• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.39-48
• /
• 2022

In this paper, we propose an anomaly detection system (ADS) to detect anomalies of the in-vehicle network for unmanned aerial vehicle (UAV). The proposed ADS detects the anomalies by measuring the similarity of status messages sequences periodically sent by the UAV to the ground control system. We defined three types of malicious message injection attacks that can be performed on the in-vehicle network of UAV and simulated those attack techniques in the Pixhawk4 quadcopter. The proposed ADS can detect abnormal sequences with accuracy of higher than 96%.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.471-480
• /
• 2016

Recently, the damage of cyber attack toward infra-system, national defence and security system is gradually increasing. In this situation, military recognizes the importance of cyber warfare, and they establish a cyber system in preparation, regardless of the existence of threaten. Thus, the study of Intrusion Detection System(IDS) that plays an important role in network defence system is required. IDS is divided into misuse and anomaly detection methods. Recent studies attempt to combine those two methods to maximize advantagesand to minimize disadvantages both of misuse and anomaly. The combination is called Hybrid IDS. Previous studies would not be inappropriate for near real-time network environments because they have computational complexity problems. It leads to the need of the study considering the structure of IDS that have high detection rate and low computational cost. In this paper, we proposed a Hybrid IDS which combines C4.5 decision tree(misuse detection method) and Weighted K-means algorithm (anomaly detection method) hierarchically. It can detect malicious network packets effectively with low complexity by applying mutual information and genetic algorithm based efficient feature selection technique. Also we construct upgraded the the hierarchical structure of IDS reusing feature weights in anomaly detection section. It is validated that proposed Hybrid IDS ensures high detection accuracy (98.68%) and performance at experiment section.

• Journal of the Korean Data and Information Science Society
• /
• v.20 no.2
• /
• pp.387-399
• /
• 2009

Mobile wireless networks continue to be plagued by theft of identify and intrusion. Both problems can be addressed in two different ways, either by misuse detection or anomaly-based detection. In this paper, we propose a dissimilarity-based anomaly detection method which can effectively identify abnormal behavior such as mobility patterns of mobile wireless networks. In the proposed algorithm, a normal profile is constructed from normal mobility patterns of mobile nodes in mobile wireless networks. From the constructed normal profile, a dissimilarity is computed by a weighted dissimilarity measure. If the value of the weighted dissimilarity measure is greater than the dissimilarity threshold that is a system parameter, an alert message is occurred. The performance of the proposed method is evaluated through a simulation. From the result of the simulation, we know that the proposed method is superior to the performance of other anomaly detection methods using dissimilarity measures.

• Journal of Internet Computing and Services
• /
• v.23 no.3
• /
• pp.35-45
• /
• 2022

Even in recent years, treatment of first-aid patients is still often delayed due to a shortage of medical resources in marginalized areas. Research on automating the analysis of medical data to solve the problems of inaccessibility for medical services and shortage of medical personnel is ongoing. Computer vision-based medical inspection automation requires a lot of cost in data collection and labeling for training purposes. These problems stand out in the works of classifying lesion that are rare, or pathological features and pathogenesis that are difficult to clearly define visually. Anomaly detection is attracting as a method that can significantly reduce the cost of data collection by adopting an unsupervised learning strategy. In this paper, we propose methods for detecting abnormal images on chest X-RAY images as follows based on existing anomaly detection techniques. (1) Normalize the brightness range of medical images resampled as optimal resolution. (2) Some feature vectors with high representative power are selected in set of patch features extracted as intermediate-level from lesion-free images. (3) Measure the difference from the feature vectors of lesion-free data selected based on the nearest neighbor search algorithm. The proposed system can simultaneously perform anomaly classification and localization for each image. In this paper, the anomaly detection performance of the proposed system for chest X-RAY images of PA projection is measured and presented by detailed conditions. We demonstrate effect of anomaly detection for medical images by showing 0.705 classification AUROC for random subset extracted from the PadChest dataset. The proposed system can be usefully used to improve the clinical diagnosis workflow of medical institutions, and can effectively support early diagnosis in medically poor area.

• Proceedings of the KSRS Conference
• /
• 2003.11a
• /
• pp.1413-1414
• /
• 2003

Interannual variability in the patterns of satellitederived pigment concentrations, sea-level height anomaly, sea surface temperature anomaly, and zonal wind anomaly are observed during the 2002-2003 El Ni${\tilde{n}}$o. The largest spatial extent of the phytoplankton bloom was recovery from El Ni${\tilde{n}}$o over the equatorial Pacific. The evolution towards a warm episode (El Ni${\tilde{n}}$o) started from spring of 2002 and continued during January 2003, while equatorial Sea Surface Temperature Anomaly (SSTA) remained greater than +1$^{\circ}$C in the central equatorial Pacific. The EOS (Earth Observing System) and OSMI (Ocean Scanning Multispectral Imager) data are used for detection of dramatic changes in the patterns of pigment concentration during El Ni${\tilde{n}}$o.

