• KEPCO Journal on Electric Power and Energy
• /
• v.4 no.2
• /
• pp.75-80
• /
• 2018

The smart city is developing an energy system efficiently through a common management of the city resource for the growth and a low carbon social. However, the smart city doesn't counter a verification effectively about a anomaly pattern detection when existing security technology (authentication, integrity, confidentiality) is used by fixed security key and key deodorization according to generated big data. This paper is proposed the "security nonce generation based on security nonce generation" for anomaly pattern detection of the adversary and a safety of the key is high through the key generation of the KDC (Key Distribution Center; KDC) for improvement. The proposed scheme distributes the generated security nonce and authentication keys to each facilities system by the KDC. This proposed scheme can be enhanced to the security by doing the external pattern detection and changed new security key through distributed security nonce with keys. Therefore, this paper can do improving the security and a responsibility of the smart city platform management data through the anomaly pattern detection and the safety of the keys.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.06a
• /
• pp.277-279
• /
• 2022

Rapid Development and adoption of AIS as a survailance tool has resulted in widespread application of data analysis technology, in addition to AIS ship trajectory clustering. AIS data-based clustering has become an increasingly popular method for marine traffic pattern recognition, ship route prediction and anomaly detection in recent year. In this paper we propose a route waypoint extraction by clustering ships CoG variance trajectory using Density-Based Spatial Clustering of Application with Noise (DBSCAN) algorithm in both port approach channel and coastal waters. The algorithm discovers route waypoint effectively. The result of the study could be used in traffic route extraction, and more-so develop a maritime anomaly detection tool.

• Journal of Internet Computing and Services
• /
• v.24 no.5
• /
• pp.17-27
• /
• 2023

Today, as AI (Artificial Intelligence) technology develops and its practicality increases, it is widely used in various application fields in real life. At this time, the AI model is basically learned based on various statistical properties of the learning data and then distributed to the system, but unexpected changes in the data in a rapidly changing data situation cause a decrease in the model's performance. In particular, as it becomes important to find drift signals of deployed models in order to respond to new and unknown attacks that are constantly created in the security field, the need for lifecycle management of the entire model is gradually emerging. In general, it can be detected through performance changes in the model's accuracy and error rate (loss), but there are limitations in the usage environment in that an actual label for the model prediction result is required, and the detection of the point where the actual drift occurs is uncertain. there is. This is because the model's error rate is greatly influenced by various external environmental factors, model selection and parameter settings, and new input data, so it is necessary to precisely determine when actual drift in the data occurs based only on the corresponding value. There are limits to this. Therefore, this paper proposes a method to detect when actual drift occurs through an Anomaly analysis technique based on XAI (eXplainable Artificial Intelligence). As a result of testing a classification model that detects DGA (Domain Generation Algorithm), anomaly scores were extracted through the SHAP(Shapley Additive exPlanations) Value of the data after distribution, and as a result, it was confirmed that efficient drift point detection was possible.

• Journal of Korea Multimedia Society
• /
• v.9 no.8
• /
• pp.1030-1036
• /
• 2006

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. Anomaly detection is a pattern recognition task whose goal is to report the occurrence of abnormal or unknown behavior in a given system being monitored. This paper presents an efficient rough set based anomaly detection method that can effectively identify a group of especially harmful internal masqueraders in cellular mobile networks. Our scheme uses the trace data of wireless application layer by a user as feature value. Based on the feature values, the use pattern of a mobile's user can be captured by rough sets, and the abnormal behavior of the mobile can be also detected effectively by applying a roughness membership function considering weighted feature values. The performance of our scheme is evaluated by a simulation. Simulation results demonstrate that the anomalies are well detected by the method that assigns different weighted values to feature attributes depending on importance.

• The KIPS Transactions:PartC
• /
• v.9C no.6
• /
• pp.831-840
• /
• 2002

Due to the advance of computer and communication technology, intrusions or crimes using a computer have been increased rapidly while tremendous information has been provided to users conveniently Specially, for the security of a database which stores important information such as the private information of a customer or the secret information of a company, several basic suity methods of a database management system itself or conventional misuse detection methods have been used. However, a problem caused by abusing the authority of an internal user such as the drain of secret information is more serious than the breakdown of a system by an external intruder. Therefore, in order to maintain the sorority of a database effectively, an anomaly defection technique is necessary. This paper proposes a method that generates the normal behavior profile of a user from the database log of the user based on an association mining method. For this purpose, the Information of a database log is structured by a semantically organized pattern tree. Consequently, an online transaction of a user is compared with the profile of the user, so that any anomaly can be effectively detected.

• Journal of Korea Port Economic Association
• /
• v.37 no.1
• /
• pp.179-196
• /
• 2021

Port congestion rate at Busan Port has increased for three years. Port congestion causes container reconditioning, which increases the dockyard labor's work intensity and ship owner's waiting time. If congestion is prolonged, it can cause a drop in port service levels. Therefore, this study proposed an anomaly detection method using ARIMA(Autoregressive Integrated Moving Average) model with the daily volume data from 2013 to 2020. Most of the research that predicts port volume is mainly focusing on long-term forecasting. Furthermore, studies suggesting methods to utilize demand forecasting in terms of port operations are hard to find. Therefore, this study proposes a way to use daily demand forecasting for port anomaly detection to solve the congestion problem at Busan port.

• International Journal of Control, Automation, and Systems
• /
• v.1 no.4
• /
• pp.453-458
• /
• 2003

The anomaly-detection algorithm based on negative selection of T cells is representative model among self-recognition methods and it has been applied to computer immune systems in recent years. In immune systems, T cells are produced through both positive and negative selection. Positive selection is the process used to determine a MHC receptor that recognizes self-molecules. Negative selection is the process used to determine an antigen receptor that recognizes antigen, or the nonself cell. In this paper, we propose a novel self-recognition algorithm based on the positive selection of T cells. We indicate the effectiveness of the proposed algorithm by change-detection simulation of some infected data obtained from cell changes and string changes in the self-file. We also compare the self-recognition algorithm based on positive selection with the anomaly-detection algorithm.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.101-106
• /
• 2023

Recently, cyberattacks are increasing in social engineering attacks using intelligent and continuous phishing sites and hacking techniques using malicious code. As personal security becomes important, there is a need for a method and a solution for determining whether a malicious URL exists using a web application. In this paper, we would like to find out each feature and limitation by comparing highly accurate techniques for detecting malicious URLs. Compared to classification algorithm models using features such as web flat panel DB and based URL detection sites, we propose an efficient URL anomaly detection technique.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.525-532
• /
• 2003

This paper describes intrusion detection rule management using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed approach, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2 (Network Simulator) with respect to time.

• Journal of the Society of Disaster Information
• /
• v.20 no.2
• /
• pp.315-328
• /
• 2024

Purpose: The purpose of this paper is to present a service construction plan using multiple complex sensor information to detect abnormal situations in urban life safety that are difficult to identify on CCTV. Method: This study selected service scenarios based on actual testbed data and analyzed service importance for local government control center operators, which are main users. Result: Service scenarios were selected as detection of day and night dynamic object, Detection of sudden temperature changes, and Detection of time-series temperature changes. As a result of AHP analysis, walking and mobility collision risk situation services and fire foreshadowing detection services leading to immediate major disasters were highly evaluated. Conclusion: This study is significant in proposing a plan to build an anomaly detection service that can be used in local governments based on real data. This study is significant in proposing a plan to build an anomaly detection service that can be used by local governments based on testbed data.