• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.9
• /
• pp.440-446
• /
• 2016

Military secrets or confidential data of any organization are extremely important assets. They must be discluded from outside. To do this, methods for detecting anomalous attacks and intrusions inside the network have been proposed. However, most anomaly-detection methods only cover aspects of intrusion from outside and do not deal with internal leakage of data, inflicting greater damage than intrusions and attacks from outside. In addition, applying conventional anomaly-detection methods to data exfiltration creates many problems, because the methods do not consider a number of variables or the internal network environment. In this paper, we describe issues considered in data exfiltration detection for anomaly detection (DEDfAD) to improve the accuracy of the methods, classify the methods as profile-based detection or machine learning-based detection, and analyze their advantages and disadvantages. We also suggest future research challenges through comparative analysis of the issues with classification of the detection methods.

• ETRI Journal
• /
• v.44 no.2
• /
• pp.183-193
• /
• 2022

Smart cities are expected to provide residents with convenience via various agents such as CCTV, delivery robots, security robots, and unmanned shuttles. Environmental data collected by various agents can be used for various purposes, including advertising and security monitoring. This study suggests a surveillance map data framework for efficient and integrated multimodal data representation from multi-agents. The suggested surveillance map is a multilayered global information grid, which is integrated from the multimodal data of each agent. To confirm this, we collected surveillance map data for 4 months, and the behavior patterns of humans and vehicles, distribution changes of elevation, and temperature were analyzed. Moreover, we represent an anomaly detection algorithm based on a surveillance map for security service. A two-stage anomaly detection algorithm for unusual situations was developed. With this, abnormal situations such as unusual crowds and pedestrians, vehicle movement, unusual objects, and temperature change were detected. Because the surveillance map enables efficient and integrated processing of large multimodal data from a multi-agent, the suggested data framework can be used for various applications in the smart city.

• The Journal of Asian Finance, Economics and Business
• /
• v.6 no.4
• /
• pp.19-26
• /
• 2019

The study investigates the impact of accrual anomaly on stock return ratio of listed firms in Vietnam. Data were collected from listed firms for the period from 2008 to 2018. To learn about the causes of accrual anomaly in returns and future rate of returns on the Vietnamese stock market, this research is based on accrual analysis of Richardson, Sloan, Soliman, and Tuna (2006) on growth and effective components. We employ GLS regression model for examining the impact of accrual anomaly on stock return ratio and T-test for checking the difference between the lowest and the highest portfolio. The results show that accounting distortion is the main factor impacting the stock return, not growth determinant. Both two determinants of accounting distortion and growth contribute the explanation of the impact of accrual anomaly on profit and future stock return ratio. Experimental evidence confirms an abnormal existence of accrual in the Vietnam stock market. Aggregate accrual is negatively correlated with future operating profit and future stock return. However, after considering the factors contributing to the impact of future profitability and return on stock returns, the study results show that accounting distortion can account for low sustainability of income that is not growth.

• Asia-Pacific Journal of Business
• /
• v.11 no.3
• /
• pp.137-151
• /
• 2020

Purpose - The purpose of this study is to investigate whether financial analysts' cash flow forecasts mitigate the accrual anomaly. In addition, we examine whether the more accurate analysts' cash flow forecasts are the greater the decline of the accrual anomaly. Design/methodology/approach - Data used in the empirical tests are extracted through KIS-VALUE and FN-GUIDE, and the sample consists of firms listed on Korea Stock Exchange for 7 years from 2005 to 2011. We test the hypotheses using multiple regression analysis and we also estimate the regressions with the decile ranks of the explanatory variables to minimize the influence of outliers. Findings - We have failed to capture evidence that the provision of financial analysts' cash flow forecasts itself reduces the accrual anomaly. However, we find the accrual anomaly to be less severe when financial analysts provide more accurate cash flow forecasts. The findings are consistent in the regression models with the decile ranks as well as in the robustness tests that controlled the accruals quality. Research implications or Originality - This study contributes to the expansion of related studies in the Korea by providing empirical evidence partially that the financial analysts' cash flow forecasts mitigate the accrual anomaly.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.89-101
• /
• 2023

In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched. Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates. To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.79-85
• /
• 2022

