• Journal of KIISE:Information Networking
• /
• v.31 no.2
• /
• pp.171-178
• /
• 2004

Port scanning detection systems should rather satisfy a certain level of the requirement for system performance like a low rate of “False Positive” and “False Negative”, and requirement for convenience for users to be easy to manage the system security with detection systems. However, public domain Real Time Scan Detection Systems have high rate of false detection and have difficulty in detecting various scanning techniques. In addition, as current real time scan detection systems are based on command interface, the systems are poor at user interface and thus it is difficult to apply them to the system security management. Hence, we propose TkRTSD(Tcl/Tk Real Time Scan Detection System) that is able to detect various scan attacks based on port scanning techniques by applying a set of new filter rules, and minimize the rate of False Positive by applying proposed ABP-Rules derived from attacker's behavioral patterns. Also a GUI environment for TkRTSD is implemented by using Tcl/Tk for user's convenience of managing network security.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.1
• /
• pp.25-31
• /
• 2014

Korean grammar checkers typically detect context-dependent errors by employing heuristic rules; these rules are formulated by language experts and consisted of lexical items. Such grammar checkers, unfortunately, show low recall which is detection ratio of errors in the document. In order to resolve this shortcoming, a new error-decision rule-generalization method that utilizes the existing KorLex thesaurus, the Korean version of Princeton WordNet, is proposed. The method extracts noun classes from KorLex and generalizes error-decision rules from them using the Tree Cut Model and information-theory-based MDL (minimum description length).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.79-88
• /
• 2008

On the internet, the NIDS(Network Intrusion Detection System) has been widely deployed to protect the internal network. The NIDS builds a set of rules with analysis results on illegal packets and filters them using the rules, thus protecting the internal system. The number of rules is ever increasing as the attacks are becoming more widespread and well organized these days. As a result, the performance degradation has been found severe in the rule application fer the NIDS. In this paper, we propose a multiple pattern matching scheme to improve rule application performance. Then we compare our algorithm with Wu-Mantel algorithm which is known to do high performance multi-pattern matching.

• Journal of the Korean Data and Information Science Society
• /
• v.19 no.4
• /
• pp.1297-1304
• /
• 2008

This paper proposes a machine learning approach for language-independent sentence boundary detection. The proposed method requires no heuristic rules and language-specific features, such as part-of-speech information, a list of abbreviations or proper names. With only the language-independent features, we perform experiments on not only an inflectional language but also an agglutinative language, having fairly different characteristics (in this paper, English and Korean, respectively). In addition, we obtain good performances in both languages. We have also experimented with the methods under a wide range of experimental conditions, especially for the selection of useful features.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.1
• /
• pp.81-87
• /
• 2012

Intrusion Detection System that protects system safely is necessary as network technology is developed rapidly and application division is wide. Intrusion Detection System among others can construct system without participation of other severs. But it has weakness that big load in system happens and it has low efficient because every traffics are inspected in case that mass traffic happen. In this study, Distributed Intrusion Detection System based on protocol is proposed to reduce traffic of intrusion detection system and provide stabilized intrusion detection technique even though mass traffic happen. It also copes to attack actively by providing automatic update of using rules to detect intrusion in sub Intrusion Detection System.

• Proceedings of the IEEK Conference
• /
• 2000.07b
• /
• pp.877-880
• /
• 2000

In this paper, we develop an algorithm of soccer image sequences mosaicing using reverse affine transform. The continuous mosaic images of soccer ground field allows the user/viewer to view a “wide picture” of the player’s actions The first step of our algorithm is to automatic detection and tracking player, ball and some lines such as center circle, sideline, penalty line and so on. For this purpose, we use the ground field extraction algorithm using color information and player and line detection algorithm using four P-rules and two L-rules. The second step is Affine transform to map the points from image to model coordinate using predefined and pre-detected four points. General Affine transformation has many holes in target image. In order to delete these holes, we use reverse Affine transform. We tested our method in real image sequence and the experimental results are given.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.297-300
• /
• 2005

Especially, system security is very important in the ubiquitous environment. This paper proposes a protecting scheme for security policies in Firewall and intrusion detection system (IDS). The one-way hash function and the symmetric cryptosystem are used to make the protected rules for Firewalls and IDSs. The proposed scheme could be applied in diverse kind of defense systems which use rules.

• Journal of the Korean Society of Industry Convergence
• /
• v.27 no.2_1
• /
• pp.249-256
• /
• 2024

Traditional methods for monitoring targets rely heavily on probabilistic data association (PDA) or Kalman filtering. However, achieving optimal performance in a densely congested tracking environment proves challenging due to factors such as the complexities of measurement, mathematical simplification, and combined target detection for the tracking association problem. This article analyzes a target tracking problem through the lens of fuzzy logic theory, identifies the fuzzy rules that a fuzzy tracker employs, and designs the tracker utilizing fuzzy rules and Kalman filtering.

• ETRI Journal
• /
• v.37 no.3
• /
• pp.502-511
• /
• 2015

Intrusion detection plays a key role in detecting attacks over networks, and due to the increasing usage of Internet services, several security threats arise. Though an intrusion detection system (IDS) detects attacks efficiently, it also generates a large number of false alerts, which makes it difficult for a system administrator to identify attacks. This paper proposes automatic fuzzy rule generation combined with a Wiener filter to identify attacks. Further, to optimize the results, simplified swarm optimization is used. After training a large dataset, various fuzzy rules are generated automatically for testing, and a Wiener filter is used to filter out attacks that act as noisy data, which improves the accuracy of the detection. By combining automatic fuzzy rule generation with a Wiener filter, an IDS can handle intrusion detection more efficiently. Experimental results, which are based on collected live network data, are discussed and show that the proposed method provides a competitively high detection rate and a reduced false alarm rate in comparison with other existing machine learning techniques.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.18 no.5
• /
• pp.679-684
• /
• 2008

The slow port scan attack detection is the one of the important topics in the network security. We suggest an abnormal traffic control framework to detect slow port scan attacks using fuzzy rules. The abnormal traffic control framework acts as an intrusion prevention system to suspicious network traffic. It manages traffic with a stepwise policy: first decreasing network bandwidth and then discarding traffic. In this paper, we show that our abnormal traffic control framework effectively detects slow port scan attacks traffic using fuzzy rules and a stepwise policy.