• Journal of Internet Computing and Services
• /
• v.18 no.1
• /
• pp.65-75
• /
• 2017

The Detection Model is the model to find the result of a certain purpose using artificial intelligent, data mining, intelligent algorithms In Cyber Security, it usually uses to detect intrusion, malwares, cyber incident, and attacks etc. There are an amount of unlabeled data that are collected in a real environment such as security data. Since the most of data are not defined the class labels, it is difficult to know type of data. Therefore, the label determination process is required to detect and analysis with accuracy. In this paper, we proposed a KDFL(K-means and D-S Fusion based Labeling) method using D-S inference and k-means(unsupervised) algorithms to decide label of data records by fusion, and a detection model architecture using a proposed labeling method. A proposed method has shown better performance on detection rate, accuracy, F1-measure index than other methods. In addition, since it has shown the improved results in error rate, we have verified good performance of our proposed method.

• Journal of Intelligence and Information Systems
• /
• v.18 no.1
• /
• pp.125-141
• /
• 2012

These days, the malicious attacks and hacks on the networked systems are dramatically increasing, and the patterns of them are changing rapidly. Consequently, it becomes more important to appropriately handle these malicious attacks and hacks, and there exist sufficient interests and demand in effective network security systems just like intrusion detection systems. Intrusion detection systems are the network security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. Conventional intrusion detection systems have generally been designed using the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. However, they cannot handle new or unknown patterns of the network attacks, although they perform very well under the normal situation. As a result, recent studies on intrusion detection systems use artificial intelligence techniques, which can proactively respond to the unknown threats. For a long time, researchers have adopted and tested various kinds of artificial intelligence techniques such as artificial neural networks, decision trees, and support vector machines to detect intrusions on the network. However, most of them have just applied these techniques singularly, even though combining the techniques may lead to better detection. With this reason, we propose a new integrated model for intrusion detection. Our model is designed to combine prediction results of four different binary classification models-logistic regression (LOGIT), decision trees (DT), artificial neural networks (ANN), and support vector machines (SVM), which may be complementary to each other. As a tool for finding optimal combining weights, genetic algorithms (GA) are used. Our proposed model is designed to be built in two steps. At the first step, the optimal integration model whose prediction error (i.e. erroneous classification rate) is the least is generated. After that, in the second step, it explores the optimal classification threshold for determining intrusions, which minimizes the total misclassification cost. To calculate the total misclassification cost of intrusion detection system, we need to understand its asymmetric error cost scheme. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, total misclassification cost is more affected by FNE rather than FPE. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 10,000 samples from them by using random sampling method. Also, we compared the results from our model with the results from single techniques to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell R4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on GA outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that the proposed model outperformed all the other comparative models in the total misclassification cost perspective. Consequently, it is expected that our study may contribute to build cost-effective intelligent intrusion detection systems.

• Journal of the Semiconductor & Display Technology
• /
• v.18 no.3
• /
• pp.122-126
• /
• 2019

These-days technology related to IoT (Internet of Thing) is widely used and there are many types of smart system based IoT like smart health, smart building and so on. In smart health system, it is possible to check someone's health by analyzing data from wearable IoT device like smart watch. Smart building system aims to collect data from sensor such as humidity, temperature, human counter like that and control the building for energy efficiency, security, safety and so forth. Furthermore, smart city system can comprise several smart systems like smart building, smart health, smart mobility, smart energy and etc. In this paper, we propose multimedia IoT based intelligent emergency alarm system for smart city. In existing IoT based smart system, it communicates lightweight data like text data. In the past, due to network's limitations lightweight IoT protocol was proposed for communicating data between things but now network technology develops, problem which is to communicate heavy data is solving. The proposed system obtains video from IP cameras/CCTVs, analyses the video by exploiting AI algorithm for detecting emergencies and prevents them which cause damage or death. If emergency is detected, the proposed system sends warning message that emergency may occur to people or agencies. We built prototype of the intelligent emergency alarm system based on MQTT and assured that the system detected dangerous situation and sent alarm messages. From the test results, it is expected that the system can prevent damages of people, nature and save human life from emergency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.5
• /
• pp.1310-1338
• /
• 2023

