• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.489-494
• /
• 2007

침입방지 시스템(IPS, Intrusion Prevention System)은 인라인모드(in-line mode)로 네트워크에 설치되어, 네트워크를 지나는 패킷 또는 세션을 검사하여 만일 그 패킷에서 공격이 감지되면 해당 패킷을 폐기하거나 세션을 종료시킴으로서 외부의 침입으로부터 네트워크를 보호하는 시스템을 의미한다. 침입방지 시스템은 크게 두 가지 종류의 동작을 수행한다. 하나는 이미 알려진 공격으로부터 방어하는 시그너처 기반 필터링(signature based filtering)이고 다른 하나는 알려지지 않은 공격이나 비정상 세션으로부터 방어하는 자기 학습 기반의 변칙 탐지 및 방지(anomaly detection and prevention based on selflearning)이다. 시그너처 기반 필터링에서는 침입방지시스템을 통과하는 패킷의 페이로드와 시그너처라고 불리는 공격 패턴들과 비교하여 같으면 그 패킷을 폐기한다. 시그너처의 개수가 증가함에 따라 하나의 들어온 패킷에 대하여 요구되는 패턴 매칭 시간은 증가하게 되어 패킷지연 없이 동작하는 고성능 침입탐지시스템을 개발하는 것이 어렵게 되었다. 공개 침입방지 소프트웨어인 SNORT를 위한 여러 개의 효율적인 패턴 매칭 방식들이 제안되었는데 시그너처들의 공통된 부분에 대해 한번만 매칭을 수행하거나 한 바이트 단위 비교대신 여러 바이트 비교 동작을 수행함으로써 불필요한 매칭동작을 줄이려고 하였다. 본 논문에서는 패턴 매칭 시간을 시그너처의 개수와 무관하게 하기 위하여 시그너처 해싱 기반에 기반한 고성능 침입방지시스템을 제안한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.299-300
• /
• 2024

첨단 기술의 발전과 함께 지능형 운전자 보조 시스템의 성능 및 교통 시스템 체계가 고도화됨에 따라 전반적인 교통사고 발생 건수는 줄어드는 추세지만 대한민국의 교통사고 발생 빈도는 아직 OECD 평균 대비 높은 실정이다. 특히, 2020년 경제 협력 개발 기구(OECD) 통계에 따르면 대한민국의 인구 10만 명당 교통사고 사망자 수는 회원국 36개 중 29위로 매우 높은 축에 속한다. 따라서, 본 논문에서는 교통사고 발생률을 낮추는 데 도움을 줄 수 있는 주행 이상 패턴 감지 시스템을 제안한다. 제안한 방법에서는 실시간 영상 분석을 통해 신호등 및 차선을 인식함과 동시 차량 내부 진단 데이터에 대한 시계열 분석을 기반으로 운전자의 운전 패턴을 분석한 후 평소와 다른 이상 징후를 발견하면 운전자에게 경고 알림을 제공하여 위험한 상황을 회피할 수 있도록 지원한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.25-38
• /
• 2017

Many security threats are occurring around the world due to the characteristics of industrial control systems that can cause serious damage in the event of a security incident including major national infrastructure. Therefore, the industrial control system network traffic should be analyzed so that it can identify the attack in advance or perform incident response after the accident. In this paper, we research the visualization technique as network forensics to enable reasonable suspicion of all possible attacks on DNP3 control system protocol, and define normal action based rules and derive visualization requirements. As a result, we developed a visualization tool that can detect sudden network traffic changes such as DDoS and attacks that contain anormal behavior from captured packet files on industrial control system network. The suspicious behavior in the industrial control system network can be found using visualization tool with Digital Bond packet.

• The Journal of the Korea Contents Association
• /
• v.7 no.3
• /
• pp.93-100
• /
• 2007

Internet had spread in all fields with the fast speed during the last 10 years. Lately, wireless network is also spreading rapidly. Also, number of times that succeed attack attempt and invasion for wireless network is increasing rapidly TMS system was developed to overcome these threat on wireless network. Existing TMS system supplies active confrontation mechanism on these threats. However, existent TMS has limitation that new form of attack do not filtered efficiently. Therefor this paper proposes a new method that it automatically compute the threat from the imput packets with vector space model and detect anomaly detection of wireless network. Proposed mechanism in this research analyzes similarity degree between packets, and detect something wrong symptom of wireless network and then classify these threats automatically.

