• Journal of KIISE:Information Networking
• /
• v.31 no.2
• /
• pp.171-178
• /
• 2004

Port scanning detection systems should rather satisfy a certain level of the requirement for system performance like a low rate of “False Positive” and “False Negative”, and requirement for convenience for users to be easy to manage the system security with detection systems. However, public domain Real Time Scan Detection Systems have high rate of false detection and have difficulty in detecting various scanning techniques. In addition, as current real time scan detection systems are based on command interface, the systems are poor at user interface and thus it is difficult to apply them to the system security management. Hence, we propose TkRTSD(Tcl/Tk Real Time Scan Detection System) that is able to detect various scan attacks based on port scanning techniques by applying a set of new filter rules, and minimize the rate of False Positive by applying proposed ABP-Rules derived from attacker's behavioral patterns. Also a GUI environment for TkRTSD is implemented by using Tcl/Tk for user's convenience of managing network security.

• Korean Journal of Veterinary Research
• /
• v.47 no.4
• /
• pp.399-407
• /
• 2007

Cause of high lethality and dissemination to human being, new development of rapid method for the detection of highly pathogenic Avian Influenza Virus (AIV) is still necessary. For the detection of AIV subtype H5N1, typical pathogenic AIV, new method to confirm sub-typing of this virus is also needed. For the purpose of ultra-rapid detection and sub-typing of hemagglutinin and neuraminidase of AIV, this study was planned. As the results we could demonstrate an ultra-rapid multiplex real-time PCR (URMRT PCR) for the detection of AIV In this study, the URMRT PCR were optimized with synthesized AIV H5- and AIV Nl-specific DNA templates and GenSpector TMC, which is a semiconductor process technology based real-time PCR system with high frequencies of temperature monitoring. Under eight minutes, the amplifications of two AIV subtype-specific PCR products were successfully and independently detected by 30 cycled ultra-rapid PCR, including melting point analysis, from $1{\times}10^3$ copies of mixed template DNA. The URMRT PCR for the detection of AIV H5N 1 developed in this study could be expected to apply not only detections of different AIVs, but also various pathogens. It was also discussed that this kind of the fastest PCR based detection method could be improved by advance of related technology in near future.

• Smart Structures and Systems
• /
• v.29 no.1
• /
• pp.129-140
• /
• 2022

The effectiveness of system identification, damage detection, condition assessment and other structural analyses relies heavily on the accuracy and reliability of the measured data in structural health monitoring (SHM) systems. However, data anomalies often occur in SHM systems, leading to inaccurate and untrustworthy analysis results. Therefore, anomalies in the raw data should be detected and cleansed before further analysis. Previous studies on data anomaly detection mainly focused on just single type of data anomaly for denoising or removing outliers, meanwhile, the existing methods of detecting multiple data anomalies are usually time consuming. For these reasons, recognising multiple anomaly patterns for real-time alarm and analysis in field monitoring remains a challenge. Aiming to achieve an efficient and accurate detection for multi-type data anomalies for field SHM, this study proposes a pattern-recognition-based data anomaly detection method that mainly consists of three steps: the feature extraction from the long time-series data samples, the training of a pattern recognition neural network (PRNN) using the features and finally the detection of data anomalies. The feature extraction step remarkably reduces the time cost of the network training, making the detection process very fast. The performance of the proposed method is verified on the basis of the SHM data of two practical long-span bridges. Results indicate that the proposed method recognises multiple data anomalies with very high accuracy and low calculation cost, demonstrating its applicability in field monitoring.

• ETRI Journal
• /
• v.39 no.1
• /
• pp.124-134
• /
• 2017

Data races are one of the most difficult types of bugs in concurrent multithreaded systems. It requires significant time and cost to accurately detect bugs in complex large-scale programs. Although many race detection techniques have been proposed by various researchers, none of them are effective in all aspects. In this paper, we compare the performance of five recent dynamic race detection techniques: FastTrack, Acculock, Multilock-HB, SimpleLock+, and causally precedes (CP) detection. We experimentally demonstrate the strengths and weaknesses of these dynamic race detection techniques in terms of their detection capability, running time, and runtime overhead using 20 benchmark programs with different characteristics. The comparison results show that the detection capability of CP detection does not differ from that of FastTrack, and that SimpleLock+ generates the lowest overhead among the hybrid detection techniques (Acculock, SimpleLock+, and Multilock-HB) for all benchmark programs. SimpleLock+ is 1.2 times slower than FastTrack on average, but misses one true data race reported from Mutilock-HB on the large-scale benchmark programs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.1-12
• /
• 2023

It is very time-intensive to obtain data with labels on anomaly detection tasks for multivariate time series. Therefore, several studies have been conducted on unsupervised learning that does not require any labels. However, a well-done integrative survey has not been conducted on in-depth discussion of learning architecture and property for multivariate time series anomaly detection. This study aims to explore the characteristic of well-known architectures in anomaly detection of multivariate time series. Additionally, architecture was categorized by using top-down and bottom-up approaches. In order toconsider real-world anomaly detection situation, we trained models with dataset such as power grids or Cyber Physical Systems that contains realistic anomalies. From experimental results, we compared and analyzed the comprehensive performance of each architecture. Quantitative performance were measured using precision, recall, and F1 scores.

