• Journal of Internet Computing and Services
• /
• v.19 no.1
• /
• pp.1-10
• /
• 2018

Network threats such as Internet worms and computer viruses have been significantly increasing. In particular, APTs(Advanced Persistent Threats) and ransomwares become clever and complex. IDSes(Intrusion Detection Systems) have performed a key role as information security solutions during last few decades. To use an IDS effectively, IDS rules must be written properly. An IDS rule includes a key signature and is incorporated into an IDS. If so, the network threat containing the signature can be detected by the IDS while it is passing through the IDS. However, it is challenging to find a key signature for a specific network threat. We first need to analyze a network threat rigorously, and write a proper IDS rule based on the analysis result. If we use a signature that is common to benign and/or normal network traffic, we will observe a lot of false alarms. In this paper, we propose a scheme that analyzes a network threat and extracts key signatures corresponding to the threat. Specifically, our proposed scheme quantifies the degree of correspondence between a network threat and a signature using the LDA(Latent Dirichlet Allocation) algorithm. Obviously, a signature that has significant correspondence to the network threat can be utilized as an IDS rule for detection of the threat.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.1
• /
• pp.81-87
• /
• 2012

Intrusion Detection System that protects system safely is necessary as network technology is developed rapidly and application division is wide. Intrusion Detection System among others can construct system without participation of other severs. But it has weakness that big load in system happens and it has low efficient because every traffics are inspected in case that mass traffic happen. In this study, Distributed Intrusion Detection System based on protocol is proposed to reduce traffic of intrusion detection system and provide stabilized intrusion detection technique even though mass traffic happen. It also copes to attack actively by providing automatic update of using rules to detect intrusion in sub Intrusion Detection System.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.12 no.6
• /
• pp.531-536
• /
• 2002

In this paper, we have applied Genetic Algorithms(GAs) to Intrusion Detection System(TDS), and then proposed and simulated the misuse detection model firstly. We have implemented with the KBD contest data, and tried to simulated in the same environment. In the experiment, the set of record is regarded as a chromosome, and GAs are used to produce the intrusion patterns. That is, the intrusion rules are generated. We have concentrated on the simulation and analysis of classification among the Data Mining techniques and then the intrusion patterns are produced. The generated rules are represented by intrusion data and classified between abnormal and normal users. The different rules are generated separately from three models "Time Based Traffic Model", "Host Based Traffic Model", and "Content Model". The proposed system has generated the update and adaptive rules automatically and continuously on the misuse detection method which is difficult to update the rule generation. The generated rules are experimented on 430M test data and almost 94.3% of detection rate is shown.3% of detection rate is shown.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.1
• /
• pp.50-59
• /
• 2007

In this paper, an anchor shot detection method, which is a basic technology for managing news videos for index and retrieval purposes is proposed. To do that, two most popular news program such as 'KBS 9 Hour News' and 'MBC 9 Hour News' are analyzed and 4-step rule based detection method is proposed First, in the preprocessing, video shot boundaries are detected and the 1st frame of each shot is extracted as a key frame. Then, the detected shot is declared as an anchor shot, if all the following 4 conditions are satisfied. 1) There is an anchor face in the key frame of a shot. 2) Spatial distribution of edges in the key frame is adequate. 3) Background color information of the key frame is similar to the color information of an anchor model. 4) Motion rate in the shot is low. In order to show the validity of the proposed method, three 'KBS 9 Hour News' and three 'MBC 9 Hour News', which have total running time of 108 in minute and are broadcasted at different days, are used for experiments. Average detection rates showed 0.97 in precision, 1.0 in recall, and 0.98 in F-measure.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.381-404
• /
• 2022

Forest fires inflict great losses of human lives and serious damages to ecological systems. Hence, numerous fire detection methods have been proposed, one of which is fire detection based on sensors. However, these methods reveal several limitations when applied in large spaces like forests such as high cost, high level of false alarm, limited battery capacity, and other problems. In this research, we propose a novel forest fire detection method based on image processing and correlation coefficient. Firstly, two fire detection conditions are applied in RGB color space to distinguish between fire pixels and the background. Secondly, the image is converted from RGB to YCbCr color space with two fire detection conditions being applied in this color space. Finally, the correlation coefficient is used to distinguish between fires and objects with fire-like colors. Our proposed algorithm is tested and evaluated on eleven fire and non-fire videos collected from the internet and achieves up to 95.87% and 97.89% of F-score and accuracy respectively in performance evaluation.

