• International Journal of Advanced Culture Technology
• /
• v.10 no.1
• /
• pp.302-309
• /
• 2022

Occupational safety accidents are caused by various factors, and it is difficult to predict when and why they occur, and it is directly related to the lives of workers, so the interest in safety accidents is increasing every year. Therefore, in order to reduce safety accidents at industrial fields, workers are required to wear personal protective equipment. In this paper, we proposes a method to automatically check whether workers are wearing safety helmets among the protective equipment in the industrial field. It detects whether or not the helmet is worn using YOLOv5, a computer vision-based deep learning object detection algorithm. We transfer learning the s model among Yolov5 models with different learning rates and epochs, evaluate the performance, and select the optimal model. The selected model showed a performance of 0.959 mAP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.385-395
• /
• 2018

With the development of Internet, cyber attack has become a major threat. To detect cyber attacks, intrusion detection system(IDS) has been widely deployed. But IDS has a critical weakness which is that it generates a large number of false alarms. One of the promising techniques that reduce the false alarms in real time is machine learning. However, there are problems that must be solved to use machine learning. So, many machine learning approaches have been applied to this field. But so far, researchers have not focused on features. Despite the features of IDS alerts are important for performance of model, the approach to feature is ignored. In this paper, we propose new feature set which can improve the performance of model and can be extracted from a single alarm. New features are motivated from security analyst's know-how. We trained and tested the proposed model applied new feature set with real IDS alerts. Experimental results indicate the proposed model can achieve better accuracy and false positive rate than SVM model with ordinary features.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.731-751
• /
• 2021

The Internet of Things is a huge group of devices communicating each other and the interconnection of objects in the network is a basic requirement. Choosing a reliable device is critical because malicious devices can compromise networks and services. However, it is difficult to create a trust management model due to the mobility and resource constraints of IoT devices. For the centralized approach, there are issues of single point of failure and resource expansion and for the distributed approach, it allows to expand network without additional equipment by interconnecting each other, but it has limitations in data exchange and storage with limited resources and is difficult to ensure consistency. Recently, trust management models using fog nodes and blockchain have been proposed. However, blockchain has problems of low throughput and delay. Therefore, in this paper, a trust management model for selecting reliable devices in a fog-based IoT environment is proposed by applying IOTA, a blockchain technology for the Internet of Things. In this model, Directed Acyclic Graph-based ledger structure manages trust data without falsification and improves the low throughput and scalability problems of blockchain.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.401-410
• /
• 2021

Recently, as cyber attacks targeting industrial control systems increase, various studies are being conducted on the detection of abnormalities in industrial processes. Considering that the industrial process is deterministic and regular, It is appropriate to determine abnormality by comparing the predicted value of the detection model from which normal data is trained and the actual value. In this paper, HAI Datasets 20.07 and 21.03 are used. In addition, an ensemble model is created by combining models that have applied different time steps to Gated Recurrent Units. Then, the detection performance of the single model and the ensemble recurrent neural networks model were compared through various performance evaluation analysis, and It was confirmed that the proposed model is more suitable for abnormal detection in industrial control systems.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.406-412
• /
• 2022

Storing large amounts of data has always been a big problem from the beginning of computing history. Big Data has made huge advancements in improving business processes by finding the customers' needs using prediction models based on web and social media search. The main purpose of big data stream processing frameworks is to allow programmers to directly query the continuous stream without dealing with the lower-level mechanisms. In other words, programmers write the code to process streams using these runtime libraries (also called Stream Processing Engines). This is achieved by taking large volumes of data and analyzing them using Big Data frameworks. Streaming platforms are an emerging technology that deals with continuous streams of data. There are several streaming platforms of Big Data freely available on the Internet. However, selecting the most appropriate one is not easy for programmers. In this paper, we present a detailed description of two of the state-of-the-art and most popular streaming frameworks: Apache Ignite and Hazelcast. In addition, the performance of these frameworks is compared using selected attributes. Different types of databases are used in common to store the data. To process the data in real-time continuously, data streaming technologies are developed. With the development of today's large-scale distributed applications handling tons of data, these databases are not viable. Consequently, Big Data is introduced to store, process, and analyze data at a fast speed and also to deal with big users and data growth day by day.