• Journal of Electrical Engineering and Technology
• /
• v.9 no.4
• /
• pp.1171-1181
• /
• 2014

Different power quality (PQ) disturbance sources can have major impacts on the power supply grid. This study proposes, for the first time, an early warning approach to identifying PQ problems and providing early warning prompts based on the monitored data of PQ disturbance sources. To establish a steady-state power quality early warning index system, the characteristics of PQ disturbance sources are analyzed and summed up. The higher order statistics anomaly detection (HOSAD) algorithm, based on skewness and kurtosis, and hierarchical power quality early warning flow, were then used to mine limit-exceeding and abnormal data and analyze their severity. Cases studies show that the proposed approach is effective and feasible, and that it is possible to provide timely power quality early warnings for limit-exceeding and abnormal data.

• Journal of Korean Society of Water and Wastewater
• /
• v.38 no.2
• /
• pp.83-93
• /
• 2024

In this study, we present a sewer pipe inspection technique through a combination of active sonar technology and deep learning algorithms. It is difficult to inspect pipes containing water using conventional CCTV inspection methods, and there are various limitations, so a new approach is needed. In this paper, we introduce a inspection method using active sonar, and apply an auto encoder deep learning model to process sonar data to distinguish between normal and abnormal pipelines. This model underwent training on sonar data from a controlled environment under the assumption of normal pipeline conditions and utilized anomaly detection techniques to identify deviations from established standards. This approach presents a new perspective in pipeline inspection, promising to reduce the time and resources required for sewer system management and to enhance the reliability of pipeline inspections.

• Journal of Information Processing Systems
• /
• v.15 no.1
• /
• pp.137-150
• /
• 2019

Although the research of immune-based anomaly detection technology has made some progress, there are still some defects which have not been solved, such as the loophole problem which leads to low detection rate and high false alarm rate, the exponential relationship between training cost of mature detectors and size of self-antigens. This paper proposed an intrusion detection method based on changes of antibody concentration in immune response to improve and solve existing problems of immune based anomaly detection technology. The method introduces blood relative and blood family to classify antibodies and antigens and simulate correlations between antibodies and antigens. Then, the method establishes dynamic evolution models of antigens and antibodies in intrusion detection. In addition, the method determines concentration changes of antibodies in the immune system drawing the experience of cloud model, and divides the risk levels to guide immune responses. Experimental results show that the method has better detection performance and adaptability than traditional methods.

• The KIPS Transactions:PartC
• /
• v.9C no.6
• /
• pp.831-840
• /
• 2002

Due to the advance of computer and communication technology, intrusions or crimes using a computer have been increased rapidly while tremendous information has been provided to users conveniently Specially, for the security of a database which stores important information such as the private information of a customer or the secret information of a company, several basic suity methods of a database management system itself or conventional misuse detection methods have been used. However, a problem caused by abusing the authority of an internal user such as the drain of secret information is more serious than the breakdown of a system by an external intruder. Therefore, in order to maintain the sorority of a database effectively, an anomaly defection technique is necessary. This paper proposes a method that generates the normal behavior profile of a user from the database log of the user based on an association mining method. For this purpose, the Information of a database log is structured by a semantically organized pattern tree. Consequently, an online transaction of a user is compared with the profile of the user, so that any anomaly can be effectively detected.

• Journal of Internet Computing and Services
• /
• v.24 no.2
• /
• pp.37-45
• /
• 2023

In line with the 4th Industrial Revolution, facility maintenance technologies for building smart factories are receiving attention and are being advanced. In addition, technology is being applied to smart farms and smart fisheries following smart factories. Among them, in the case of a recirculating aquaculture system, there is a motor pump that circulates water for a stable quality environment in the tank. Motor pump maintenance activities for recirculating aquaculture system are carried out based on preventive maintenance and data obtained from vibration sensor. Preventive maintenance cannot cope with abnormalities that occur before prior planning, and vibration sensors are affected by the external environment. This paper proposes an anomaly detection algorithm that utilizes ADTK, a Python open source, for motor pump anomaly detection based on data collected through current sensors that are less affected by the external environment than noise, temperature and vibration sensors.