• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.91-104
• /
• 2003

A masquerader is someone who pretends to be another user while invading the target user's accounts, directories, or files. The masquerade attack is the most serious computer misuse. Because, in most cases, after securing the other's password, the masquerader enters the computer system. The system such as IDS could not detect or response to the masquerader. The masquerade detection is the effort to find the masquerader automatically. This system will detect the activities of a masquerader by determining that user's activities violate a profile developed for that user with his audit data. From 1988, there are many efforts on this topic, but the success of the offers was limited and the performance was unsatisfactory. In this report we propose efficient masquerade detection system using SVM which create the user profile.

• Journal of Internet of Things and Convergence
• /
• v.7 no.3
• /
• pp.69-74
• /
• 2021

With the recent development of biometric authentication technology, the user authentication techniques using biometric authentication are increasing. Various problems arised in certification techniques that use various existing methods such as ID/PW. Therefore, recently, a method of improving security by introducing biometric authentication as secondary authentication has been used. In this thesis, proposal of the user authentication system that can detect user identification and anomalies using ECGs that are extremely difficult to falsify through the electrical biometric signals from the heart among various biometric authentication devices is studied. The system detects user anomalies by comparing ECG data received from a wrist-mounted wearable device-type ECG measurement tool with identification and ECG data stored in blockchain form on the database and identifying the user's location through a beacon system.

• Journal of applied mathematics & informatics
• /
• v.41 no.6
• /
• pp.1257-1274
• /
• 2023

Rotating machines heavily rely on an intricate network of interconnected sub-components, with bearing failures accounting for a substantial proportion (40% to 90%) of all such failures. To address this issue, intelligent algorithms have been developed to evaluate vibrational signals and accurately detect faults, thereby reducing the reliance on expert knowledge and lowering maintenance costs. Within the field of machine learning, Artificial Immune Systems (AIS) have exhibited notable potential, with applications ranging from malware detection in computer systems to fault detection in bearings, which is the primary focus of this study. In pursuit of this objective, we propose a novel procedure for detecting novel instances of anomalies in varying operating conditions, utilizing only the signals derived from the healthy state of the analyzed machine. Our approach incorporates AIS augmented by Dynamic Time Warping (DTW). The experimental outcomes demonstrate that the AIS-DTW method yields a considerable improvement in anomaly detection rates (up to 53.83%) compared to the conventional AIS. In summary, our findings indicate that our method represents a significant advancement in enhancing the resilience of AIS-based novelty detection, thereby bolstering the reliability of rotating machines and reducing the need for expertise in bearing fault detection.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.4 no.1
• /
• pp.267-282
• /
• 2000

With the development of computer&network technology and the growth of its dependance, computer failures not only lose human and material resources but also make organization's competition weak as a side-effect of information society. Therefore, people consider computer security as important factor. Intrusion Detection Systems (IDS) detect intrusions and take an appropriate action against them in order to protect a computer from system failure due to illegal intrusion. A variety of methods and models for IDS have been developed until now, but the existing methods or models aren't enough to detect intrusions because of the complexity of computer network the vulnerability of the object system, insufficient understanding for information security and the appearance of new illegal intrusion method. We propose a new IDS model to be suitable at the information system organized by homogeneous hosts and design for the IDS model and implement the prototype of it for feasibility study. The IDS model consist of many distributed unit sensor IDSs at homogeneous hosts and if any of distributed unit sensor IDSs detect anomaly system call among system call sequences generated by a process, the anomaly system call can be dynamically shared with other unit sensor IDSs. This makes the IDS model can effectively detect new intruders about whole information system.

• Journal of KIISE:Information Networking
• /
• v.32 no.3
• /
• pp.301-309
• /
• 2005

Learning program's behavior using machine learning techniques based on system call audit data is an effective intrusion detection method. Rule teaming, neural network, statistical technique, and hidden Markov model are representative methods for intrusion detection. Among them neural networks are known for its good performance in teaming system call sequences. In order to apply it to real world problems successfully, it is important to determine their structure. However, finding appropriate structure requires very long time because there are no formal solutions for determining the structure of networks. In this paper, a novel intrusion detection technique using evolutionary neural networks is proposed. Evolutionary neural networks have the advantage that superior neural networks can be obtained in shorter time than the conventional neural networks because it leams the structure and weights of neural network simultaneously Experimental results against 1999 DARPA IDEVAL data confirm that evolutionary neural networks are effective for intrusion detection.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.87-94
• /
• 2017

