• Title/Summary/Keyword: Anomaly detection system

Search Result 299, Processing Time 0.027 seconds

Research on Identifying Manipulated Operation Data of Cyber-Physical System Based on Permutation Entropy (순열 엔트로피 기반 사이버 물리 시스템의 조작된 운영 데이터 식별 방안 연구)

  • Ka-Kyung Kim;Ieck-Chae Euom
    • Convergence Security Journal
    • /
    • v.24 no.3
    • /
    • pp.67-79
    • /
    • 2024
  • Attackers targeting critical infrastructure, such as energy plants, conduct intelligent and sophisticated attacks that conceal their traces until their objectives are achieved. Manipulating measurement data of cyber-physical systems, which are connected to the physical environment, directly impacts human safety. Given the unique characteristics of cyber-physical systems, a differentiated approach is necessary, distinct from traditional IT environment anomaly detection and identification methods. This study proposes a methodology that integrates both recursive filtering and an entropy-based approach to identify maliciously manipulated measurement data, considering the characteristics of cyber-physical systems. By applying the proposed approach to synthesized data based on a publicly available industrial control system security dataset in our research environment, the results demonstrate its effectiveness in identifying manipulated operational data.

Anomaly Diagnosis of Rotational Machinery Using Time-Series Vibration Data Based on Time-Distributed CNN-LSTM (시분할 CNN-LSTM 기반의 시계열 진동 데이터를 이용한 회전체 기계 설비의 이상 진단)

  • Kim, Min-Ki
    • Journal of Korea Multimedia Society
    • /
    • v.25 no.11
    • /
    • pp.1547-1556
    • /
    • 2022
  • As mechanical facilities are interacting with each other, the failure of some equipment can affect the entire system, so it is necessary to quickly detect and diagnose the abnormality of mechanical equipment. This study proposes a deep learning model that can effectively diagnose abnormalities in rotating machinery and equipment. CNN is widely used for feature extraction and LSTMs are known to be effective in learning sequential information. In LSTM, the number of parameters and learning time increase as the length of input data increases. In this study, we propose a method of segmenting an input segment signal into shorter-length sub-segment signals, sequentially inputting them to CNN through a time-distributed method for extracting features, and inputting them into LSTM. A failure diagnosis test was performed using the vibration data collected from the motor for ventilation equipment installed at the urban railway station. The experiment showed an accuracy of 99.784% in fault diagnosis. It shows that the proposed method is effective in the fault diagnosis of rotating machinery and equipment.

An Anomalous Event Detection System based on Information Theory (엔트로피 기반의 이상징후 탐지 시스템)

  • Han, Chan-Kyu;Choi, Hyoung-Kee
    • Journal of KIISE:Information Networking
    • /
    • v.36 no.3
    • /
    • pp.173-183
    • /
    • 2009
  • We present a real-time monitoring system for detecting anomalous network events using the entropy. The entropy accounts for the effects of disorder in the system. When an abnormal factor arises to agitate the current system the entropy must show an abrupt change. In this paper we deliberately model the Internet to measure the entropy. Packets flowing between these two networks may incur to sustain the current value. In the proposed system we keep track of the value of entropy in time to pinpoint the sudden changes in the value. The time-series data of entropy are transformed into the two-dimensional domains to help visually inspect the activities on the network. We examine the system using network traffic traces containing notorious worms and DoS attacks on the testbed. Furthermore, we compare our proposed system of time series forecasting method, such as EWMA, holt-winters, and PCA in terms of sensitive. The result suggests that our approach be able to detect anomalies with the fairly high accuracy. Our contributions are two folds: (1) highly sensitive detection of anomalies and (2) visualization of network activities to alert anomalies.

A Study on multi-channel temperature monitoring for the detection of leakage or seepage in dam body (댐 침투수 탐지를 위한 멀티 채널 온도 모니터링 연구)

  • Oh, Seok-Hoon;Kim, Jung-Yul;Park, Han-Gyu;Kim, Hyoung-Soo;Kim, Yoo-Sung
    • Proceedings of the Korean Geotechical Society Conference
    • /
    • 2005.03a
    • /
    • pp.1211-1218
    • /
    • 2005
  • Temperature variation according to space and time on the inner parts of engineering constructions(e.g.: dam, slope) can be a basic information for diagnosing their safety problem. In general, as constructions become superannuated, structural deformation(e.g.: cracks, defects) could be occurred by various factors. Seepage or leakage of water through these cracks or defects in old dams will directly cause temperature anomaly. Groundwater level also can be easily observed by abrupt change of temperature on the level. This study shows that the position of seepage or leakage in dam body can be detected by multi-channel temperature monitoring using thermal line sensor. For this, diverse temperature monitoring experiments for a leakage physical model were performed in the laboratory. In field application of an old dam, temperature variations for water depth and for inner parts of boreholes located at downstream slope were measured. Temperature monitoring results for a long time at the bottom of downstream slope of the dam showed the possibility that temperature monitoring can provide the synthetic information about flowing path and quantity of seepage of leakage in dam body.

  • PDF

A survey and categorization of anomaly detection in online games (온라인 게임에서의 이상 징후 탐지 기법 조사 및 분류)

  • Kwak, Byung Il;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1097-1114
    • /
    • 2015
  • As the online game market grows, illegal activities such as cheating play using game bots or game hack programs, running private servers, hacking game companies' system and network, and account theft are also increasing. There are various security measures for online games to prevent illegal activities. However, the current security measures are not enough to prevent all highly evolving game attacks and frauds. Some security measure can do harm game players usability, game companies need to develop usable security measure that is well fit to game genre and contents design. In this study, we surveyed the recent trend of various security measure applied in online games. This research also classified illegal activities and their related countermeasure for detection and prevention.