As Internet of Things (IoT) applications and devices rapidly grow, cyber-attacks on IoT networks/systems also have an increasing trend, thus increasing the threat to security and privacy. Botnet is one of the threats that dominate the attacks as it can easily compromise devices attached to an IoT networks/systems. The compromised devices will behave like the normal ones, thus it is difficult to recognize them. Several intelligent approaches have been introduced to improve the detection accuracy of this type of cyber-attack, including deep learning and machine learning techniques. Moreover, dimensionality reduction methods are implemented during the preprocessing stage. This research work proposes deep Autoencoder dimensionality reduction method combined with Artificial Neural Network (ANN) classifier as botnet detection system for IoT networks/systems. Experiments were carried out using 3- layer, 4-layer and 5-layer pre-processing data from the MedBIoT dataset. Experimental results show that using a 5-layer Autoencoder has better results, with details of accuracy value of 99.72%, Precision of 99.82%, Sensitivity of 99.82%, Specificity of 99.31%, and F1-score value of 99.82%. On the other hand, the 5-layer Autoencoder model succeeded in reducing the dataset size from 152 MB to 12.6 MB (equivalent to a reduction of 91.2%). Besides that, experiments on the N_BaIoT dataset also have a very high level of accuracy, up to 99.99%.

• Journal of Intelligence and Information Systems
• /
• v.26 no.3
• /
• pp.37-50
• /
• 2020

Information security has become an important issue in the world. Various information and communication technologies, such as the Internet of Things, big data, cloud, and artificial intelligence, are developing, and the need for information security is increasing. Although the necessity of information security is expanding according to the development of information and communication technology, interest in information security investment is insufficient. In general, measuring the effect of information security investment is difficult, so appropriate investment is not being practice, and organizations are decreasing their information security investment. In addition, since the types and specification of information security measures are diverse, it is difficult to compare and evaluate the information security countermeasures objectively, and there is a lack of decision-making methods about information security investment. To develop the organization, policies and decisions related to information security are essential, and measuring the effect of information security investment is necessary. Therefore, this study proposes a method of constructing an investment portfolio for information security measures using game theory and derives an optimal defence probability. Using the two-person game model, the information security manager and the attacker are assumed to be the game players, and the information security countermeasures and information security threats are assumed as the strategy of the players, respectively. A zero-sum game that the sum of the players' payoffs is zero is assumed, and we derive a solution of a mixed strategy game in which a strategy is selected according to probability distribution among strategies. In the real world, there are various types of information security threats exist, so multiple information security measures should be considered to maintain the appropriate information security level of information systems. We assume that the defence ratio of the information security countermeasures is known, and we derive the optimal solution of the mixed strategy game using linear programming. The contributions of this study are as follows. First, we conduct analysis using real performance data of information security measures. Information security managers of organizations can use the methodology suggested in this study to make practical decisions when establishing investment portfolio for information security countermeasures. Second, the investment weight of information security countermeasures is derived. Since we derive the weight of each information security measure, not just whether or not information security measures have been invested, it is easy to construct an information security investment portfolio in a situation where investment decisions need to be made in consideration of a number of information security countermeasures. Finally, it is possible to find the optimal defence probability after constructing an investment portfolio of information security countermeasures. The information security managers of organizations can measure the specific investment effect by drawing out information security countermeasures that fit the organization's information security investment budget. Also, numerical examples are presented and computational results are analyzed. Based on the performance of various information security countermeasures: Firewall, IPS, and Antivirus, data related to information security measures are collected to construct a portfolio of information security countermeasures. The defence ratio of the information security countermeasures is created using a uniform distribution, and a coverage of performance is derived based on the report of each information security countermeasure. According to numerical examples that considered Firewall, IPS, and Antivirus as information security countermeasures, the investment weights of Firewall, IPS, and Antivirus are optimized to 60.74%, 39.26%, and 0%, respectively. The result shows that the defence probability of the organization is maximized to 83.87%. When the methodology and examples of this study are used in practice, information security managers can consider various types of information security measures, and the appropriate investment level of each measure can be reflected in the organization's budget.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.27-34
• /
• 2020

Recently, the fourth industrial revolution technology has not only changed everyday life greatly through technological development, but has also become a major keyword in the establishment of defense policy. In particular, Internet of Things, cloud, big data, mobile and cybersecurity technologies, called ICBMS, were selected as core leading technologies in defense information policy along with artificial intelligence. Amid the growing importance of the fourth industrial revolution technology, research is being carried out to develop the C4I system, which is currently operated separately by the Joint Chiefs of Staff and each military, including the KJCCS, ATCIS, KNCCS and AFCCS, into an integrated system in preparation for future warfare. This is to solve the problem of reduced interoperability for joint operations, such as information exchange, by operating the C4I system for each domain. In addition, systems such as the establishment of an integrated C4I system and the U.S. military's Risk Management Framework (RMF) are essential for efficient control and safe operation of weapons systems as they are being developed into super-connected and super-intelligent systems. Therefore, in this paper, the intelligent cyber threat detection, management of users' access to information, and intelligent management and visualization of cyber threat are presented in the future C4I system based on big data/cloud.