Anomaly detection is a method to detect and block abnormal data flows in general users' data sets. The previously known method is a method of detecting and defending an attack based on a signature using the signature of an already known attack. This has the advantage of a low false positive rate, but the problem is that it is very vulnerable to a zero-day vulnerability attack or a modified attack. However, in the case of anomaly detection, there is a disadvantage that the false positive rate is high, but it has the advantage of being able to identify, detect, and block zero-day vulnerability attacks or modified attacks, so related studies are being actively conducted. In this study, we want to deal with these anomaly detection mechanisms, and we propose a new mechanism that performs both anomaly detection and classification while supplementing the high false positive rate mentioned above. In this study, the experiment was conducted with five configurations considering the characteristics of various algorithms. As a result, the model showing the best accuracy was proposed as the result of this study. After detecting an attack by applying the Extra Tree and Three-layer ANN at the same time, the attack type is classified using the Extra Tree for the classified attack data. In this study, verification was performed on the NSL-KDD data set, and the accuracy was 99.8%, 99.1%, 98.9%, 98.7%, and 97.9% for Normal, Dos, Probe, U2R, and R2L, respectively. This configuration showed superior performance compared to other models.

• Economic and Environmental Geology
• /
• v.38 no.3 s.172
• /
• pp.299-304
• /
• 2005

Geoid undulation and gravity anomaly were calculated from GRACE satellite data on the eastern Asia including Korean peninsula. Geoid undulation varies from -60m in the China to 60m toward the Pacific Ocean across the Korean Peninsula. Calculated gravity anomalies are in the range of -60 and 60 mgal except the subduction zone showing -100 mgal. High positive values are observed at Mt. Baekdu, Kaema highland and Taebaek mountains, and low values at Ulleung, Japan and Yamato basins in the East sea. We removed regional components below the spherical harmonic degree of 10 from gravity anomaly to get the residual anomaly for crust components. Residual gravity anomaly shows high anomalies at the northern mountainous area and Kyungsang basin in the Korean Peninsula. And low anomalies appears at the western Korea bay basin, Kunsan basin, Cheju basin, and Ulleung basin in the marine. Anomalies separated by the spherical harmonic degree as well as the residual anomalies are useful for the study of large crustal structure about geologic scale and depth distribution and for the survey of natural resources.

• 한국지구물리탐사학회:학술대회논문집
• /
• 2005.05a
• /
• pp.255-260
• /
• 2005

A Gravity characteristic of Svalbard archipelago in Arctic was studied by using ArcGP data. There are situated the Dasan science station. After bouguer correction, an edge effect of free-air anomaly, which is similar to topography, are not shown at passive continent margin, and after terrain correction with GTOPO30 data, gravity anomaly increases from continent to marine. that is deep connected with rise of Moho discontinuity. The correlation of topography and free-air anomaly shows that the isostasy of continent attains a little less than marine. After filtering, the residual anomaly are shown high and low anomalies related to fracture zone in continent and base depression or thick sedimentary layer in continental slope, marine.

• Journal of Korean Society for Quality Management
• /
• v.49 no.4
• /
• pp.581-594
• /
• 2021

Purpose: The purpose of this study is to compare machine learning models for anomaly detection of mechanical facility equipment and suggest an anomaly detection system for mechanical facility equipment in subway stations. It helps to predict failures and plan the maintenance of facility. Ultimately it aims to improve the quality of facility equipment. Methods: The data collected from Daejeon Metropolitan Rapid Transit Corporation was used in this experiment. The experiment was performed using Python, Scikit-learn, tensorflow 2.0 for preprocessing and machine learning. Also it was conducted in two failure states of the equipment. We compared and analyzed five unsupervised machine learning models focused on model Long Short-Term Memory Variational Autoencoder(LSTM-VAE). Results: In both experiments, change in vibration and current data was observed when there is a defect. When the rotating body failure was happened, the magnitude of vibration has increased but current has decreased. In situation of axis alignment failure, both of vibration and current have increased. In addition, model LSTM-VAE showed superior accuracy than the other four base-line models. Conclusion: According to the results, model LSTM-VAE showed outstanding performance with more than 97% of accuracy in the experiments. Thus, the quality of mechanical facility equipment will be improved if the proposed anomaly detection system is established with this model used.

• Geophysics and Geophysical Exploration
• /
• v.22 no.2
• /
• pp.80-87
• /
• 2019

In this paper, we propose a method to apply the polynomial fitting for regional-residual separation of microgravity data based on the characteristics of gravity anomaly without a prior information. Since the microgravity survey is usually carried out in small regions, it is common to approximate regional anomaly by the first-order polynomial plane. However, if the regional anomaly patterns are difficult to be approximated to a first-order plane, the complete gravity anomaly is divided into small zones enough to approximate first-order plane by means of Parasnis density estimation method. The regional-residual separation is then applied on the splitted zones individually. When the gravity anomalies can be splitted spatially, we showed that the residual anomalies can be more effectively extracted based on the regional geological structures by regional anomaly separation from each of the divided regions, rather than applying the entire data set at one time.