• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.3-13
• /
• 2004

Kvarnstrom et al. ${in}^{[10]}$ proposed a rule protection scheme by using one-way hash function to protect rules in security systems over ubiquitous environment. Son et at. ${in}^{[5-6]}$ also prooposed a rule protection scheme for Snort, which is one of the most common IDS. These schemes provide security only for the header information but not for its contents. To solve this problem, this paper presents a scheme based on the symmetric cryptosystem over Snort not only for the header information but also contents. This paper uses the key management based on PCMCIA security module proposed ${by}^{[12]}$ for the symmetric cryptosystem. Our scheme could be adjusted to other security systems, which use the rule based detection.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.9 no.1
• /
• pp.19-26
• /
• 2010

In this paper, we propose an efficient decision rule in order to get better chance to detect the unused spectrum assigned to a licensed user and improve reliability of spectrum sensing performance. Each secondary user receives the signals from the licensed user. And the resulting signals input to an energy detector. Then, each sensing result is combined and used to make a decision whether the primary user is present at the licensed spectrum band or not. In order to make the reliable decision, we apply an efficient decision rule that is called as a majority rule in this paper. The simulation results show that spectrum sensing performance with the proposed decision rule is more reasonable and efficient than that with conventional decision rules.

• International Journal of Control, Automation, and Systems
• /
• v.5 no.3
• /
• pp.329-336
• /
• 2007

This paper considers a fault accommodation problem for inertial navigation systems (INS) that have redundant inertial sensors such as gyroscopes and accelerometers. It is wellknown that the more sensors are used, the smaller the navigation error of INS is, which means that the error covariance of the position estimate becomes less. Thus, when it is decided that double faults occur in the inertial sensors due to fault detection and isolation (FDI), it is necessary to decide whether the faulty sensors should be excluded or not. A new accommodation rule for double faults is proposed based on the error covariance of triad-solution of redundant inertial sensors, which is related to the navigation accuracy of INS. The proposed accommodation rule provides decision rules to determine which sensors should be excluded among faulty sensors. Monte Carlo simulation is performed for dodecahedron configuration, in which case the proposed accommodation rule can be drawn in the decision space of the two-dimensional Cartesian coordinate system.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.22 no.4
• /
• pp.405-413
• /
• 2012

Low misclassification performance is significant with high classification accuracy for a reliable diagnosis of ECG signals, and diagnosing abnormal state as normal state can especially raises a deadly problem to a person in ECG test. In this paper, we propose detection and classification method of abnormal rhythm by rule-based rhythm classification reflecting clinical criteria for disease. Rule-based classification classifies rhythm types using rule-base for feature of rhythm section, and rule-base deduces decision results corresponding to professional materials of clinical and internal fields. Experimental results for the MIT-BIH arrhythmia database show that the applicability of proposed method is confirmed to classify rhythm types for normal sinus, paced, and various abnormal rhythms, especially without misclassification in detection aspect of abnormal rhythm.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.666-668
• /
• 2013

Wireless network environment is spreading due to the increase of using mobile devices, causing wireless network abuse. Network security and intrusion detection have been paid attention to wireless as well as wired existing and studied actively Snort-based intrusion detection system (Intrusion Detection System) is a proven open source system which is widely used for the detection of malicious activity in the existing wired network. Snort Wireless has been developed in order to enable the 802.11 wireless detection feature. In this paper, Snort Wireless Rule is analyzed. Based on the results of the analysis, present the traveling direction of future research.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.9-19
• /
• 2019

Service and users over the Internet are increasing rapidly. Cyber attacks are also increasing. As a result, information leakage and financial damage are occurring. Government, public agencies, and companies are using security systems that use signature-based detection rules to respond to known malicious codes. However, it takes a long time to generate and validate signature-based detection rules. In this paper, we propose and develop signature based detection rule generation and verification systems using the signature extraction scheme developed based on the LDA(latent Dirichlet allocation) algorithm and the traffic analysis technique. Experimental results show that detection rules are generated and verified much more quickly than before.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.3
• /
• pp.22-29
• /
• 2009

In previous work, anomaly-based intrusion detection techniques have been widely used to effectively detect various intrusions into a computer. This is because the anomaly-based detection techniques can effectively handle previously unknown intrusion methods. However, most of the previous work assumed that the normal network connections are fixed. For this reason, a new network connection may be regarded as an anomalous event. This paper proposes a new anomaly detection method based on an association-mining algorithm. The proposed method is composed of two phases: intra-packet association mining and inter-packet association mining. The performances of the proposed method are comparatively verified with JAM, which is a conventional representative intrusion detection method.

• ETRI Journal
• /
• v.39 no.5
• /
• pp.652-661
• /
• 2017

A mention has a noun or noun phrase as its head and constructs a chunk that defines any meaning, including a modifier. Mention detection refers to the extraction of mentions from a document. In mentions, coreference resolution refers to determining any mentions that have the same meaning. Pointer networks, which are models based on a recurrent neural network encoder-decoder, outputs a list of elements corresponding to an input sequence. In this paper, we propose mention detection using pointer networks. This approach can solve the problem of overlapped mention detection, which cannot be solved by a sequence labeling approach. The experimental results show that the performance of the proposed mention detection approach is F1 of 80.75%, which is 8% higher than rule-based mention detection, and the performance of the coreference resolution has a CoNLL F1 of 56.67% (mention boundary), which is 7.68% higher than coreference resolution using rule-based mention detection.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.8
• /
• pp.781-790
• /
• 2004

This paper describes intrusion detection rule mangement using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed appraoch, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2(Network Simulator) with respect to time.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.30 no.4
• /
• pp.397-404
• /
• 2012

Jeju where concentrates on agriculture and tourism, conversion of outdoor culture into cultivation under structure happens actively for the purpose of increasing profit so continuous examination on house cultivation area is very important for this region. This paper is to suggest the effective image classification method using high resolution satellite image to detect the greenhouse. We carried out classification of greenhouse using the supervised classification and rule-based classification method about Formosat-2 images. Connecting result of two classification try to find accuracy improvement for greenhouse detection. Results about each classification method were calculated the accuracy by comparing with the result of visual detection. As a result, mahalanobis distance among the supervised methods was resulted in the highest detection. Also, it could be checked that detection accuracy was improved by tying with result of supervised method and result of rule-based classification. Therefore, it was expected that effective detection of greenhouse would be feasible if henceforward further study is performed in the process of connecting supervised classification and rule-based classification.