• Journal of Korea Multimedia Society
• /
• v.23 no.7
• /
• pp.803-811
• /
• 2020

This paper proposes an image classification algorithm that transforms the number of convolution layers in the residual block of ResNet, CNN's representative method. The proposed method modified the structure of 34/50 layer of ResNet structure. First, we analyzed the performance of small and many convolution layers for the structure consisting of only shortcut and 3 × 3 convolution layers for 34 and 50 layers. And then the performance was analyzed in the case of small and many cases of convolutional layers for the bottleneck structure of 50 layers. By applying the results, the best classification method in the residual block was applied to construct a 34-layer simple structure and a 50-layer bottleneck image classification model. To evaluate the performance of the proposed image classification model, the results were analyzed by applying to the cifar10 dataset. The proposed 34-layer simple structure and 50-layer bottleneck showed improved performance over the ResNet-110 and Densnet-40 models.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.5143-5158
• /
• 2018

Improving the intrusion detection system (IDS) is a pressing need for cyber security world. With the growth of computer networks, there are constantly daily new attacks. Machine Learning (ML) is one of the most important fields which have great contribution to address the intrusion detection issues. One of these issues relates to the imbalance of the diverse classes of network traffic. Accuracy paradox is a result of training ML algorithm with imbalanced classes. Most of the previous efforts concern improving the overall accuracy of these models which is truly important. However, even they improved the total accuracy of the system; it fell in the accuracy paradox. The seriousness of the threat caused by the minor classes and the pitfalls of the previous efforts to address this issue is the motive for this work. In this paper, we consolidated stratified sampling, cost function and weighted Support Vector Machine (WSVM) method to address the accuracy paradox of ID problem. This model achieved good results of total accuracy and superior results in the small classes like the User-To-Remote and Remote-To-Local attacks using the improved version of the benchmark dataset KDDCup99 which is called NSL-KDD.

• Journal of Korea Multimedia Society
• /
• v.19 no.8
• /
• pp.1530-1537
• /
• 2016

Recently, solar power generation shows the significant growth in the renewable energy field. Using the short-term prediction, it is possible to control the electric power demand and the power generation plan of the auxiliary device. However, a short-term prediction can be used when you know the weather forecast. If it is not possible to use the weather forecast information because of disconnection of network at the island and the mountains or for security reasons, the accuracy of prediction is not good. Therefore, in this paper, we proposed a system capable of short-term prediction of solar power generation amount by using only the weather information that has been collected by oneself. We used temperature, humidity and insolation as weather information. We have applied a moving average to each information because they had a characteristic of time series. It was composed of min, max and average of each information, differences of mutual information and gradient of it. An artificial neural network, SVM and RBF Network model was used for the prediction algorithm and they were combined by Ensemble method. The results of this suggest that using a moving average during pre-processing and ensemble prediction models will maximize prediction accuracy.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.17-24
• /
• 2022

Recently, machine learning-based cyber attack detection and classification research has been actively conducted, achieving a high level of detection accuracy. However, low-spec IoT devices and large-scale network traffic make it difficult to apply machine learning-based detection models in IoT environment. Therefore, In this paper, we propose an efficient IoT attack detection and classification method through PCA(Principal Component Analysis) and LightGBM(Light Gradient Boosting Model) using datasets collected in a MQTT(Message Queuing Telementry Transport) IoT protocol environment that is also used in the defense field. As a result of the experiment, even though the original dataset was reduced to about 15%, the performance was almost similar to that of the original. It also showed the best performance in comparative evaluation with the four dimensional reduction techniques selected in this paper.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.2
• /
• pp.99-110
• /
• 2023

This study proposed a classification of malicious network traffic using the cyber threat framework(Mitre ATT&CK) and machine learning to solve the real-time traffic detection problems faced by current security monitoring systems. We applied a network traffic dataset called UNSW-NB15 to the Mitre ATT&CK framework to transform the label and generate the final dataset through rare class processing. After learning several boosting-based ensemble models using the generated final dataset, we demonstrated how these ensemble models classify network traffic using various performance metrics. Based on the F-1 score, we showed that XGBoost with no rare class processing is the best in the multi-class traffic environment. We recognized that machine learning ensemble models through Mitre ATT&CK label conversion and oversampling processing have differences over existing studies, but have limitations due to (1) the inability to match perfectly when converting between existing datasets and Mitre ATT&CK labels and (2) the presence of excessive sparse classes. Nevertheless, Catboost with B-SMOTE achieved the classification accuracy of 0.9526, which is expected to be able to automatically detect normal/abnormal network traffic.