• Journal of Information Processing Systems
• /
• 제7권1호
• /
• pp.173-186
• /
• 2011

Due to the disadvantages of signature-based computer virus detection techniques, behavior-based detection methods have developed rapidly in recent years. However, current popular behavior-based detection methods only take API call sequences as program behavior features and the difference between API calls in the detection is not taken into consideration. This paper divides virus behaviors into separate function modules by introducing DLLs into detection. APIs in different modules have different importance. DLLs and APIs are both considered program calling resources. Based on the calling relationships between DLLs and APIs, program calling resources can be pictured as a tree named program behavior resource tree. Important block structures are selected from the tree as program behavior features. Finally, a virus detection model based on behavior the resource tree is proposed and verified by experiment which provides a helpful reference to virus detection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권2호
• /
• pp.659-679
• /
• 2015

Distributed applications are composed of multiple nodes, which exchange information with individual nodes through message passing. Compared with traditional applications, distributed applications have more complex behavior patterns because a large number of interactions and concurrent behaviors exist among their distributed nodes. Thus, it is difficult to detect anomalous behaviors and determine the location and scope of abnormal nodes, and some attacks and misuse cannot be detected. To address this problem, we introduce a method for detecting anomalous behaviors based on process algebra. We specify the architecture of the behavior detection model and the detection algorithm. The anomalous behavior detection and analysis demonstrate that our method is a good discriminator between normal and anomalous behavior characteristics of distributed applications. Performance evaluation shows that the proposed method enhances efficiency without security degradation.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2005년도 ICCAS
• /
• pp.2337-2341
• /
• 2005

This paper presents the target detection method using Support Vector Machines(SVMs) and the navigation system using behavior-based fuzzy controller. SVM is a machine-learning method based on the principle of structural risk minimization, which performs well when applied to data outside the training set. We formulate detection of target objects as a supervised-learning problem and apply SVM to detect at each location in the image whether a target object is present or not. The behavior-based fuzzy controller is implemented as an individual priority behavior: the highest level behavior is target-seeking, the middle level behavior is obstacle-avoidance, the lowest level is an emergency behavior. We have implemented and tested the proposed method in our mobile robot "Pioneer2-AT". Comparing with a neural-network based detection method, a SVM illustrate the excellence of the proposed method.

• 한국통신학회논문지
• /
• 제35권9C호
• /
• pp.756-760
• /
• 2010

본 논문에서는 운전자 피로 감지를 위한 얼굴 동작을 효과적으로 인식하는 방법을 제안하고자 한다. 얼굴 동작은 얼굴 표정, 얼굴 자세, 시선, 주름 같은 얼굴 특징으로 나타난다. 그러나 얼굴 특징으로 하나의 동작 상태를 뚜렷이 구분한다는 것은 대단히 어려운 문제이다. 왜냐하면 사람의 동작은 복합적이며 그 동작을 표현하는 얼굴은 충분한 정보를 제공하기에는 모호성을 갖기 때문이다. 제안된 얼굴 동작 인식 시스템은 먼저 적외선 카메라로 눈 검출, 머리 방향 추정, 머리 움직임 추정, 얼굴 추적과 주름 검출과 같은 얼굴 특징 등을 감지하고 획득한 특징을 FACS의 AU로 나타낸다. 획득한 AU를 근간으로 동적 베이지안 네트워크를 통하여 각 상태가 일어날 확률을 추론한다.

• 정보보호학회논문지
• /
• 제14권5호
• /
• pp.69-78
• /
• 2004

인터넷의 급속한 확장과 새로운 공격 형태의 출현으로 인해 공격 기법 패러다임의 변화가 시작되었다. 그러나, 대부분의 침입 탐지 시스템은 오용 탐지 기반의 알려진 공격 유형만을 탐지하며, 새로운 공격에 대해서는 능동적인 대응이 어려운 실정이다. 이에 새로운 공격 유형에 대한 탐지 능력을 높이기 위해 이상 탐지의 여러 기법들을 적용하려는 시도들이 나타나고 있다. 본 논문에서는 그래픽 기반의 베이지안 프레임워크를 이용하여 감사 데이터에 의한 행위 프로파일링 방법을 제안하고 이상 탐지와 분석을 위한 행위 프로파일을 시각화하고자 한다. 호스트/네트워크의 감사 데이터를 이상 탐지를 위한 준 구조적 데이터 형식의 행위 프로파일인 BF-XML로 변환하고, BF-XML을 SVG로 시각화를 시뮬레이션한다.

