• Journal of the Korean Society of Industry Convergence
• /
• v.26 no.2_1
• /
• pp.217-223
• /
• 2023

With the rapid advancement of technologies, need for different research fields where this technology can be used is also increasing. One of the most researched topic in computer vision is object detection, which has widely been implemented in various fields which include healthcare, video surveillance and education. The main goal of object detection is to identify and categorize all the objects in a target environment. Specifically, methods of object detection consist of a variety of significant techniq ues, such as image processing and patterns recognition. Anomaly detection is a part of object detection, anomalies can be found various scenarios for example crowded places such as subway stations. An abnormal event can be assumed as a variation from the conventional scene. Since the abnormal event does not occur frequently, the distribution of normal and abnormal events is thoroughly imbalanced. In terms of public safety, abnormal events should be avoided and therefore immediate action need to be taken. When abnormal events occur in certain places, real time detection is required to prevent and protect the safety of the people. To solve the above problems, we propose a modified YOLOv5 object detection algorithm by implementing dilated convolutional layers which achieved 97% mAP50 compared to other five different models of YOLOv5. In addition to this, we also created a simple mobile application to avail the abnormal event detection on mobile phones.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.13-23
• /
• 2021

The attacker's techniques and tools are becoming intelligent and sophisticated. Existing Anti-Virus cannot prevent security accident. So the security threats on the endpoint should also be considered. Recently, EDR security solutions to protect endpoints have emerged, but they focus on visibility. There is still a lack of detection and responsiveness. In this paper, we use real-world EDR event logs to aggregate knowledge-based MITRE ATT&CK and autoencoder-based anomaly detection techniques to detect anomalies in order to screen effective analysis and analysis targets from a security manager perspective. After that, detected anomaly attack signs show the security manager an alarm along with log information and can be connected to legacy systems. The experiment detected EDR event logs for 5 days, and verified them with hybrid analysis search. Therefore, it is expected to produce results on when, which IPs and processes is suspected based on the EDR event log and create a secure endpoint environment through measures on the suspicious IP/Process.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.89-101
• /
• 2023

In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched. Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates. To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.3
• /
• pp.22-29
• /
• 2009

In previous work, anomaly-based intrusion detection techniques have been widely used to effectively detect various intrusions into a computer. This is because the anomaly-based detection techniques can effectively handle previously unknown intrusion methods. However, most of the previous work assumed that the normal network connections are fixed. For this reason, a new network connection may be regarded as an anomalous event. This paper proposes a new anomaly detection method based on an association-mining algorithm. The proposed method is composed of two phases: intra-packet association mining and inter-packet association mining. The performances of the proposed method are comparatively verified with JAM, which is a conventional representative intrusion detection method.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.6
• /
• pp.23-31
• /
• 2022

Due to the recent outbreak of COVID-19 and an aging population and an increase in single-person households, the amount of time that household members spend doing various activities at home has increased significantly. In this study, we propose an algorithm for detecting anomalies in members of single-person households, including the elderly, based on the results of human movement and fall detection using an image sensor algorithm through home CCTV, an activity sensor algorithm using an acceleration sensor built into a smartphone, and a 2D LiDAR sensor-based LiDAR sensor algorithm. However, each single sensor-based algorithm has a disadvantage in that it is difficult to detect anomalies in a specific situation due to the limitations of the sensor. Accordingly, rather than using only a single sensor-based algorithm, we developed a fusion method that combines each algorithm to detect anomalies in various situations. We evaluated the performance of algorithms through the data collected by each sensor, and show that even in situations where only one algorithm cannot be used to detect accurate anomaly event through certain scenarios we can complement each other to efficiently detect accurate anomaly event.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.41-59
• /
• 2015

Information systems has been developed and used in various business area, therefore there are abundance of history data (log data) stored, and subsequently, it is required to analyze those log data. Previous studies have been focusing on the discovering of relationship between events and no identification of anomaly instances. Previously, anomaly instances are treated as noise and simply ignored. However, this kind of anomaly instances can occur repeatedly. Hence, a new methodology to detect the anomaly instances is needed. In this paper, we propose a methodology of LAPID (Local Anomaly Process Instance Detection) for discriminating an anomalous process instance from the log data. We specified a distance metric from the activity relation matrix of each instance, and use it to detect API (Anomaly Process Instance). For verifying the suggested methodology, we discovered characteristics of exceptional situations from log data. To demonstrate our proposed methodology, we performed our experiment on real data from a domestic port terminal.

