• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.648-651
• /
• 2023

Video anomaly detection aims to detect abnormal events. Motivated by the power of transformers recently shown in vision tasks, we propose a novel transformer-based network for video anomaly detection. To capture long-range information in video, we employ a multi-scale transformer as an encoder. A convolutional decoder is utilized to predict the future frame from the extracted multi-scale feature maps. The proposed method is evaluated on three benchmark datasets: USCD Ped2, CUHK Avenue, and ShanghaiTech. The results show that the proposed method achieves better performance compared to recent methods.

• Journal of Korean Society of Water and Wastewater
• /
• v.38 no.2
• /
• pp.83-93
• /
• 2024

In this study, we present a sewer pipe inspection technique through a combination of active sonar technology and deep learning algorithms. It is difficult to inspect pipes containing water using conventional CCTV inspection methods, and there are various limitations, so a new approach is needed. In this paper, we introduce a inspection method using active sonar, and apply an auto encoder deep learning model to process sonar data to distinguish between normal and abnormal pipelines. This model underwent training on sonar data from a controlled environment under the assumption of normal pipeline conditions and utilized anomaly detection techniques to identify deviations from established standards. This approach presents a new perspective in pipeline inspection, promising to reduce the time and resources required for sewer system management and to enhance the reliability of pipeline inspections.

• Journal of Information Processing Systems
• /
• v.15 no.1
• /
• pp.137-150
• /
• 2019

Although the research of immune-based anomaly detection technology has made some progress, there are still some defects which have not been solved, such as the loophole problem which leads to low detection rate and high false alarm rate, the exponential relationship between training cost of mature detectors and size of self-antigens. This paper proposed an intrusion detection method based on changes of antibody concentration in immune response to improve and solve existing problems of immune based anomaly detection technology. The method introduces blood relative and blood family to classify antibodies and antigens and simulate correlations between antibodies and antigens. Then, the method establishes dynamic evolution models of antigens and antibodies in intrusion detection. In addition, the method determines concentration changes of antibodies in the immune system drawing the experience of cloud model, and divides the risk levels to guide immune responses. Experimental results show that the method has better detection performance and adaptability than traditional methods.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.8
• /
• pp.355-364
• /
• 2023

As advanced cyber threats continue to increase in recent years, it is difficult to detect new types of cyber attacks with existing pattern or signature-based intrusion detection method. Therefore, research on anomaly detection methods using data learning-based artificial intelligence technology is increasing. In addition, supervised learning-based anomaly detection methods are difficult to use in real environments because they require sufficient labeled data for learning. Research on an unsupervised learning-based method that learns from normal data and detects an anomaly by finding a pattern in the data itself has been actively conducted. Therefore, this study aims to extract a latent vector that preserves useful sequence information from sequence log data and develop an anomaly detection learning model using the extracted latent vector. Word2Vec was used to create a dense vector representation corresponding to the characteristics of each sequence, and an unsupervised autoencoder was developed to extract latent vectors from sequence data expressed as dense vectors. The developed autoencoder model is a recurrent neural network GRU (Gated Recurrent Unit) based denoising autoencoder suitable for sequence data, a one-dimensional convolutional neural network-based autoencoder to solve the limited short-term memory problem that GRU can have, and an autoencoder combining GRU and one-dimensional convolution was used. The data used in the experiment is time-series-based NGIDS (Next Generation IDS Dataset) data, and as a result of the experiment, an autoencoder that combines GRU and one-dimensional convolution is better than a model using a GRU-based autoencoder or a one-dimensional convolution-based autoencoder. It was efficient in terms of learning time for extracting useful latent patterns from training data, and showed stable performance with smaller fluctuations in anomaly detection performance.