• Journal of Intelligence and Information Systems
• /
• v.28 no.1
• /
• pp.287-310
• /
• 2022

Companies' interest in developing AI-based intelligent new products is increasing. Recently, the main concern of companies is to innovate customer experience and create new values by developing new products through the effective use of Artificial intelligence technology. However, due to the nature of products based on radical technologies such as artificial intelligence, intelligent products differ from existing products and development methods, so it is clear that there is a limitation to applying the existing development methodology as it is. This study proposes a new research method based on KANO-TOPSIS for the successful development of AI-based intelligent new products by using car voice assistants as an example. Using the KANO model, select and evaluate functions that customers think are necessary for new products, and use the TOPSIS method to derives priorities by finding the importance of functions that customers need. For the analysis, major categories such as vehicle condition check and function control elements, driving-related elements, characteristics of voice assistant itself, infotainment elements, and daily life support elements were selected and customer demand attributes were subdivided. As a result of the analysis, high recognition accuracy should be considered as a top priority in the development of car voice assistants. Infotainment elements that provide customized content based on driver's biometric information and usage habits showed lower priorities than expected, while functions related to driver safety such as vehicle condition notification, driving assistance, and security, also showed as the functions that should be developed preferentially. This study is meaningful in that it presented a new product development methodology suitable for the characteristics of AI-based intelligent new products with innovative characteristics through an excellent model combining KANO and TOPSIS.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.4
• /
• pp.451-456
• /
• 2004

Signature based intrusion detection system (IDS), having stored rules for detecting intrusions at the library, judges whether new inputs are intrusion or not by matching them with the new inputs. However their policy has two restrictions generally. First, when they couldn't make rules against new intrusions, false negative (FN) errors may are taken place. Second, when they made a lot of rules for maintaining diversification, the amount of resources grows larger proportional to their amount. In this paper, we propose the learning algorithm which can evolve the competent of anomaly detectors having the ability to detect anomalous attacks by genetic algorithm. The anomaly detectors are the population be composed of by following the negative selection procedure of the biological immune system. To show the effectiveness of proposed system, we apply the learning algorithm to the artificial network environment, which is a computer security system.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.1
• /
• pp.75-81
• /
• 2004

Signature based intrusion detection system (IDS), having stored rules for detecting intrusions at the library, judges whether new inputs are intrusion or not by matching them with the new inputs. However their policy has two restrictions generally. First, when they couldn`t make rules against new intrusions, false negative (FN) errors may are taken place. Second, when they made a lot of rules for maintaining diversification, the amount of resources grows larger proportional to their amount. In this paper, we propose the learning algorithm which can evolve the competent of anomaly detectors having the ability to detect anomalous attacks by genetic algorithm. The anomaly detectors are the population be composed of by following the negative selection procedure of the biological immune system. To show the effectiveness of proposed system, we apply the learning algorithm to the artificial network environment, which is a computer security system.

• Journal of Intelligence and Information Systems
• /
• v.14 no.3
• /
• pp.25-39
• /
• 2008

The objective of this study is to forecast the operational continuous ability using Artificial Neural Networks in battalion defensive operation for the commander decision making support. The forecasting of the combat result is one of the most complex issue in military science. However, it is difficult to formulate a mathematical model to evaluate the combat power of a battalion in defensive operation since there are so many parameters and high temporal and spatial variability among variables. So in this study, we used company combat power level data in Battalion Command in Battle Training as input data and used Feed-Forward Multilayer Perceptrons(MLP) and General Regression Neural Network (GRNN) to evaluate operational continuous ability. The results show 82.62%, 85.48% of forecasting ability in spite of non-linear interactions among variables. We think that GRNN is a suitable technique for real-time commander's decision making and evaluation of the commitment priority of troops in reserve.