• 정보보호학회지
• /
• 제5권2호
• /
• pp.32-48
• /
• 1995

Our paper describes an Intrusion Detection Parallel System(IDPS) which detects an anomaly activity corresponding to the actions that interaction between near detection events. IDES uses parallel inductive approaches regarding the problem of real-time anomaly behavior detection on rule-based system. This approach uses sequential rule that describes user's behavior and characteristics dependent on time. and that audits user's activities by using rule base as data base to store user's behavior pattern. When user's activity deviates significantly from expected behavior described in rule base. anomaly behaviors are recorded. Observed behavior is flagged as a potential intrusion if it deviates significantly from the expected behavior or if it triggers a rule in the parallel inductive system.

• 한국지능정보시스템학회:학술대회논문집
• /
• 한국지능정보시스템학회 2002년도 추계정기학술대회
• /
• pp.445-453
• /
• 2002

Past and current customer behavior is the best predicator of future customer behavior. This paper introduces a procedure on personalized defection detection and prevention for an online game site. The basic idea for our defection detection and prevention is adopted from the observation that potential defectors have a tendency to take a couple of months or weeks to gradually change their behavior (i.e. trim-out their usage volume) before their eventual withdrawal. For this purpose, we suggest a SOM (Self-Organizing Map) based procedure to determine the possible states of customer behavior from past behavior data. Based on this representation of the state of behavior, potential defectors are detected by comparing their monitored trajectories of behavior states with frequent and confident trajectories of past defectors. The key feature of this study includes a defection prevention procedure which recommends the desirable behavior state for the ext period so as to lower the likelihood of defection. The defection prevention procedure can be used to design a marketing campaign on an individual basis because it provides desirable behavior patterns for the next period. The experiments demonstrate that our approach is effective for defection prevention and efficient for defection detection because it predicts potential defectors without deterioration of prediction accuracy compared to that of the MLP (Multi-Layer Perceptron) neural network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.912-928
• /
• 2019

Crowd behavior analysis research has revealed a central role in helping people to find safety hazards or crime optimistic forecast. Thus, it is significant in the future video surveillance systems. Recently, the growing demand for safety monitoring has changed the awareness of video surveillance studies from analysis of individuals behavior to group behavior. Group detection is the process before crowd behavior analysis, which separates scene of individuals in a crowd into respective groups by understanding their complex relations. Most existing studies on group detection are scene-specific. Crowds with various densities, structures, and occlusion of each other are the challenges for group detection in diverse crowded scenes. Therefore, we propose a group detection approach called Collective Interaction Filtering to discover people motion interaction from trajectories. This approach is able to deduce people interaction with the Expectation-Maximization algorithm. The Collective Interaction Filtering approach accurately identifies groups by clustering trajectories in crowds with various densities, structures and occlusion of each other. It also tackles grouping consistency between frames. Experiments on the CUHK Crowd Dataset demonstrate that approach used in this study achieves better than previous methods which leads to latest results.

• 디지털산업정보학회논문지
• /
• 제8권1호
• /
• pp.125-137
• /
• 2012

As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. For such reason, lots of intrusion detection system has been developed. Intrusion detection system has abilities to detect abnormal behavior and unknown intrusions also it can detect intrusions by using patterns studied from various penetration methods. Various algorithms are studying now such as the statistical method for detecting abnormal behavior, extracting abnormal behavior, and developing patterns that can be expected. Etc. This study using clustering of data mining and association rule analyzes detecting areas based on two models and helps design detection system which detecting abnormal behavior, unknown attack, misuse attack in a large network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권6호
• /
• pp.2188-2203
• /
• 2021

With the rapid development of mobile Internet, smart phones have been widely popularized, among which Android platform dominates. Due to it is open source, malware on the Android platform is rampant. In order to improve the efficiency of malware detection, this paper proposes deep learning Android malicious detection system based on behavior features. First of all, the detection system adopts the static analysis method to extract different types of behavior features from Android applications, and extract sensitive behavior features through Term frequency-inverse Document Frequency algorithm for each extracted behavior feature to construct detection features through unified abstract expression. Secondly, Long Short-Term Memory neural network model is established to select and learn from the extracted attributes and the learned attributes are used to detect Android malicious applications, Analysis and further optimization of the application behavior parameters, so as to build a deep learning Android malicious detection method based on feature analysis. We use different types of features to evaluate our method and compare it with various machine learning-based methods. Study shows that it outperforms most existing machine learning based approaches and detects 95.31% of the malware.