• Journal of the Korea Society for Simulation
• /
• v.14 no.1
• /
• pp.9-18
• /
• 2005

Attempts to attack hosts in the network have become diverse, due to crackers developments of new creative attacking methods. Under these circumstances the role of intrusion detection system as a security system component gets considerably importance. Therefore, in this paper, we have suggested multiple intrusion detection system based on the contract net protocol which provides the communication among multiple agents. In this architecture, fuzzy rule based system has been applied for agent selection among agents competing for being activated. The simulation models are designed and implemented based on DEVS formalism which is theoretically well grounded means of expressing discrete event simulation models.

• 한국정보컨버전스학회:학술대회논문집
• /
• 2008.06a
• /
• pp.103-110
• /
• 2008

In this thesis, we describe a statistical method for 3D object detection. In this method, we decompose the 3D geometry of each object into a small number of viewpoints. For each viewpoint, we construct a decision rule that determines if the object is present at that specific orientation. Each decision rule uses the statistics of both object appearance and "non-object" visual appearance. We represent each set of statistics using a product of histograms. Each histogram represents the joint statistics of a subset of wavelet coefficients and their position on the object. Our approach is to use many such histograms representing a wide variety of visual attributes. Using this method, we have developed the first algorithm that can reliably detect faces that vary from frontal view to full profile view and the first algorithm that can reliably detect cars over a wide range of viewpoints.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.11a
• /
• pp.1-4
• /
• 2003

최근에 침입 탐지 시스템은 네트워크 보안의 강화를 위해서 방화벽과 침입탐지 시스템 상호간의 연동으로 침입자의 연결 상태를 차단하는 방법도 개발되었다. 하지만 방화벽뿐만 아니라 침입탐지 시스템도 공격자에 의한 우회공격에 대해서는 아직 상당부분 방어할 수 없다. 또한 우회공격 탐지 모듈도 기존의 IDS와 Rule의 중복이 불가피하다. 본 논문은 취약점 진단 스크립트를 통해 IDS의 취약점 진단 후 IDS우회탐지공격 시스템의 Rule을 최적화 하여 우회공격을 효율적으로 탐지 해내는 시스템을 제안한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.7
• /
• pp.5029-5037
• /
• 2015

The objective of this study is to investigate the distribution of asbestos containing materials and to evaluate risk assessment method in some schools, Korea. For the survey on ACM risk assessment, we used both EPA AHERA rule and ASTM rule. We investigated 100 schools between January and December in 2010. Detection rate of the ACM according to construction year showed that before 1980's, 1990's, 2000's, after 2000's buildings were 100%, 94.1%, 100% and 62.5%, respectively. Compared with school types, detection rate of the ACM in Kindergarten, Elementary, Middle, High, Special Education schools were 100%, 97.1%, 92.9%, 100%, 80%, respectively. Ceiling textiles contained chrysolite/mixed amosite(2~8 %) and wall cement flat boards contained chrysolite(6~11 %). Also, gasket contained chrysolite(16~17 %), slate roof contained chrysolite(10~13 %). In this study, risk assessment EPA AHERA rule of ACM showed that all materials were "Pool" grade. And, ASTM rule risk assessment showed that all materials were "Q&M program" grade.

• Quantitative Bio-Science
• /
• v.37 no.2
• /
• pp.81-89
• /
• 2018

It is commonplace that high false detection rates interfere with immediate vision-based fire monitoring system. To circumvent this challenge, we propose a fire detection algorithm that can accommodate color variations of RGB in temporal domain, aiming at reducing false detection rates. Despite interrupting images (e.g., background noise and sudden intervention), the proposed method is proved robust in capturing distinguishable features of fire in temporal domain. In numerical studies, we carried out extensive real data experiments related to fire detection using 24 video sequences, implicating that the propose algorithm is found outstanding as an effective decision rule for fire detection (e.g., false detection rate <10%).