• Journal of the Korea Convergence Society
• /
• v.9 no.6
• /
• pp.33-38
• /
• 2018

In this study, we try to detect new attacks for vehicle by learning only one class. We use Car-Hacking dataset, an intrusion detection dataset, which is used to evaluate classification performance. The dataset are created by logging CAN (Controller Area Network) traffic through OBD-II port from a real vehicle. The dataset have four attack types. One class classification is one of unsupervised learning methods that classifies attack class by learning only normal class. When using unsupervised learning, it difficult to achieve high efficiency because it does not use negative instances for learning. However, unsupervised learning has the advantage for classifying unlabeled data, which are new attacks. In this study, we use one class classifier to detect new attacks that are difficult to detect using signature-based rules on network intrusion detection system. The proposed method suggests a combination of parameters that detect all new attacks and show efficient classification performance for normal dataset.

• Information Systems Review
• /
• v.12 no.2
• /
• pp.89-104
• /
• 2010

Recently, ubiquitous sensor network (USN) has been applied to many areas including environment monitoring. A few studies applied the USN to disaster prevention and emergency management, in particular, aiming to conserve cultural heritage. USN is an useful technology to do online real-time monitoring for the purpose of early detection of the fire which is a critical cause of damage and destruction of cultural heritages. It is necessary to online monitor the cultural heritages that human has a difficulty to access or their external appearance and beauty are important, by using the USN. However, there exists false warning from USN-based monitoring systems without human intervention. In this paper, we presented an alternative to resolve the problem by applying ontology. Our intelligent fire early detection systems for conserving cultural heritages are based on ontology and inference rules, and tested under laboratory environments.

• The Journal of Society for e-Business Studies
• /
• v.23 no.4
• /
• pp.153-169
• /
• 2018

Previous e-financial anomalies analysis and detection technology collects large amounts of electronic financial transaction logs generated from electronic financial business systems into big-data-based storage space. And it detects abnormal transactions in real time using detection rules that analyze transaction pattern profiling of existing customers and various accident transactions. However, deep analysis such as attempts to access e-finance by insiders of financial institutions with large scale of damages and social ripple effects and stealing important information from e-financial users through bypass of internal control environments is not conducted. This paper analyzes the management status of e-financial security programs of financial companies and draws the possibility that they are allies in security control of insiders who exploit vulnerability in management. In order to efficiently respond to this problem, it will present a comprehensive e-financial security management environment linked to insider threat monitoring as well as the existing e-financial transaction detection system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.661-674
• /
• 2021

Malware, such as a rootkit that modifies the kernel, can adversely affect the analyst's judgment, making the analysis difficult or impossible if a mechanism to evade memory analysis is added. Therefore, we plan to preemptively respond to malware such as rootkits that bypass detection through advanced kernel modulation in the future. To this end, the main structure used in the Windows kernel was analyzed from the attacker's point of view, and a method capable of modulating the kernel object was applied to modulate the memory dump file. The result of tampering is confirmed through experimentation that it cannot be detected by memory analysis tool widely used worldwide. Then, from the analyst's point of view, using the concept of tamper resistance, it is made in the form of software that can detect tampering and shows that it is possible to detect areas that are not detected by existing memory analysis tools. Through this study, it is judged that it is meaningful in that it preemptively attempted to modulate the kernel area and derived insights to enable precise analysis. However, there is a limitation in that the necessary detection rules need to be manually created in software implementation for precise analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.93-101
• /
• 2009

This paper proposes the detection method of spreading mails which hacker injects malicious codes to steal the information. And I developed the 'Analysis model' which is decoding traffics when hacker's encoding them to steal the information. I researched 'Methodology of intrusion detection techniques' in the computer network monitoring. As a result of this simulation, I developed more efficient rules to detect the PCs which are infected malicious codes in the hacking mail. By proposing this security policy which can be applicable in the computer network environment including every government or company, I want to be helpful to minimize the damage by hacking mail with malicious codes.