• Journal of the Korean Society for Precision Engineering
• /
• v.32 no.11
• /
• pp.989-995
• /
• 2015

In the literature, various stochastic anomaly detection methods, such as limit checking and PCA-based approaches, have been applied to weld defect detection. However, it is still a challenge to identify meaningful defect patterns from very limited sensor signals of laser welding, characterized by intermittent, discontinuous, very short, and non-stationary random signals. In order to effectively analyze the physical characteristics of laser weld signals: plasma intensity, weld pool temperature, and back reflection, we first transform the raw data of laser weld signals into the form of event logs. This is done by multidimensional discretization and event-codification, after which the event logs are decoded to extract weld defect patterns by $Na{\ddot{i}}ve$ Bayes classifier. The performance of the proposed method is examined in comparison with the commercial solution of PRECITEC's LWM$^{TM}$ and the most recent PCA-based detection method. The results show higher performance of the proposed method in terms of sensitivity (1.00) and specificity (0.98).

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.5
• /
• pp.99-106
• /
• 2011

In many applications, wireless sensor networks could be thought as data-centric networks, and the sensor nodes are densely distributed over a large sensor field. The sensor nodes are normally vulnerable in terms of security since they are very often deployed in a hostile environment and open space. In this paper, we propose a scheme for contents-based anomaly detection in wireless sensor networks. In this scheme we use the characteristics of sensor networks where several nodes surrounding an event point can simultaneously detect the phenomenon occurring and the contents detected from these sensors are limited to inside a certain range. The proposed scheme consists of several phases; training, testing and refining phases. Anomaly candidates detected by the distance-based anomaly detection scheme in the testing phase are sent to the refining phase. They are then compared in the sink node with previously collected data set to improve detection performance in the refining phase. Our simulation results suggest the effectiveness of the proposed scheme in this paper evidenced by the improvements of the detection rate and the false positive rate.

• Journal of Convergence for Information Technology
• /
• v.12 no.2
• /
• pp.47-53
• /
• 2022

Recently, with the change of the intelligent security paradigm, study to apply various information generated from various information security systems to AI-based anomaly detection is increasing. Therefore, in this study, in order to convert log-like time series data into a vector, which is a numerical feature, the CBOW and Skip-gram inference methods of deep learning-based Word2Vec model and statistical method based on the coincidence frequency were used to transform the published ADFA system call data. In relation to this, an experiment was carried out through conversion into various embedding vectors considering the dimension of vector, the length of sequence, and the window size. In addition, the performance of the embedding methods used as well as the detection performance were compared and evaluated through GRU-based anomaly detection model using vectors generated by the embedding model as an input. Compared to the statistical model, it was confirmed that the Skip-gram maintains more stable performance without biasing a specific window size or sequence length, and is more effective in making each event of sequence data into an embedding vector.

• Investigative Magnetic Resonance Imaging
• /
• v.25 no.3
• /
• pp.193-196
• /
• 2021

Congenital absence of the bilateral internal carotid arteries (ICA) is a very rare occurrence. Recognition of this rare anomaly is important, when considering intracranial endovascular interventions in the event of thromboembolic events with revascularization, transsphenoidal surgery, and the surveillance and detection of associated cerebral aneurysms. We report a case of a 25-year-old man who presented with headache since 2 years ago, and was incidentally discovered to have a congenital bilateral absence of ICAs.