• Journal of information and communication convergence engineering
• /
• v.6 no.3
• /
• pp.294-300
• /
• 2008

This study was conducted to investigate what to consider for active response in the intrusion detection system, how to implement active response, and 6-phase response models to respond actively, including the active response scheme to detect unknown attacks by using a traffic measuring engine and an anomaly detection engine.

• Journal of Electrical Engineering and Technology
• /
• v.9 no.2
• /
• pp.707-720
• /
• 2014

This paper proposes a face tracking scheme that is a combination of a face detection algorithm and a face tracking algorithm. The proposed face detection algorithm basically uses the Adaboost algorithm, but the amount of search area is dramatically reduced, by using skin color and motion information in the depth map. Also, we propose a face tracking algorithm that uses a template matching method with depth information only. It also includes an early termination scheme, by a spiral search for template matching, which reduces the operation time with small loss in accuracy. It also incorporates an additional simple refinement process to make the loss in accuracy smaller. When the face tracking scheme fails to track the face, it automatically goes back to the face detection scheme, to find a new face to track. The two schemes are experimented with some home-made test sequences, and some in public. The experimental results are compared to show that they outperform the existing methods in accuracy and speed. Also we show some trade-offs between the tracking accuracy and the execution time for broader application.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.5
• /
• pp.33-40
• /
• 2012

In this paper we propose an anomaly detection scheme to detect new attack paths or new attack methods without false positives by monitoring HTTP Outbound Traffic after efficient training. Our proposed scheme detects web-based attacks by comparing tags or javascripts of HTTP Outbound Traffic with normal behavioral models which apply HMM(Hidden Markov Model). Through the verification analysis under the real-attacked environment, we show that our scheme has superior detection capability of 0.0001% false positive and 96% detection rate.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.251-254
• /
• 2018

Research about IoT system that utilizes variation of wireless received signal according to the changing of the surrounding environment are actively being studied. In this paper, firstly we proved that the received signal strength changes according to the ambient temperature variation. Then, we proposed the fire detection scheme by using received signal strength variation when the signal exchange between fixed transmitter and receiver periodically. The proposed scheme consists of the received signal strength change detection unit and the internal receiver temperature detection unit which prevents misunderstanding the received signal strength variation by the changing of wireless channel environment as outbreak of fire. The proposed scheme has the advantage of being able to support the existing receiver through software upgrade without additional device.

• The Transactions of the Korean Institute of Power Electronics
• /
• v.12 no.1
• /
• pp.74-80
• /
• 2007

This paper proposes the novel open-fault detection/isolation scheme of inverter switch in two-phase excited VSI. This scheme identify open-fault using voltage sensor at lower switches of each phase according to the operating mode. It has benefit of simple implementation, fast detection and robustness in the load so that stab of the system is improved. Also, at faulty mode, it minimizes faulty effect and makes possible continuous operation through the reconfiguration procedure applying four-switch operation. The validity of proposed fault detection scheme is verified by experimental results.

• Journal of Institute of Control, Robotics and Systems
• /
• v.17 no.11
• /
• pp.1117-1124
• /
• 2011

An integrated fault detection and isolation method is proposed in this paper. The main objective of this paper is development fault detection, isolation and diagnosis algorithm based on the DKF (Decentralized Kalman Filter) and the bank of IMM (Interacting Multiple Model) filters using penalty scalar for both partial and total faults and the outlier detection algorithm for preventing false alarm also included. The proposed FDI (Fault Detection and Isolation) scheme is developed in four phases. In the first phase, the outlier detection filter is designed to prevent false alarm as a pre-filter. In the second phases, two local filters and master filter are designed to detect sensor faults. In the third phases, the proposed FDI scheme checks sensor residual to isolate sensor faults and 11 EKFs actuator fault models are designed to detect wherever actuator faults occur. In the last phases, four filters are designed to identify the fault type which is either the total fault or partial fault. The developed scheme can deal with not only sensor and actuator faults, but also preventing false alarm. An important feature of the proposed FDI scheme can decreases fault isolation time and figure out not only fault detection and isolation but also fault type identification. To verify the proposed FDI algorithm performance, the Simulator is also developed under the Matlab/Simulink environment.

