude, direction, distribution) of the scene. Using acquired information, we compare similarity between motion appeared in input video and analysed major motion in order to detect motions which does not match to major motions as abnormal behavior.

• Journal of Korea Multimedia Society
• /
• v.20 no.2
• /
• pp.216-224
• /
• 2017

Abnormal situation caused by aggressive behavior of pigs adversely affects the growth of pigs, and comes with an economic loss in intensive pigsties. Therefore, IT-based video surveillance system is needed to monitor the abnormal situations in pigsty continuously in order to minimize the economic demage. Recently, some advances have been made in pig monitoring; however, detecting each pig is still challenging problem. In this paper, we propose a new color image-based monitoring system for the detection of the individual pig using a fast region-based convolution neural network with consideration of detecting touching pigs in a crowed pigsty. The experimental results with the color images obtained from a pig farm located in Sejong city illustrate the efficiency of the proposed method.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.17-22
• /
• 2021

The attack trend on end-users via mobile devices is increasing in both the danger level and the number of attacks. Especially, mobile devices using the Android operating system are being recognized as increasingly being exploited and attacked strongly. In addition, one of the recent attack methods on the Android operating system is to take advantage of Android Package Kit (APK) files. Therefore, the problem of early detecting and warning attacks on mobile devices using the Android operating system through the APK file is very necessary today. This paper proposes to use the method of analyzing abnormal behavior of APK files and use it as a basis to conclude about signs of malware attacking the Android operating system. In order to achieve this purpose, we propose 2 main tasks: i) analyzing and extracting abnormal behavior of APK files; ii) detecting malware in APK files based on behavior analysis techniques using machine learning or deep learning algorithms. The difference between our research and other related studies is that instead of focusing on analyzing and extracting typical features of APK files, we will try to analyze and enumerate all the features of the APK file as the basis for classifying malicious APK files and clean APK files.

• Journal of Information Processing Systems
• /
• v.15 no.3
• /
• pp.520-537
• /
• 2019

This paper proposes a system that can detect the data leakage pattern using a convolutional neural network based on defining the behaviors of leaking data. In this case, the leakage detection scenario of data leakage is composed of the patterns of occurrence of security logs by administration and related patterns between the security logs that are analyzed by association relationship analysis. This proposed system then detects whether the data is leaked through the convolutional neural network using an insider malicious behavior graph. Since each graph is drawn according to the leakage detection scenario of a data leakage, the system can identify the criminal insider along with the source of malicious behavior according to the results of the convolutional neural network. The results of the performance experiment using a virtual scenario show that even if a new malicious pattern that has not been previously defined is inputted into the data leakage detection system, it is possible to determine whether the data has been leaked. In addition, as compared with other data leakage detection systems, it can be seen that the proposed system is able to detect data leakage more flexibly.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.397-404
• /
• 2003

Intrusion detection techniques based on program behavior can detect potential intrusions against systems by analyzing system calls made by demon programs or root-privileged programs and building program profiles. But there is a drawback : large profiles must be built for each program. In this paper, we apply $X^2$ distance-based multivariate analysis to profiling program behavior and detecting abnormal behavior in order to reduce profiles. Experiment results show that profiles are relatively small and the detection rate is significant.

• Journal of the Korea institute for structural maintenance and inspection
• /
• v.18 no.6
• /
• pp.60-71
• /
• 2014

Cable-stayed bridge, which is one of the representative long-spanned bridge, needs prompt maintenances when a stay cable is damaged because it may cause structural failure of the entire bridge. Many researches are being conducted to develop abnormal behavior detection algorithms for the purpose of shortening the reaction time after the occurrence of structural damage. To improve the accuracy of the damage detection algorithm, ample observation data from various kinds of damage responses is needed. However, it is difficult to measure an abnormal response by damaging an existing bridge, numerical simulation can be an effective alternative. In most previous studies, which simulate the damage responses of a cable-stayed bridge, the damages has been considered as a load variation without regard to its stiffness variation. The analyses of using these simplification could not calculate exact responses of damaged structure, though it may reserve a sufficient accuracy for the purpose of bridge design. This study suggests Gradual Bilinear Method (GBM) which simulate the damage responses of cable-stayed bridge considering the stiffness and mass variation, and develops an analysis program. The developed program is verified from the responses of a simple model. The responses of a existing cable-stayed bridge model are analyzed with respect to the fracture delay time and damage ratio. The results of this study can be used to develop and verify the highly accurate abnormal behavior detection algorithm for safety management of architecture/large structures.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.4
• /
• pp.11-19
• /
• 2021

An abnormal object refers to a person, an object, or a mechanical device that performs abnormal and unusual behavior and needs observation or supervision. In order to detect this through artificial intelligence algorithm without continuous human intervention, a method of observing the specificity of temporal features using optical flow technique is widely used. In this study, an abnormal situation is identified by learning an algorithm that translates an input image frame to an optical flow image using a Generative Adversarial Network (GAN). In particular, we propose a technique that improves the pre-processing process to exclude unnecessary outliers and the post-processing process to increase the accuracy of identification in the test dataset after learning to improve the performance of the model's abnormal behavior identification. UCSD Pedestrian and UMN Unusual Crowd Activity were used as training datasets to detect abnormal behavior. For the proposed method, the frame-level AUC 0.9450 and EER 0.1317 were shown in the UCSD Ped2 dataset, which shows performance improvement compared to the models in the previous studies.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.15 no.3
• /
• pp.119-127
• /
• 2020

The detection and recognition of abnormal driving becomes crucial for achieving safety in Intelligent Transportation Systems (ITS). This paper presents a feature extraction method based on spectral data to train a neural network model for driving behavior recognition. The proposed method uses a two stage signal processing approach to derive time-saving and efficient feature vectors. For the first stage, the feature vector set is obtained by calculating variances from each frequency bin containing the power spectrum data. The feature set is further reduced in the second stage where an intersection method is used to select more significant features that are finally applied for training a neural network model. A stream of live signals are fed to the trained model which recognizes the abnormal driving behaviors. The driving behaviors considered in this study are weaving, sudden braking and normal driving. The effectiveness of the proposed method is demonstrated by comparing with existing methods, which are Particle Swarm Optimization (PSO) and Convolution Neural Network (CNN). The experiments show that the proposed approach achieves satisfactory results with less computational complexity.