• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2C
• /
• pp.208-218
• /
• 2006

In this paper, we introduce the creation methods of attack detection model using data mining technologies that can classify the latest attack types, and can detect the modification of existing attacks as well as the novel attacks. Also, we evaluate comparatively these attack detection models in the view of detection accuracy and detection time. As the important factors for creating detection models, there are data, attribute, and detection algorithm. Thus, we used NetFlow data gathered at the real network, and KDD Cup 1999 data for the experiment in large quantities. And for attribute selection, we used a heuristic method and a theoretical method using decision tree algorithm. We evaluate comparatively detection models using a single supervised/unsupervised data mining approach and a combined supervised data mining approach. As a result, although a combined supervised data mining approach required more modeling time, it had better detection rate. All models using data mining techniques could detect the attacks within 1 second, thus these approaches could prove the real-time detection. Also, our experimental results for anomaly detection showed that our approaches provided the detection possibility for novel attack, and especially SOM model provided the additional information about existing attack that is similar to novel attack.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.23 no.3
• /
• pp.302-309
• /
• 2020

Early-detection and monitoring of toxic chemical gas cloud with chemical detector is essential for reducing the number of casualties. Conventional method for chemical detection and reconnaissance has the limitation in approaching to chemically contaminated site and prompt understanding for the situation. Stand-off detector can detect and identify the chemical gas at a long distance but it cannot know exact distance and position. Chemical detection UAV is an emerging platform for its high mobility and operation safety. In this study, we have conducted chemical gas cloud detection with the stand-off chemical detector and the chemical detection UAV. DMMP vapor was generated in the area where the cloud can be detected through the field of view(FOV) of stand-off chemical detector. Monitoring the vapor cloud with standoff detector, the chemical detection UAV moved back and forth at the area DMMP vapor being generated to detect the chemical contamination. The hybrid detection system with standoff cloud detection and point detection by chemical sensors with UAV seems to be very efficient as a new concept of chemical detection.

• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.53-58
• /
• 2021

There is little research on actual business activities in the field of security control. Therefore, in this paper, we intend to present a practical research methodology that can contribute to the calculation of the size of the appropriate input personnel through the modeling of the threat information detection response time of the security control and to analyze the effectiveness of the latest security solutions. The total threat information detection response time performed by the security control center is defined as TIDRT (Total Intelligence Detection & Response Time). The total threat information detection response time (TIDRT) is composed of the sum of the internal intelligence detection & response time (IIDRT) and the external intelligence detection & response time (EIDRT). The internal threat information detection response time (IIDRT) can be calculated as the sum of the five steps required. The ultimate goal of this study is to model the major business activities of the security control center with an equation to calculate the cyber threat information detection response time calculation formula of the security control center. In Chapter 2, previous studies are examined, and in Chapter 3, the calculation formula of the total threat information detection response time is modeled. Chapter 4 concludes with a conclusion.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.525-532
• /
• 2003

This paper describes intrusion detection rule management using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed approach, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2 (Network Simulator) with respect to time.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.44 no.2
• /
• pp.46-54
• /
• 2007

In this paper, we introduce the performance of improved symbol timing detection by the superposed difference type symbol timing detection method in the OFDM system. Also, we represent the maximum detection probability of symbol synchronization timing at each received delay signal in multipath channel delay profile in the correlation and difference type symbol timing detection methods. The computer simulation results show that the correlation symbol timing detection method have maximum detection probability at the lead of the nth received delay signal of highest amplitude, but the difference type symbol timing detection method always have maximum detection probability at the lead of the first received delay signal in the channel delay spread of $70nsec{\sim}217nsec$. The simulation results indicate the possibility of the perfect detection of OFDM symbol synchronization timing and it fit well with the results of improved S/N to the eb/n0 and the performance of symbol timing detection of the proposed method.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.43 no.2 s.308
• /
• pp.65-72
• /
• 2006

The traffic lights detection and recognition system is an essential module of the driver warning and assistance system. A method which is a color vision-based real time detection and recognition of traffic lights is presented in this paper This method has four main modules : traffic signals lights detection module, traffic lights boundary candidate determination module, boundary detection module and recognition module. In traffic signals lights detection module and boundary detection module, the color thresholding and the subtraction value of saturation and intensity in HSI color space and detection probability mask for lights detection are used to segment the image. In traffic lights boundary candidate determination module, the detection mask of traffic lights boundary is proposed. For the recognition module, the AND operator is applied to the results of two detection modules. The input data for this method is the color image sequence taken from a moving vehicle by a color video camera. The recorded image data was transformed by zooming function of the camera. And traffic lights detection and recognition experimental results was presented in this zoomed image sequence.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2156-2170
• /
• 2020

This paper presents a fire detection algorithm with a minimal false detection rate, intended for a thermal imaging surveillance environment, whose properties vary depending on temporal conditions of day or night and environmental changes. This algorithm was designed to minimize the false detection alarm rate while ensuring a high detection rate, as required in fire detection applications. It was necessary to reduce false fire detections due to non-flame elements occurring when existing fixed threshold-based fire detection methods were applied. To this end, adaptive flame thresholds that varied depending on the characteristics of input images, as well as the center of gravity of the heat-source and hot-source regions, were analyzed in an attempt to minimize such non-flame elements in the phase of selecting flame candidate blocks. Also, to remove any false detection elements caused by camera shaking, one of the most frequently raised issues at outdoor sites, preliminary decision thresholds were adaptively set to the motion pixel ratio of input images to maximize the accuracy of the preliminary decision. Finally, in addition to the preliminary decision results, the texture correlation and intensity of the flame candidate blocks were averaged for a specific period of time and tested for their conformity with the fire decision conditions before making the final decision. To verify the fire detection performance of the proposed algorithm, a total of ten test videos were subjected to computer simulation. As a result, the fire detection accuracy of the proposed algorithm was determined to be 94.24%, with minimum false detection, demonstrating its improved performance and practicality compared to previous fixed threshold-based algorithms.

• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.13-20
• /
• 2009

Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.8
• /
• pp.2688-2703
• /
• 2022

Research on the advanced detection of harmful objects in airport cargo for passenger safety against terrorism has increased recently. However, because associated studies are primarily focused on the detection of relatively large objects, research on the detection of small objects is lacking, and the detection performance for small objects has remained considerably low. Here, we verified the limitations of existing research on object detection and developed a new model called the Small Hazardous Object detection enhanced and reconstructed Model based on the You Only Look Once version 5 (YOLOv5) algorithm to overcome these limitations. We also examined the performance of the proposed model through different experiments based on YOLOv5, a recently launched object detection model. The detection performance of our model was found to be enhanced by 0.3 in terms of the mean average precision (mAP) index and 1.1 in terms of mAP (.5:.95) with respect to the YOLOv5 model. The proposed model is especially useful for the detection of small objects of different types in overlapping environments where objects of different sizes are densely packed. The contributions of the study are reconstructed layers for the Small Hazardous Object detection enhanced and reconstructed Model based on YOLOv5 and the non-requirement of data preprocessing for immediate industrial application without any performance degradation.