• Journal of Communications and Networks
• /
• v.12 no.1
• /
• pp.74-85
• /
• 2010

For the purpose of compromising hosts, attackers including infected hosts initially perform a portscan using IP addresses in order to find vulnerable hosts. Considerable research related to portscan detection has been done and many algorithms have been proposed and implemented in the network intrusion detection system (NIDS). In order to distinguish portscanners from remote hosts, most portscan detection algorithms use a fixed threshold that is manually managed by the network manager. Because the threshold is a constant, even though the network environment or the characteristics of traffic can change, many false positives and false negatives are generated by NIDS. This reduces the efficiency of NIDS and imposes a high processing burden on a network management system (NMS). In this paper, in order to address this problem, we propose an automatic portscan detection system using an fast increase slow decrease (FISD) scheme, that will automatically and adaptively set the threshold based on statistical data for traffic during prior time periods. In particular, we focus on reducing false positives rather than false negatives, while the threshold is adaptively set within a range between minimum and maximum values. We also propose a new portscan detection algorithm, rate of increase in the number of failed connection request (RINF), which is much more suitable for our system and shows better performance than other existing algorithms. In terms of the implementation, we compare our scheme with other two simple threshold estimation methods for an adaptive threshold setting scheme. Also, we compare our detection algorithm with other three existing approaches for portscan detection using a real traffic trace. In summary, we show that FISD results in less false positives than other schemes and RINF can fast and accurately detect portscanners. We also show that the proposed system, including our scheme and algorithm, provides good performance in terms of the rate of false positives.

• Journal of Institute of Control, Robotics and Systems
• /
• v.9 no.11
• /
• pp.883-890
• /
• 2003

Two GOS (Generalized Observer Scheme) type Fault Detection Isolation Schemes (FDIS), employing the bank of unknown input functional observers (UIFO) as a residual generator, are proposed to make the practical use of the multiple observer based FDIS. The one is IFD (Instrument Fault Detection) scheme and the other is PFD (Process Fault Detection) scheme. A design method of UIFO is suggested for robust residual generation and reducing the size of the observer bank. Several design objectives that can be achieved by the FDI schemes and the design methods to meet the objectives are described. An IFD system is constructed for the Boeing 929 Jetfoil boat system to show the effectiveness of the propositions. Major contributions of this paper are two folds. Firstly, the proposed UIFO approaches considerably reduce the size of residual generator in the GOS type FDI systems. Secondly, the FDI schemes, in addition to the basic functions of the conventional observer-based FDI schemes, can reconstruct the failed signal or give the estimates of fault magnitude that can be used for compensating fault effects. The schemes are directly applicable to the design of a fault tolerant control systems.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.2
• /
• pp.49-54
• /
• 2005

This Paper Presents a non-blocking deadlock detection scheme with immediate cycle detection in multiprocessing systems. We assume an expedient state and a special case where each type of resource has one unit and each request is limited to one resource unit at a time. Unlike the previous deadlock detection schemes, this new method takes O(1) time for detecting a cycle and O(n+m) time for blocking or handling resource release where n and m are the number of processes and that of resources in the system. The deadlock detection latency is thus minimized and is constant regardless of n and m. However, in a multiprocessing system, the operating system can handle the blocking or release on-the-fly running on a separate processor, thus not interfering with user process execution. To some applications where deadlock is concerned, a predictable and zero-latency deadlock detection scheme could be very useful.

• Journal of Electrical Engineering and Technology
• /
• v.13 no.2
• /
• pp.989-997
• /
• 2018

Massive event stream brings us great challenges in its volume, velocity, variety, value and veracity. Picking up some valuable information from it often faces with long detection time, high memory consumption and low detection efficiency. Aiming to solve the problems above, an efficient complex event detection method based on NFA_HTS (Nondeterministic Finite Automaton_Hash Table Structure) is proposed in this paper. The achievement of this paper lies that we successfully use NFA_HTS to realize the detection of complex event from massive RFID event stream. Specially, in our scheme, after using NFA to capture the related RFID primitive events, we use HTS to store and process the large matched results, as a result, our scheme can effectively solve the problems above existed in current methods by reducing lots of search, storage and computation operations on the basis of taking advantage of the quick classification and storage technologies of hash table structure. The simulation results show that our proposed NFA_HTS scheme in this paper outperforms some general processing methods in reducing detection time, lowering memory consumption and improving event throughput.