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.10
• /
• pp.3989-4006
• /
• 2020

The intelligent agriculture monitoring is based on the perception and analysis of environmental data, which enables the monitoring of the production environment and the control of environmental regulation equipment. As the scale of the application continues to expand, a large amount of data will be generated from the perception layer and uploaded to the cloud service, which will bring challenges of insufficient bandwidth and processing capacity. A fog-based offline and real-time hybrid data analysis architecture was proposed in this paper, which combines offline and real-time analysis to enable real-time data processing on resource-constrained IoT devices. Furthermore, we propose a data process-ing algorithm based on the incremental principal component analysis, which can achieve data dimensionality reduction and update of principal components. We also introduce the concept of Squared Prediction Error (SPE) value and realize the abnormal detection of data through the combination of SPE value and data fusion algorithm. To ensure the accuracy and effectiveness of the algorithm, we design a regular-SPE hybrid model update strategy, which enables the principal component to be updated on demand when data anomalies are found. In addition, this strategy can significantly reduce resource consumption growth due to the data analysis architectures. Practical datasets-based simulations have confirmed that the proposed algorithm can perform data fusion and exception processing in real-time on resource-constrained devices; Our model update strategy can reduce the overall system resource consumption while ensuring the accuracy of the algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.839-850
• /
• 2014

As the social and financial damages caused by APT attack such as 3.20 cyber terror are increased, the technical solution against APT attack is required. It is, however, difficult to protect APT attack with existing security equipments because the attack use a zero-day malware persistingly. In this paper, we propose a host based anomaly detection method to overcome the limitation of the conventional signature-based intrusion detection system. First, we defined 39 features to identify between normal and abnormal behavior, and then collected 8.7 million feature data set that are occurred during running both malware and normal executable file. Further, each process is represented as 83-dimensional vector that profiles the frequency of appearance of features. the vector also includes the frequency of features generated in the child processes of each process. Therefore, it is possible to represent the whole behavior information of the process while the process is running. In the experimental results which is applying C4.5 decision tree algorithm, we have confirmed 2.0% and 5.8% for the false positive and the false negative, respectively.

• Asian-Australasian Journal of Animal Sciences
• /
• v.26 no.7
• /
• pp.1030-1037
• /
• 2013

Early detection of anomalies is an important issue in the management of group-housed livestock. In particular, failure to detect oestrus in a timely and accurate way can become a limiting factor in achieving efficient reproductive performance. Although a rich variety of methods has been introduced for the detection of oestrus, a more accurate and practical method is still required. In this paper, we propose an efficient data mining solution for the detection of oestrus, using the sound data of Korean native cows (Bos taurus coreanea). In this method, we extracted the mel frequency cepstrum coefficients from sound data with a feature dimension reduction, and use the support vector data description as an early anomaly detector. Our experimental results show that this method can be used to detect oestrus both economically (even a cheap microphone) and accurately (over 94% accuracy), either as a standalone solution or to complement known methods.

• Journal of Internet of Things and Convergence
• /
• v.8 no.5
• /
• pp.119-125
• /
• 2022

With the recent increase in dementia patients due to aging, measures to prevent their wandering behavior and disappearance are urgently needed. To solve this problem, various authentication methods and location detection techniques have been introduced, but the security problem of personal authentication and a system that can check indoor and outdoor overall was lacking. In order to solve this problem, various authentication methods and location detection techniques have been introduced, but it was difficult to find a system that can check the security problem of personal authentication and indoor/outdoor overall. In this study, we intend to propose a system that can identify personal authentication, basic health status, and overall location indoors and outdoors by using wristband-type wearable devices in a private blockchain environment. In this system, personal authentication uses ECG, which is difficult to forge and highly personally identifiable, Bluetooth beacon that is easy to use with low power, non-contact and automatic transmission and reception indoors, and DGPS that corrects the pseudorange error of GPS satellites outdoors. It is intended to detect wandering behavior and abnormal signs by locating the patient. Through this, it is intended to contribute to the prompt response and prevention of disappearance in case of wandering behavior and abnormal symptoms of dementia patients living at home or in nursing homes.