• The KIPS Transactions:PartB
• /
• v.9B no.6
• /
• pp.853-862
• /
• 2002

Face Detection can be defined as follows : Given a digitalized arbitrary or image sequence, the goal of face detection is to determine whether or not there is any human face in the image, and if present, return its location, direction, size, and so on. This technique is based on many applications such face recognition facial expression, head gesture and so on, and is one of important qualify factors. But face in an given image is considerably difficult because facial expression, pose, facial size, light conditions and so on change the overall appearance of faces, thereby making it difficult to detect them rapidly and exactly. Therefore, this paper proposes fast and exact face detection which overcomes some restrictions by using neural network. The proposed system can be face detection irrelevant to facial expression, background and pose rapidily. For this. face detection is performed by neural network and detection response time is shortened by reducing search region and decreasing calculation time of neural network. Reduced search region is accomplished by using skin color segment and frame difference. And neural network calculation time is decreased by reducing input vector sire of neural network. Principle Component Analysis (PCA) can reduce the dimension of data. Also, pose estimates in extracted facial image and eye region is located. This result enables to us more informations about face. The experiment measured success rate and process time using the Squared Mahalanobis distance. Both of still images and sequence images was experimented and in case of skin color segment, the result shows different success rate whether or not camera setting. Pose estimation experiments was carried out under same conditions and existence or nonexistence glasses shows different result in eye region detection. The experiment results show satisfactory detection rate and process time for real time system.

• Nuclear Engineering and Technology
• /
• v.55 no.3
• /
• pp.814-826
• /
• 2023

Sensor faults in nuclear power plant instrumentation have the potential to spread negative effects from wrong signals that can cause an accident misdiagnosis by plant operators. To detect sensor faults and make accurate accident diagnoses, prior studies have developed a supervised learning-based sensor fault detection model and an accident diagnosis model with faulty sensor isolation. Even though the developed neural network models demonstrated satisfactory performance, their diagnosis performance should be reevaluated considering real-time connection. When operating in real-time, the diagnosis model is expected to indiscriminately accept fault data before receiving delayed fault information transferred from the previous fault detection model. The uncertainty of neural networks can also have a significant impact following the sensor fault features. In the present work, a pilot study was conducted to connect two models and observe actual outcomes from a real-time application with an integrated system. While the initial results showed an overall successful diagnosis, some issues were observed. To recover the diagnosis performance degradations, additive logics were applied to minimize the diagnosis failures that were not observed in the previous validations of the separate models. The results of a case study were then analyzed in terms of the real-time diagnosis outputs that plant operators would actually face in an emergency situation.

• IEIE Transactions on Smart Processing and Computing
• /
• v.5 no.3
• /
• pp.169-177
• /
• 2016

To realize high-speed intrusion detection by accommodating many regular expression (regex)-based signatures and growing network link capacities, we propose the Service TimE-Aware Load-balancing (STEAL) algorithm. This work is motivated from the observation that utilization of a many-core network intrusion detection system (NIDS) is influenced by unfair computational distribution among many-core NIDS nodes. To avoid such unfair computational distribution, STEAL is designed to dynamically distribute a large volume of traffic among many-core NIDS nodes based on packet service time, which is represented by the deep packet time in many-core NIDS nodes. From experiments, we show that compared to the commonly used load-balancing algorithm based on arrival rate, STEAL increases the number of received packets (i.e., decreases the number of dropped packets) in many-core NIDS. Specifically, by integrating an open source NIDS (i.e. Bro) with STEAL, we show that even under attack-dominant traffic and with many signatures, STEAL can rapidly improve the performance of many-core NIDS to realize high-speed intrusion detection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.6
• /
• pp.2781-2800
• /
• 2016

Emerging attacks aim to access proprietary assets and steal data for business or political motives, such as Operation Aurora and Operation Shady RAT. Skilled Intruders would likely remove their traces on targeted hosts, but their network movements, which are continuously recorded by network devices, cannot be easily eliminated by themselves. However, without complete knowledge about both inbound/outbound and internal traffic, it is difficult for security team to unveil hidden traces of intruders. In this paper, we propose an autonomous anomaly detection system based on behavior profiling and relation mining. The single-hop access profiling model employ a novel linear grouping algorithm PSOLGA to create behavior profiles for each individual server application discovered automatically in historical flow analysis. Besides that, the double-hop access relation model utilizes in-memory graph to mine time-sequenced access relations between different server applications. Using the behavior profiles and relation rules, this approach is able to detect possible anomalies and violations in real-time detection. Finally, the experimental results demonstrate that the designed models are promising in terms of accuracy and computational efficiency.

• Journal of Advanced Navigation Technology
• /
• v.12 no.3
• /
• pp.280-285
• /
• 2008

The traditional face detection method is to use difference picture method are used to detect movement. However, most do not consider this mathematical approach using real-time or real-time implementation of the algorithm is complicated, not easy. This paper, the first to detect real-time facial image is converted YCbCr and RGB video input. Next, you convert the difference between video images of two adjacent to obtain and then to conduct Glassfire Labeling. Labeling value compared to the threshold behavior Area recognizes and converts video extracts. Actions to convert video to conduct face detection, and detection of facial characteristics required for the extraction and use of AdaBoost algorithm.