• Journal of the Korea Computer Industry Society
• /
• v.6 no.5
• /
• pp.715-724
• /
• 2005

Recently many important systems that used to be operated in a closed environment are now providing web services and these kinds of web-based services are often an easy and common target of attacks. In addition, the great variety of web content and applications cause the development of new various intrusion technologies, while the misuse-based intrusion detection technology cannot keep the peace with the attacks and it seems to lack the capability to deal with such various new security threats, As a result it is necessary to research and develop new types of detection technologies that can detect newly developed attacks and intrusions as well as to be able to deal with previous types of exploits. In this paper, a HTTP traffic model is tested for its anomaly by using a HTTP request traffic pattern analysis and the field information analysis of the HTTP packet. Consequently, the HTTP traffic models by applying anomaly tests is designed and established.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.59-71
• /
• 2000

Due to the advance of computer and communication technology, intrusions or crimes using a computer have been increased rapidly while various information has been provided to users conveniently. As a results, many studies are necessary to detect the activities of intruders effectively. In this paper, a new association algorithm for the anomaly detection model is proposed in the process of generating user\`s normal patterns. It is that more recently observed behavior get more affection on the process of data mining. In addition, by clustering generated normal patterns for each use or a group of similar users, it is possible to identify the usual frequency of programs or command usage for each user or a group of uses. The performance of the proposed anomaly detection system has been tested on various system Parameters in order to identify their practical ranges for maximizing its detection rate.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.4
• /
• pp.13-20
• /
• 2023

In this paper, the actual data of VOC reduction facilities was analyzed through a model that detects and predicts data anomalies. Using the USAD model, which shows stable performance in the field of anomaly detection, anomalies in real-time data are detected and sensors that cause anomalies are searched. In addition, we propose a method of predicting and warning, when abnormalities that time will occur by predicting future outliers with an auto-regressive model. The experiment was conducted with the actual data of the VOC reduction facility, and the anomaly detection test results showed high detection rates with precision, recall, and F1-score of 98.54%, 89.08%, and 93.57%, respectively. As a result, averaging of the precision, recall, and F1-score for 8 sensors of detection rates were 99.64%, 99.37%, and 99.63%. In addition, the Hamming loss obtained to confirm the validity of the detection experiment for each sensor was 0.0058, showing stable performance. And the abnormal prediction test result showed stable performance with an average absolute error of 0.0902.

• Smart Media Journal
• /
• v.6 no.4
• /
• pp.9-16
• /
• 2017

The railway point machine is an especially important component that changes the traveling direction of a train. Failure of the point machine may cause a serious railway accident. Therefore, early detection of failures is important for the management of railway condition monitoring systems. In this paper, we propose a noise-robust anomaly detection method in railway condition monitoring systems using sound data. First, we extract feature vectors from the spectrogram image of sound signals and convert it into modulation feature to ensure robust performance, and lastly, use the support vector machine (SVM) as an early anomaly detector of railway point machines. By the experimental results, we confirmed that the proposed method could detect the anomaly conditions of railway point machines with acceptable accuracy even under noisy conditions.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.719-724
• /
• 2004

Recently, since the number of internet users is increasing rapidly and, by using the public hacking tools, general network users can intrude computer systems easily, the hacking problem is getting more serious. In order to prevent the intrusion, it is needed to detect the sign in advance of intrusion in a positive prevention by detecting the various foms of hackers' intrusion trials to know the vulnerability of systems. The existing network-based anomaly detection algorithms that cope with port- scanning and the network vulnerability scans have some weakness in intrusion detection. they can not detect slow scans and coordinated scans. therefore, the new concept of algorithm is needed to detect effectively the various forms of abnormal accesses for intrusion regardless of the intrusion methods. In this paper, SPAD(Session Pattern Anomaly Detector) is presented, which detects the abnormal service patterns by comparing them with the ordinary normal service patterns.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.795-805
• /
• 2019

Recently, there is a growing interest in network anomaly detection technology to tackle unknown attacks. For this purpose, diverse studies using data mining, machine learning, and deep learning have been applied to detect network anomalies. In this paper, we evaluate the decision tree to see its feasibility for network anomaly detection on NSL-KDD data set, which is one of the most popular data mining techniques for classification. In order to handle the over-fitting problem of decision tree, we select 13 features from the original 41 features of the data set using chi-square test, and then model the decision tree using TensorFlow and Scik-Learn, yielding 84% and 70% of binary classification accuracies on the KDDTest+ and KDDTest-21 of NSL-KDD test data set. This result shows 3% and 6% improvements compared to the previous 81% and 64% of binary classification accuracies by decision tree technologies, respectively.