• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.3
• /
• pp.428-451
• /
• 2010

Traffic matrix-based anomaly detection and DDoS attacks detection in networks are research focus in the network security and traffic measurement community. In this paper, firstly, a new type of unidirectional flow called IF flow is proposed. Merits and features of IF flows are analyzed in detail and then two efficient methods are introduced in our DDoS attacks detection and evaluation scheme. The first method uses residual variance ratio to detect DDoS attacks after Recursive Least Square (RLS) filter is applied to predict IF flows. The second method uses generalized likelihood ratio (GLR) statistical test to detect DDoS attacks after a Kalman filter is applied to estimate IF flows. Based on the two complementary methods, an evaluation formula is proposed to assess the seriousness of current DDoS attacks on router ports. Furthermore, the sensitivity of three types of traffic (IF flow, input link and output link) to DDoS attacks is analyzed and compared. Experiments show that IF flow has more power to expose anomaly than the other two types of traffic. Finally, two proposed methods are compared in terms of detection rate, processing speed, etc., and also compared in detail with Principal Component Analysis (PCA) and Cumulative Sum (CUSUM) methods. The results demonstrate that adaptive filter methods have higher detection rate, lower false alarm rate and smaller detection lag time.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.397-406
• /
• 2003

As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, has been raised. In the field of anomaly-based IDS several artificial intelligence techniques such as hidden Markov model (HMM), artificial neural network, statistical techniques and expert systems are used to model network rackets, system call audit data, etc. However, there are undetectable intrusion types for each measure and modeling method because each intrusion type makes anomalies at individual measure. To overcome this drawback of single-measure anomaly detector, this paper proposes a multiple-measure intrusion detection method. We measure normal behavior by systems calls, resource usage and file access events and build up profiles for normal behavior with hidden Markov model, statistical method and rule-base method, which are integrated with a rule-based approach. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.39-48
• /
• 2022

In this paper, we propose an anomaly detection system (ADS) to detect anomalies of the in-vehicle network for unmanned aerial vehicle (UAV). The proposed ADS detects the anomalies by measuring the similarity of status messages sequences periodically sent by the UAV to the ground control system. We defined three types of malicious message injection attacks that can be performed on the in-vehicle network of UAV and simulated those attack techniques in the Pixhawk4 quadcopter. The proposed ADS can detect abnormal sequences with accuracy of higher than 96%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.632-657
• /
• 2022

Detecting web attacks is a major challenge, and it is observed that the use of simple models leads to low sensitivity or high false positive problems. In this study, we aim to develop a robust two-stage deep learning based stacked ensemble web application firewall. Normal and abnormal classification is carried out in the first stage of the proposed WAF model. The classification process of the types of abnormal traffics is postponed to the second stage and carried out using an integrated stacked ensemble model. By this way, clients' requests can be served without time delay, and attack types can be detected with high sensitivity. In addition to the high accuracy of the proposed model, by using the statistical similarity and diversity analyses in the study, high generalization for the ensemble model is achieved. Within the study, a comprehensive, up-to-date, and robust multi-class web anomaly dataset named GAZI-HTTP is created in accordance with the real-world situations. The performance of the proposed WAF model is compared to state-of-the-art deep learning models and previous studies using the benchmark dataset. The proposed two-stage model achieved multi-class detection rates of 97.43% and 94.77% for GAZI-HTTP and ECML-PKDD, respectively.

• Journal of Genetic Medicine
• /
• v.1 no.1
• /
• pp.11-16
• /
• 1997

A nine month old male child presenting degenerating right ulna (massive osteolysis) has been followed up for two years. The bone completely disappeared due to abscesses on the right forearm and without orthopedic or haematological complications. Repeated lymphocyte cultures showed somatic pairing (mostly chromosome pair 5), end to end association involving chromosome 14, 21, 21 and 16, and satellite enlargement in a high proportion of cells with an otherwise normal 46,XY karyotype. These observations are compared with 13 other types of orthopaedic patients, and we opine that cumulative picture of chromosomal aberrations appears to correspond with the present rare anomaly "Mono Ostolic Osteolysis" involving right ulna. None of the controls or any other orthopaedic anomaly studied hereunder exhibits this chromosomal picture.

• Journal of Environmental Science International
• /
• v.4 no.2
• /
• pp.121-139
• /
• 1995

Based on the Results of Marine Meteorological and Oceanographical Observations (1966 -1987), the phenomenon of chimney is found as a candidate for the formation of the Japan Sea Proper Water (JSPW). The chimney phenomenon occurs twelve times Inuring 1966∼ 1987. The water types in the chimney denoting the deep convection are similar to those of the JSPW 0∼ 1℃ in potential temperature, 34.0∼34.1 ‰ in salinity and 68∼80 cl/t in potential thermosteric anomaly from the sea surface to the deep layer. The static stabilities in the chimney stations are unstable or neutral. This indicates that the winter time convection occurs. The JSPW sunken from the surface layer of chimney in winter spreads out under the Tsushima Warm Current area, following the isosteric surface of about 76 cl/t in Potential thermosteric anomaly. The formation of the deep water of the JSPW is mainly affected by the cooling of the sea surface than the evaporation of winds because the temperature and the salinity on the isoteric surface of about 76 cl/t in potential thermosteric anomaly ate cold and low The phenomenon of chimney occurred in here and there of the area in the north of 40" 30'N, west of 138" E. This suggests that the deep water of the JSPW is formed not in a limited area but probably in the overall region of the northern open ocean.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.45-56
• /
• 2005