User Behavior Based Web Attack Detection in the Face of Camouflage (정상 사용자로 위장한 웹 공격 탐지 목적의 사용자 행위 분석 기법)

  • Shin, MinSik;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.3
    • /
    • pp.365-371
    • /
    • 2021
  • With the rapid growth in Internet users, web applications are becoming the main target of hackers. Most previous WAFs (Web Application Firewalls) target every single HTTP request packet rather than the overall behavior of the attacker, and are known to be difficult to detect new types of attacks. In this paper, we propose a web attack detection system based on user behavior using machine learning to detect attacks of unknown patterns. In order to define user behavior, we focus on features excluding areas where an attacker can camouflage as a normal user. The experimental results shows that by using the path and query information to define users' behaviors, best results for an accuracy of 99% with Decision forest.

Designing an GRU-based on-farm power management and anomaly detection automation system (GRU 기반의 농장 내 전력량 관리 및 이상탐지 자동화 시스템 설계)

  • Hyeon seo Kim;Meong Hun Lee
    • Smart Media Journal
    • /
    • v.13 no.1
    • /
    • pp.18-23
    • /
    • 2024
  • Power efficiency management in smart farms is important due to its link to climate change. As climate change negatively impacts agriculture, future agriculture is expected to utilize smart farms to minimize climate impacts, but smart farms' power consumption may exacerbate the climate crisis due to the current electricity production system. Therefore, it is essential to efficiently manage and optimize the power usage of smart farms. In this study, we propose a system that monitors the power usage of smart farm equipment in real time and predicts the power usage one hour later using GRU. CT sensors are installed to collect power usage data, which are analyzed to detect and prevent abnormal patterns, and combined with IoT technology to efficiently manage and monitor the overall power usage. This helps to optimize power usage, improve energy efficiency, and reduce carbon emissions. The system is expected to improve not only the energy management of smart farms, but also the overall efficiency of energy use.

Feature Selection with PCA based on DNS Query for Malicious Domain Classification (비정상도메인 분류를 위한 DNS 쿼리 기반의 주성분 분석을 이용한 성분추출)

  • Lim, Sun-Hee;Cho, Jaeik;Kim, Jong-Hyun;Lee, Byung Gil
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.1 no.1
    • /
    • pp.55-60
    • /
    • 2012
  • Recent botnets are widely using the DNS services at the connection of C&C server in order to evade botnet's detection. It is necessary to study on DNS analysis in order to counteract anomaly-based technique using the DNS. This paper studies collection of DNS traffic for experimental data and supervised learning for DNS traffic-based malicious domain classification such as query of domain name corresponding to C&C server from zombies. Especially, this paper would aim to determine significant features of DNS-based classification system for malicious domain extraction by the Principal Component Analysis(PCA).

Intrusion Detection based on Intrusion Prediction DB using System Call Sequences (시스템 호출을 이용한 침입예상 데이터베이스 기반 침입탐지)

  • Ko, Ki-Woong;Shin, Wook;Lee, Dong-Ik
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2002.04b
    • /
    • pp.927-930
    • /
    • 2002
  • 본 논문에서는 중요 프로세스(privileged process)의 시스템 호출 순서(system call sequence)를 이용한 침입탐지 시스템을 제안한다. 기존 연구의 정상행위 기반 침입탐지 시스템은 정상행위를 모델링하여 시스템을 구성하고, 이와 비교를 통해 프로세스의 이상(anomaly) 여부를 결정한다. 이러한 방법은 모델링되지 않은 미지의 행위에 대한 적절한 판단을 행할 수 없으므로, 높은 오류율(false-positive/negative)을 보인다. 본 논문에서는 현재까지 알려진 공격에서 공통적으로 나타나는 윈도우들을 수집하여 침입예상윈도우를 구축하고, 이를 기존의 침입탐지 시스템에 부가적으로 사용하여 효과적으로 오류율(false-positive/negative)을 낮출 수 있음을 보인다. 실험 결과 제안된 방법을 통한 침입탐지는 기존의 방법에 비해 공격 탐지율은 증가하고 정상행위에 대한 오류율은 감소하였다.

  • PDF

Optimization of Action Recognition based on Slowfast Deep Learning Model using RGB Video Data (RGB 비디오 데이터를 이용한 Slowfast 모델 기반 이상 행동 인식 최적화)

  • Jeong, Jae-Hyeok;Kim, Min-Suk
    • Journal of Korea Multimedia Society
    • /
    • v.25 no.8
    • /
    • pp.1049-1058
    • /
    • 2022
  • HAR(Human Action Recognition) such as anomaly and object detection has become a trend in research field(s) that focus on utilizing Artificial Intelligence (AI) methods to analyze patterns of human action in crime-ridden area(s), media services, and industrial facilities. Especially, in real-time system(s) using video streaming data, HAR has become a more important AI-based research field in application development and many different research fields using HAR have currently been developed and improved. In this paper, we propose and analyze a deep-learning-based HAR that provides more efficient scheme(s) using an intelligent AI models, such system can be applied to media services using RGB video streaming data usage without feature extraction pre-processing. For the method, we adopt Slowfast based on the Deep Neural Network(DNN) model under an open dataset(HMDB-51 or UCF101) for improvement in prediction accuracy.