• KIPS Transactions on Software and Data Engineering
• /
• v.7 no.3
• /
• pp.91-98
• /
• 2018

Automatic detection of pig wasting diseases is an important issue in the management of group-housed pigs. In particular, porcine respiratory diseases are one of the main causes of mortality among pigs and loss of productivity in intensive pig farming. In this paper, we propose a noise-robust system for the early detection and recognition of pig wasting diseases using sound data. In this method, first we convert one-dimensional sound signals to two-dimensional gray-level images by normalization, and extract texture images by means of dominant neighborhood structure technique. Lastly, the texture features are then used as inputs of convolutional neural networks as an early anomaly detector and a respiratory disease classifier. Our experimental results show that this new method can be used to detect pig wasting diseases both economically (low-cost sound sensor) and accurately (over 96% accuracy) even under noise-environmental conditions, either as a standalone solution or to complement known methods to obtain a more accurate solution.

• Journal of Satellite, Information and Communications
• /
• v.11 no.3
• /
• pp.51-57
• /
• 2016

Many kinds of telemetry should be monitored to check the state of spacecraft and it leads the time consumption. However, it is very important to define the status of satellite in short time because the contact number and time of low earth orbit satellite is limited. Also, on-board fault management should be prepared for non-contact operation because of the sever space environment. In this paper, on-board and ground autonomous operation method for the safety enhancement is described. Immediate fault detection and response is possible in ground by explicit anomaly detection through satellite event and error information. Also, satellite operation assistant system is proposed for ground autonomy that collect event sequence in accordance with related telemetry and recommend or execute an appropriate action for abnormal state. Critical parameter monitoring method with checking rate, mode and threshold is developed for on-board autonomous fault management. If the value exceeds the limit, pre-defined command sequence is executed.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2015.07a
• /
• pp.310-311
• /
• 2015

Ships' tracking data are being monitored and collected by vessel traffic service center in real time. In this paper, we intend to contribute to vessel traffic service operators' decision making through extracting ships' tracking patterns and models based on these data. Support Vector Machine algorithm was used for vessel track modeling to handle and process the data sets and k-fold cross validation was used to select the proper parameters. Proposed data processing methods could support vessel traffic service operators' decision making on case of anomaly detection, calculation ships' dead reckoning positions and etc.

• Journal of Biomedical Engineering Research
• /
• v.28 no.1
• /
• pp.84-94
• /
• 2007

In order to collect information on local distribution of conductivity and permittivity underneath a scan probe, we developed a multi-frequency trans-admittance scanner (TAS). Applying a sinusoidal voltage with variable frequency on a chosen distal part of a human body, we measure exit currents from 320 grounded electrodes placed on a chosen surface of the subject. The electrodes are packaged inside a small and light scan probe. The system includes one voltage source and 17 digital ammeters. Front-end of each ammeter is a current-to-voltage converter with virtual grounding of a chosen electrode. The rest of the ammeter is a voltmeter performing digital phase-sensitive demodulation. Using resistor loads, we calibrate the system including the scan probe to compensate frequency-dependent variability of current measurements and also inter-channel variability among multiple. We found that SNR of each ammeter is about 85dB and the minimal measurable current is 5nA. Using saline phantoms with objects made from TX-151, we verified the performance of the lesion estimation algorithm. The error rate of the depth estimation was about 19.7%. For the size estimate, the error rate was about 15.3%. The results suggest improvement in lesion estimation algorithm based on multi-frequency trans-admittance data.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.434-437
• /
• 2010

NIPS(Network Intrusion Prevention System) is in line at the end of the external and internal networks which performed two kinds of action: Signature-based filtering and anomaly detection and prevention-based on self-learning. Among them, a signature-based filtering is well known to defend against attacks. By using signature-based filtering, intrusion prevention system passing a payload of packets is compared with attack patterns which are signature. If match, the packet is discard. However, when there is packet delay, it will increase the required pattern matching time as the number of signature is increasing whenever there is delay occur. Therefore, to ensure the performance of IPS, we needed more efficient pattern matching algorithm for high-performance ISP. To improve the performance of pattern matching the most important part is to reduce the number of comparisons signature rules and the packet whenever the packets arrive. In this paper, we propose an improve signature hashing-based pattern matching method. We use tuple pruning algorithm with Bloom filters, which effectively remove unnecessary tuples. Unlike other existing signature hashing-based IPS, our proposed method to improve the performance of IPS.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.45-53
• /
• 2021

When the security monitoring system is performed in a separation network, there is little normal anomaly detection in internal networks or high-risk sections. Therefore, after the establishment of the security network, a model is needed to evaluate state-of-the-art cyber threat anomalies for internal network in separation network to complete the optimized security structure. In this study, We evaluate it by generating datasets of cyber vulnerabilities and malicious code arising from general and separation networks, It prepare for the latest cyber vulnerabilities in internal network cyber attacks to analyze threats, and established a cyber security test evaluation system that fits the characteristics. The study designed an evaluation model that can be applied to actual separation network institutions, and constructed a test data set for each situation and applied a real-time security assessment model.