• Journal of Internet of Things and Convergence
• /
• v.9 no.1
• /
• pp.77-87
• /
• 2023

Applying various association rule mining algorithms to the network intrusion detection task involves two critical issues: too large size of generated rule set which is hard to be utilized for IoT systems and hardness of control of false negative/positive rates. In this research, we propose an association rule mining algorithm based on the newly defined measures called coverage and exclusion. Coverage shows how frequently a pattern is discovered among the transactions of a class and exclusion does how frequently a pattern is not discovered in the transactions of the other classes. We compare our algorithm experimentally with the Apriori algorithm which is the most famous algorithm using the public dataset called KDDcup99. Compared to Apriori, the proposed algorithm reduces the resulting rule set size by up to 93.2 percent while keeping accuracy completely. The proposed algorithm also controls perfectly the false negative/positive rates of the generated rules by parameters. Therefore, network analysts can effectively apply the proposed association rule mining to the network intrusion detection task by solving two issues.

• Industrial Engineering and Management Systems
• /
• v.12 no.4
• /
• pp.380-388
• /
• 2013

Large variation in electrocardiogram (ECG) waveforms continues to present challenges in defining R-wave locations in ECG signals. This research presents a procedure to extract the R-wave locations by forward-backward (FB) algorithm and classify the arrhythmic beat conditions by using RR intervals. The FB algorithm shows forward and backward searching rules from QRS onset and eliminates lower-amplitude signals near the baseline using a statistical process control concept. The proposed algorithm was trained the optimal parameters by using MIT-BIH arrhythmia database (MITDB), and it was verified by actual Holter ECG signals from a local hospital. The signals are classified into normal (N) and three arrhythmia beat types including premature ventricular contraction (PVC), ventricular flutter/fibrillation (VF), and second-degree heart block (BII) beat. This work produces 98.54% accuracy in the detection of R-wave location; 98.68% for N beats; 91.17% for PVC beats; and 87.2% for VF beats in the collected Holter ECG signals, and the results are better than what are reported in literature.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.2
• /
• pp.243-249
• /
• 2012

These days it is becoming more and more common to find electronic medical screening systems installed in Oriental hospitals and clinics. This is a relatively new development for the practice of traditional Oriental medicine. Specifically, Pulse detection machines are being utilized in order to help determine a patient's disease scientifically. However, identifying and diagnosing the specific disease correctly for each patient is still very difficult in Oriental medicine. The intention of this paper is to propose a solution which uses two separate Electronic systems working together to produce a better likelihood of finding the correct diagnosis for each patient. It is proposed that an EMR intelligent electronic chart system be developed and employed, which would utilize both Pulse wave system and a tongue detection system at the same time, in order to solve the problem. Computer simulation results have proven to show that EMR systems used in hospitals and clinics are more efficient and yield a more accurate diagnosis than traditional methods.

• Journal of the Korean Institute of Telematics and Electronics S
• /
• v.35S no.2
• /
• pp.137-145
• /
• 1998

In this paper, we propose a tube-hole center detection vision algorithm verifying the position of a tele-controlled robot and providing visual information for increasing reliability and efficiency in the diagnosis of steam generator (SG) tubes in nuclear power plant. A tele-controlled robot plays a role in carrying the probe used in inspecting the integrity of SG tubes. Thus accurately locating a tele-controlled robot on the desired tube-hole center is important issue for reliability of inspection. To do this work, we have to find the tube-hole center locations from the input image. At first, we apply the three-class segmentation method modified for this application. WE extract minimum bounding rectangles (MBRs) in the theresholded binary image. Second, for discriminating between MBR by tube and MBR by noise, we introduce the MBR rejection rules as knowledge-based rule set. MBRs are divided into the very dark region MBRs and the very bright region MBRs. In order to describe the region of complete tube-hole, the MBRs need a process of pairing each other. We then can find the tube-hole center from the paired MBR. For more accurately finding the tube-hole center in several sequential images, the centers of some frames need to be averaged. We tested the performance of our method using hundreds of real images.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.9
• /
• pp.1925-1931
• /
• 2011

This paper suggests an approach to the subtle concept, "good", through the fuzzy logic and the design of the Canny edge detector of Gray scale images based on the rules of fuzzy anisotropic diffusion. The Canny edge detection algorithms design is to divide the gray levels into pixels and then calculate the diffusion coefficients at each pixel of non-edgy regions. Based on this processing, we present the Canny edge detector implementing fuzzy logic and comparing the results to other existing methods. The proposed approach is the narrow dynamic range of the gray-level image Sharpening the edge detection and has the advantage.