The weak foundation of the computing environment caused information leakage and hacking to be uncontrollable, Therefore, dynamic control of security threats and real-time reaction to identical or similar types of accidents after intrusion are considered to be important, h one of the solutions to solve the problem, studies on intrusion detection systems are actively being conducted. To improve the anomaly IDS using system calls, this study focuses on neural networks learning using the soundex algorithm which is designed to change feature selection and variable length data into a fixed length learning pattern, That Is, by changing variable length sequential system call data into a fixed iength behavior pattern using the soundex algorithm, this study conducted neural networks learning by using a backpropagation algorithm. The backpropagation neural networks technique is applied for anomaly detection of system calls using Sendmail Data of UNM to demonstrate its performance.

• 한국해양학회지
• /
• v.18 no.1
• /
• pp.1-9
• /
• 1983

The northern boundary of the Tsusgima Current and its fluctuations are divcussed in the Japan Sea in summer. This current was characterized with high slinity, and its path was traced by following the salinity maximum on the basis of oceanographical data collected during the period from 1963 to 1979. The salinity maxima (34.45-34.85 ) of the Tsushima Current in the areas between 29 N in the East China Sea and northern part of the Japan Sea were found at depths between 46m and 135m. The representative thermosteric anomaly corresponding to the salinity maximum eas examined in order to analyze the advection of this currint. In the Tsushima Current region in the Japan Sen, the thermosteric anomaly values in the layer of salinity maximum during the period of 1970 to 1979 was beween 220 cl/t and 260 cl/t. In general, as the current moves northward its salinity decreascs, its thermosteric anomaly decreases and the depth of salinity maximum becomes shallower. The northern boundary of this current, which is indicated by 34.4 isohaline on 240 cl/t isanosteric surface during the study period of ten years, was confined to south of 40 N of the Japan Sea. The 34.4 isohaline edvealed two types of flow; one of them flows northward along the eastern coast of South Korea and then meanders eastward, while the oter flows basically northeastward along the coast of Japan. The meanders of northern boundary of this currint idrntified th isohaline in this word were nearly similar to those studied by others on the bases of isotherm analysis.

• Smart Structures and Systems
• /
• v.29 no.1
• /
• pp.181-193
• /
• 2022

Data-driven structural health monitoring (SHM) of civil infrastructure can be used to continuously assess the state of a structure, allowing preemptive safety measures to be carried out. Long-term monitoring of large-scale civil infrastructure often involves data-collection using a network of numerous sensors of various types. Malfunctioning sensors in the network are common, which can disrupt the condition assessment and even lead to false-negative indications of damage. The overwhelming size of the data collected renders manual approaches to ensure data quality intractable. The task of detecting and classifying an anomaly in the raw data is non-trivial. We propose an approach to automate this task, improving upon the previously developed technique of image-based pre-processing on one-dimensional (1D) data by enriching the features of the neural network input data with multiple channels. In particular, feature engineering is employed to convert the measured time histories into a 3-channel image comprised of (i) the time history, (ii) the spectrogram, and (iii) the probability density function representation of the signal. To demonstrate this approach, a CNN model is designed and trained on a dataset consisting of acceleration records of sensors installed on a long-span bridge, with the goal of fault detection and classification. The effect of imbalance in anomaly patterns observed is studied to better account for unseen test cases. The proposed framework achieves high overall accuracy and recall even when tested on an unseen dataset that is much larger than the samples used for training, offering a viable solution for implementation on full-scale structures where limited labeled-training data is available.

• Journal of Chest Surgery
• /
• v.19 no.2
• /
• pp.273-279
• /
• 1986

Total anomalous pulmonary venous return is a cardiac malformation in which there is no direct connection between any pulmonary vein and the left atrium but, rather all the pulmonary veins connect to the right atrium or one of its tributaries. TAPVC is a relatively uncommon anomaly, accounting for only about 1.5-3% of cases of congenital heart disease. Recently improvement in intraoperative techniques did eventually bring substantial improvements in the results in infants. 4 cases of TAPVC was successfully treated with one-stage operation, in the Dept. of Thoracic and Cardiovascular Surgery, National Medical Center in which 2 cases are supracardiac types and the other 2 cases are cardiac types. Sex ratio was 1:1, and the range of age was 2 years-18 years. The common pulmonary venous sinus was connected to the left vertical vein and innominate vein: in 2 supracardiac types and coronary sinus in 2 cardiac types. All cases are operated with standard cardiopulmonary bypass, and the hospital mortality was 0%.