• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.141-148
• /
• 2003

Customer retention is a common concern for many industries and a critical issue for the survival in today's greatly compressed marketplace. Current customer retention models only focus on detection of potential defectors based on the likelihood of defection by using demographic and customer profile information. In this paper, we propose a dynamic procedure for defection detection and prevention using past and current customer behavior by utilizing SOM and Markov chain. The basic idea originates from the observation that a customer has a tendency to change his behavior (i.e. trim-out his usage volumes) before his eventual withdrawal. This gradual pulling out process offers the company the opportunity to detect the defection signals. With this approach, we have two significant benefits compared with existing defection detection studies. First, our procedure can predict when the potential defectors could withdraw and this feature helps to give marketing managers ample lead-time for preparing defection prevention plans. The second benefit is that our approach can provide a procedure for not only defection detection but also defection prevention, which could suggest the desirable behavior state for the next period so as to lower the likelihood of defection. We applied our dynamic procedure for defection detection and prevention to the online gaming industry. Our suggested procedure could predict potential defectors without deterioration of prediction accuracy compared to that of the MLP neural network and DT.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.45-51
• /
• 2018

As data utilization and importance becomes important, data-related accidents and damages are gradually increasing. Especially, insider threats are the most harmful threats. And these insider threats are difficult to detect by traditional security systems, so rule-based abnormal behavior detection method has been widely used. However, it has a lack of adapting flexibly to changes in new attacks and new environments. Therefore, in this paper, we propose an adaptive anomaly movement detection framework based on a statistical Markov model to detect insider threats in advance. This is designed to minimize false positive rate and false negative rate by adopting environment factors that directly influence the behavior, and learning data based on statistical Markov model. In the experimentation, the framework shows good performance with a high F2-score of 0.92 and suspicious behavior detection, which seen as a normal behavior usually. It is also extendable to detect various types of suspicious activities by applying multiple modeling algorithms based on statistical learning and environment factors.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.8
• /
• pp.3151-3168
• /
• 2015

Automatic detection of estrus in cows is important in cattle management. This paper proposes a method of estrus detection by automatically checking cattle mounting. We use a side-view video camera and apply computer vision techniques to detect mounting behavior. In particular, we extract motion information to select a potential mount-up and mount-down motion and then verify the true mounting behavior by considering the direction, magnitude, and history of the mount motion. From experimental results using video data obtained from a Korean native cattle farm, we believe that the proposed method based on the abrupt change of a mounting cow's height and motion history information can be utilized for detecting mounting behavior automatically, even in the case of fence occlusion.

• Journal of Korea Multimedia Society
• /
• v.10 no.12
• /
• pp.1726-1732
• /
• 2007

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. Anomaly detection is a pattern recognition task whose goal is to report the occurrence of abnormal or unknown behavior in a given system being monitored. This paper presents an efficient rough set based anomaly detection method that can effectively identify a group of especially harmful internal attackers - masqueraders in cellular mobile networks. Our scheme uses the trace data of wireless application layer by a user as feature value. Based on this, the used pattern of a mobile's user can be captured by rough sets, and the abnormal behavior of the mobile can be also detected effectively by applying a roughness membership function with the age of the user profile. The performance of the proposed scheme is evaluated by using a simulation. Simulation results demonstrate that the anomalies are well detected by the proposed scheme that considers the age of user profiles.

• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.52-60
• /
• 2024

APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.4
• /
• pp.125-139
• /
• 2017

In this paper, we developed a framework to detect and predict insider information leakage by collecting and restoring network traffic. For automated behavior analysis, many meta information and behavior information obtained using network traffic collection are used as machine learning features. By these features, we created and learned behavior model, network model and protocol-specific models. In addition, the ensemble model was developed by digitizing and summing the results of various models. We developed a function to present information leakage candidates and view meta information and behavior information from various perspectives using the visual analysis. This supports to rule-based threat detection and machine learning based threat detection. In the future, we plan to make an ensemble model that applies a regression model to the results of the models, and plan to develop a model with deep learning technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1027-1041
• /
• 2015

Recently, there are rapidly increasing cases of APT (Advanced Persistent Threat) attacks such as Verizon(2010), Nonghyup(2011), SK Communications(2011), and 3.20 Cyber Terror(2013), which cause leak of confidential information and tremendous damage to valuable assets without being noticed. Several anomaly detection technologies were studied to defend the APT attacks, mostly focusing on detection of obvious anomalies based on known malicious codes' signature. However, they are limited in detecting APT attacks and suffering from high false-negative detection accuracy because APT attacks consistently use zero-day vulnerabilities and have long latent period. Detecting APT attacks requires long-term analysis of data from a diverse set of sources collected over the long time, real-time analysis of the ingested data, and correlation analysis of individual attacks. However, traditional security systems lack sophisticated analytic capabilities, compute power, and agility. In this paper, we propose a Fast Data based real-time abnormal behavior detection system to overcome the traditional systems' real-time processing and analysis limitation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.391-394
• /
• 2004

Change of paradigm of network attack technique was begun by fast extension of the latest Internet and new attack form is appearing. But, Most intrusion detection systems detect informed attack type because is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, visibilitys to apply human immunity mechanism are appearing. In this paper, we create self-file from normal behavior profile about network packet and embody self recognition algorithm to use self-nonself discrimination in the human immune system to detect anomaly behavior. Sense change because monitors self-file creating anomaly detector based on Negative Selection Algorithm that is self recognition algorithm's one and detects anomaly behavior. And we achieve simulation to use DARPA Network Dataset and verify effectiveness of algorithm through the anomaly detection rate.

• Journal of Korea Multimedia Society
• /
• v.24 no.5
• /
• pp.659-666
• /
• 2021

With the continuous development of deep learning, human behavior recognition algorithms have achieved good results. However, in a multi-person recognition environment, the complex behavior environment poses a great challenge to the efficiency of recognition. To this end, this paper proposes a multi-person pose estimation model. First of all, the human detectors in the top-down framework mostly use the two-stage target detection model, which runs slow down. The single-stage YOLOv3 target detection model is used to effectively improve the running speed and the generalization of the model. Depth separable convolution, which further improves the speed of target detection and improves the model's ability to extract target proposed regions; Secondly, based on the feature pyramid network combined with context semantic information in the pose estimation model, the OHEM algorithm is used to solve difficult key point detection problems, and the accuracy of multi-person pose estimation is improved; Finally, the Euclidean distance is used to calculate the spatial distance between key points, to determine the similarity of postures in the frame, and to eliminate redundant postures.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.1051-1055
• /
• 2003

Policies are collections of general principles specifying the desired behavior and state of a system. Network management is mainly carried out by following policies about the behavior of the resources in the network. Policy-based (PB) network management supports to manage distributed system in a flexible and dynamic way. This paper focuses on configuration management based on Internet Engineering Task Force (IETF) standards. Network security approaches include the usage of intrusion detection system to detect the intrusion, building firewall to protect the internal systems and network. This paper presents how the policy-based framework is collaborated among the network security systems (intrusion detection system, firewall) and intrusion detection systems are cooperated to detect the intrusions.