• Journal of Korea Multimedia Society
• /
• v.21 no.3
• /
• pp.348-357
• /
• 2018

The topic of anomaly detection is one of the emerging research themes in computer vision, computer interaction, video analysis and monitoring. Observers focus attention on behaviors that vary in the magnitude or direction of the motion and behave differently in rules of motion with other objects. In this paper, we use this information and propose a system that detects abnormal behavior by using simple features extracted by optical flow. Our system can be applied in real life. Experimental results show high performance in detecting abnormal behavior in various videos.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.3
• /
• pp.1119-1143
• /
• 2014

Lightweight trust mechanism with lightweight cryptographic primitives has emerged as an important mechanism in resource constraint wireless sensor based mobile devices. In this work, outlier detection in lightweight Mobile Ad-hoc NETworks (MANETs) is extended to create the space of reliable trust cycle with anomaly detection mechanism and minimum energy losses [1]. Further, system is tested against outliers through detection ratios and anomaly scores before incorporating virtual programmable nodes to increase the efficiency. Security in proposed system is verified through ProVerif automated toolkit and mathematical analysis shows that it is strong against bad mouthing and on-off attacks. Performance of proposed technique is analyzed over different MANET routing protocols with variations in number of nodes and it is observed that system provide good amount of throughput with maximum of 20% increase in delay on increase of maximum of 100 nodes. System is reflecting good amount of scalability, optimization of resources and security. Lightweight modeling and policy analysis with lightweight cryptographic primitives shows that the intruders can be detection in few milliseconds without any conflicts in access rights.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.8 no.4
• /
• pp.316-321
• /
• 2008

Advanced computer network technology enables computers to be connected in an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, which makes it vulnerable to previously unidentified attack patterns and variations in attack and increases false negatives. Intrusion detection and analysis technologies are thus required. This paper investigates the asymmetric costs of false errors to enhance the performances the detection systems. The proposed method utilizes the network model to consider the cost ratio of false errors. By comparing false positive errors with false negative errors, this scheme achieved better performance on the view point of both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of anomaly traffic detection is enhanced by considering the costs of false errors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.1-12
• /
• 2023

It is very time-intensive to obtain data with labels on anomaly detection tasks for multivariate time series. Therefore, several studies have been conducted on unsupervised learning that does not require any labels. However, a well-done integrative survey has not been conducted on in-depth discussion of learning architecture and property for multivariate time series anomaly detection. This study aims to explore the characteristic of well-known architectures in anomaly detection of multivariate time series. Additionally, architecture was categorized by using top-down and bottom-up approaches. In order toconsider real-world anomaly detection situation, we trained models with dataset such as power grids or Cyber Physical Systems that contains realistic anomalies. From experimental results, we compared and analyzed the comprehensive performance of each architecture. Quantitative performance were measured using precision, recall, and F1 scores.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.207-208
• /
• 2006

Intrusion detection technology is highlighted in order to establish a safe information-oriented environment. Intrusion detection system can be categorized into anomaly detection and misuse detection according to intrusion detection pattern. In this paper, we propose an architecture to make up for the defect of conventional anomaly intrusion detection. This architecture reduces additional resource consumption and cost by placing the agent in the strategic location in Internet.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.11
• /
• pp.19-27
• /
• 2022

In this study, we propose a language and platform to describe and manage the MLOps(Machine Learning Operations) workflow for time series data anomaly detection. Time series data is collected in many fields, such as IoT sensors, system performance indicators, and user access. In addition, it is used in many applications such as system monitoring and anomaly detection. In order to perform prediction and anomaly detection of time series data, the MLOps platform that can quickly and flexibly apply the analyzed model to the production environment is required. Thus, we developed Python-based AI/ML Modeling Language (AMML) to easily configure and execute MLOps workflows. Python is widely used in data analysis. The proposed MLOps platform can extract and preprocess time series data from various data sources (R-DB, NoSql DB, Log File, etc.) using AMML and predict it through a deep learning model. To verify the applicability of AMML, the workflow for generating a transformer oil temperature prediction deep learning model was configured with AMML and it was confirmed that the training was performed normally.

• Journal of IKEEE
• /
• v.13 no.2
• /
• pp.140-149
• /
• 2009

Traffic anomaly detection is one of important technology that should be considered in network security and administration. In this paper, we propose an abnormal traffic detection mechanism that includes traffic monitoring and traffic analysis. We develop analytical passive monitoring system called WISE-Mon which can inspect traffic behavior. We establish a criterion by analyzing the characteristics of a traffic training set. To detect abnormal traffic, we derive a hyperplane by using Fisher linear discriminant and chi-square distribution as well as the analyzed characteristics of traffic. Our mechanism can support reliable results for traffic anomaly detection and is compatible to real-time detection. In addition, since the trend of traffic can be changed as time passes, the hyperplane has to be updated periodically to reflect the changes. Accordingly, we consider the self-learning algorithm which reflects the trend of the traffic and so enables to increase the pliability of detection probability. Numerical results are presented to validate the accuracy of proposed mechanism. It shows that the proposed mechanism is reliable and relevant for traffic anomaly detection.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.1
• /
• pp.1-12
• /
• 2010

Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks,from 0.62 to 0.84 about 35%.

• Smart Structures and Systems
• /
• v.30 no.6
• /
• pp.661-671
• /
• 2022

Stayed cables are the key components for transmitting loads in cable-stayed bridges. Therefore, it is very important to evaluate the cable force condition to ensure bridge safety. An online condition assessment and anomaly localization method is proposed for cables based on the spatiotemporal correlation of grouped cable forces. First, an anomaly sensitive feature index is obtained based on the distribution characteristics of grouped cable forces. Second, an adaptive anomaly detection method based on the k-nearest neighbor rule is used to perform dissimilarity measurements on the extracted feature index, and such a method can effectively remove the interference of environment factors and vehicle loads on online condition assessment of the grouped cable forces. Furthermore, an online anomaly isolation and localization method for stay cables is established, and the complete decomposition contributions method is used to decompose the feature matrix of the grouped cable forces and build an anomaly isolation index. Finally, case studies were carried out to validate the proposed method using an in-service cable-stayed bridge equipped with a structural health monitoring system. The results show that the proposed approach is sensitive to the abnormal distribution of grouped cable forces and is robust to the influence of interference factors. In addition, the proposed approach can also localize the cables with abnormal cable forces online, which can be successfully applied to the field monitoring of cables for cable-stayed bridges.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.37-43
• /
• 2004

Expasion of computer network and rapid growth of Internet have made computer security very important. As one of the ways to deal with security risk, much research has been made on Intrusion Detection System(IDS). The paper, also, addresses the issue of intrusion detection, but especially with Neuro-Fuzzy model. By applying the fuzzy logic which is known to deal with uncertainty to Anomaly Intrusion, it not only overcomes the difficulty of Misuse Intrusion, but also ultimately aims to detect the intrusions yet to be known.