• Proceedings of the Korea Contents Association Conference
• /
• 2019.05a
• /
• pp.287-288
• /
• 2019

그래프에서 이상 패턴은 정상 그래프와 상이하게 다른 양상을 갖는 그래프를 의미한다. 이상 패턴을 판단하기 위해서는 정상데이터 정확한 정의가 요구된다. 본 논문에서는 스트림 그래프에서 실시간으로 이상 패턴을 감지하는 기법을 제안한다. 제안하는 기법은 정상 서브그래프의 패턴(정상 패턴)을 정의하고 정점 간 연결 관계를 고려한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 1999.05a
• /
• pp.203-207
• /
• 1999

In this paper we propose the automated generation algorithm of penetration scenario using association mining technique. Until now known intrusion detections are classified into anomaly detection and misuse detection. The former uses statistical method, features selection, neural network method in order to decide intrusion, the latter uses conditional probability, expert system, state transition analysis, pattern matching for deciding intrusion. In proposed many intrusion detection algorithms unknown penetrations are created and updated by security experts. Our algorithm automatically generates penetration scenarios applying association mining technique to state transition technique. Association mining technique discovers efficient and useful unknown information in existing data. In this paper the algorithm we propose can automatically generate penetration scenarios to have been produced by security experts and is easy to cope with intrusions when it is compared to existing intrusion algorithms. Also It has advantage that maintenance cost is not high.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.210-212
• /
• 2022

In the manufacturing industry, various sensors are attached to monitor the status of production facility. In many cases, the data obtained through these sensors is time series data. In order to determine whether the status of the production facility is abnormal, the process of extracting patterns from time series data must be preceded. Also various methods for extracting patterns from time series data are studied. In this paper, we use matrix profile algorithm to extract patterns from the collected multivariate time series data. Through this, the pattern of multi sensor data currently being collected from the CNC machine is extracted.

• Smart Media Journal
• /
• v.13 no.2
• /
• pp.85-94
• /
• 2024

Artificial Intelligence of Things (AIoT), which combines AI and the Internet of Things (IoT), has recently gained popularity. Deep neural networks (DNNs) have achieved great success in many applications. Deploying complex AI models on embedded boards, nevertheless, may be challenging due to computational limitations or intelligent model complexity. This paper focuses on an AIoT-based system for smart sewing automation using edge devices. Our technique included developing a detection model and a decision tree for a sufficient testing scenario. YOLOv5 set the stage for our defective sewing stitches detection model, to detect anomalies and classify the sewing patterns. According to the experimental testing, the proposed approach achieved a perfect score with accuracy and F1score of 1.0, False Positive Rate (FPR), False Negative Rate (FNR) of 0, and a speed of 0.07 seconds with file size 2.43MB.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.5 no.2
• /
• pp.371-384
• /
• 2001

In these days, it is continuously increased to the intrusion of system in internet environment. The methods of intrusion detection can be largely classified into anomaly detection and misuse detection. The former uses statistical methods, features selection method in order to detect intrusion, the latter uses conditional probability, expert system, state transition analysis, pattern matching. The existing studies for IDS(intrusion detection system) use combined methods. In this paper, we propose a new intrusion detection algorithm combined both state transition analysis and association mining techniques. For the intrusion detection, the first step is generated state table for transmitted commands through the network. This method is similar to the existing state transition analysis. The next step is decided yes or no for intrusion using the association mining technique. According to this processing steps, we present the automated generation algorithm of the penetration scenarios.

• Smart Structures and Systems
• /
• v.33 no.2
• /
• pp.93-103
• /
• 2024

Despite the rapid development of sensors, structural health monitoring (SHM) still faces challenges in monitoring due to the degradation of devices and harsh environmental loads. These challenges can lead to measurement errors, missing data, or outliers, which can affect the accuracy and reliability of SHM systems. To address this problem, this study proposes a classification method that detects anomaly patterns in sensor data. The proposed classification method involves several steps. First, data scaling is conducted to adjust the scale of the raw data, which may have different magnitudes and ranges. This step ensures that the data is on the same scale, facilitating the comparison of data across different sensors. Next, informative features in the time and frequency domains are extracted and used as input for a deep neural network model. The model can effectively detect the most probable anomaly pattern, allowing for the timely identification of potential issues. To demonstrate the effectiveness of the proposed method, it was applied to actual data obtained from a long-span cable-stayed bridge in China. The results of the study have successfully verified the proposed method's applicability to practical SHM systems for civil infrastructures. The method has the potential to significantly enhance the safety and reliability of civil infrastructures by detecting potential issues and anomalies at an early stage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.97-110
• /
• 2004

As modem web services become enormously complex, web attacks has become frequent and serious. Existing security solutions such as firewalls or signature-based intrusion detection systems are generally inadequate in securing web services, and analysis of raw web log data is simply impractical for most organizations. Visual display of "interpreted" web logs, with emphasis on anomalous web requests, is essential for an organization to efficiently track web usage patterns and detect possible web attacks. In this paper, we discuss various issues related to effective real-time visualization of web usage patterns and anomalies. We implemented a software tool named SAD (session anomaly detection) Viewer to satisfy such need and conducted an empirical study in which anomalous web traffics such as Misuse attacks, DoS attacks, Code-Red worms and Whisker scans were injected. Our study confirms that SAD Viewer is useful in assisting web security engineers to monitor web usage patterns in general and anomalous web sessions in particular.articular.

• Journal of KIISE
• /
• v.44 no.4
• /
• pp.417-422
• /
• 2017

Anomaly detection is the identification of data that do not conform to a normal pattern or behavior model in a dataset. It can be utilized for detecting errors among data generated by devices or user behavior change in a social network data set. In this study, we proposed a new approach using rank correlation coefficient to efficiently detect abnormal data in devices of a building. With the increased push for energy conservation, many energy efficiency solutions have been proposed over the years. HVAC (Heating, Ventilating and Air Conditioning) system monitors and manages thousands of sensors such as thermostats, air conditioners, and lighting in large buildings. Currently, operators use the building's HVAC system for controlling efficient energy consumption. By using the proposed approach, it is possible to observe changes of ranking relationship between the devices in HVAC system and identify abnormal behavior in social network.

• Journal of Navigation and Port Research
• /
• v.42 no.4
• /
• pp.277-282
• /
• 2018

Recently, the Vessel Traffic Service (VTS) coverage has expanded to include coastal areas following the increased attention on vessel traffic safety. However, it has increased the workload on the VTS operators. In some cases, when the traffic volume increases sharply during the rush hour, the VTS operator may not be aware of the risks. Therefore, in this paper, we proposed a new method to recognize ship movement anomalies automatically to support the VTS operator's decision-making. The proposed method generated traffic pattern model without any category information using the unsupervised learning algorithm.. The anomaly score can be calculated by classification and comparison of the trained model. Finally, we reviewed the experimental results using a ship-handling simulator and the actual trajectory data to verify the feasibility of the proposed method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.434-437
• /
• 2010

NIPS(Network Intrusion Prevention System) is in line at the end of the external and internal networks which performed two kinds of action: Signature-based filtering and anomaly detection and prevention-based on self-learning. Among them, a signature-based filtering is well known to defend against attacks. By using signature-based filtering, intrusion prevention system passing a payload of packets is compared with attack patterns which are signature. If match, the packet is discard. However, when there is packet delay, it will increase the required pattern matching time as the number of signature is increasing whenever there is delay occur. Therefore, to ensure the performance of IPS, we needed more efficient pattern matching algorithm for high-performance ISP. To improve the performance of pattern matching the most important part is to reduce the number of comparisons signature rules and the packet whenever the packets arrive. In this paper, we propose an improve signature hashing-based pattern matching method. We use tuple pruning algorithm with Bloom filters, which effectively remove unnecessary tuples. Unlike other existing signature hashing-based IPS, our proposed method to improve the performance of IPS.