• Journal of the Korean Society for Precision Engineering
• /
• v.32 no.11
• /
• pp.989-995
• /
• 2015

In the literature, various stochastic anomaly detection methods, such as limit checking and PCA-based approaches, have been applied to weld defect detection. However, it is still a challenge to identify meaningful defect patterns from very limited sensor signals of laser welding, characterized by intermittent, discontinuous, very short, and non-stationary random signals. In order to effectively analyze the physical characteristics of laser weld signals: plasma intensity, weld pool temperature, and back reflection, we first transform the raw data of laser weld signals into the form of event logs. This is done by multidimensional discretization and event-codification, after which the event logs are decoded to extract weld defect patterns by $Na{\ddot{i}}ve$ Bayes classifier. The performance of the proposed method is examined in comparison with the commercial solution of PRECITEC's LWM$^{TM}$ and the most recent PCA-based detection method. The results show higher performance of the proposed method in terms of sensitivity (1.00) and specificity (0.98).

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.35-40
• /
• 2017

The control system can have such threats as information leakage and falsification through various routes due to communications network fusion with public network. As the issues about security and the infringe cases by new attack methods are diversified recently, with the security system that makes information data database by simply blocking and checking it is difficult to cope with new types of threats. It is also difficult to respond security threats by insiders who have security access authority with the existing security equipment. To respond the threats by insiders, it is necessary to collect and analyze Event Log occurring in the internal system realtime. Therefore, this study could find out whether there is correlation of the elements among Event Logs through correlation analysis based on Event Logs that occur real time in the control system, and based on the analysis result, the study is expected to contribute to studies in this field.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1205-1212
• /
• 2022

Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

• Journal of Korean Institute of Industrial Engineers
• /
• v.34 no.4
• /
• pp.460-469
• /
• 2008

Process mining aims at mining valuable information from process execution results (called "event logs"). Even though process mining techniques have proven to be a valuable tool, the mining results from real process logs are usually too complex to interpret. The main cause that leads to complex models is the diversity of process logs. To address this issue, this paper proposes a trace clustering approach that splits a process log into homogeneous subsets and applies existing process mining techniques to each subset. Based on log profiles from a process log, the approach uses existing clustering techniques to derive clusters. Our approach are implemented in ProM framework. To illustrate this, a real-life case study is also presented.

• Proceedings of the KIEE Conference
• /
• 2003.11c
• /
• pp.552-554
• /
• 2003

This paper is about the method by which Power Control Unit(PCU) of Control Rod Control System(CRCS) logs events in the system and the real-time monitoring display. This method enables the functions like the event logging of Control Rod Drive Mechanism(CRDM)/power Cabinet, the off-line show of the event data logged and the on-line show by communication between the PCU and the monitoring display. Operators in a nuclear power plant must be able to grasp any possible abnormal states correctly. Because our newly designed system has a good ability to log and display the kinds, tine, and the prior and posterior states of urgent or non-urgent events, the operators can judge, maintain and repair the abnormal event more easily.

• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.83-89
• /
• 2018

In workflow process intelligence and systems, workflow process mining and analysis issues are becoming increasingly important. In order to improve the quality of workflow process intelligence, it is essential for an efficient and effective data center storing workflow enactment event logs to be provisioned in carrying out the workflow process mining and analytics. In this paper, we propose a three-dimensional process-aware datacube for organizing workflow enterprise data centers to efficiently as well as effectively store the workflow process enactment event logs in the XES format. As a validation step, we carry out an experimental process mining to show how much perfectly the process-aware datacubes are suitable for discovering workflow process patterns and its analytical knowledge, like enacted proportions and enacted work transferences, from the workflow process enactment event histories. Finally, we confirmed that it is feasible to discover the fundamental control-flow patterns of workflow processes through the implemented workflow process mining system based on the process-aware data cube.

• Journal of Korean Institute of Industrial Engineers
• /
• v.39 no.6
• /
• pp.577-586
• /
• 2013

In a shipyard, it is hard to predict block movement due to the uncertainty caused during the long period of shipbuilding operations. For this reason, block movement is rarely scheduled, while main operations such as assembly, outfitting and painting are scheduled properly. Nonetheless, the high operating costs of block movement compel task managers to attempt its management. To resolve this dilemma, this paper proposes a new block movement analysis framework consisting of the following operations: understanding the entire process, log clustering to obtain manageable processes, discovering the process model and detecting exceptional processes. The proposed framework applies fuzzy mining and trace clustering among the process mining technologies to find main process and define process models easily. We also propose additional methodologies including adjustment of the semantic expression level for process instances to obtain an interpretable process model, definition of each cluster's process model, detection of exceptional processes, and others. The effectiveness of the proposed framework was verified in a case study using real-world event logs generated from the Block Process Monitoring System (BPMS).

• The KIPS Transactions:PartB
• /
• v.16B no.4
• /
• pp.309-318
• /
• 2009

The researches on the system that automatically records and retrieves one's everyday life is relatively actively worked recently. These systems, called personal memex or life log, usually entail dedicated devices such as SenseCam in MyLifeBits project. This research paid attention to the digital devices such as mobile phones, credit cards, and digital camera that people use everyday. The system enables a person to store everyday life systematically that are saved in the devices or the deviced-related web pages (e.g., phone records in the cellular phone company) and to refer this quickly later. The data collection agent in the proposed system, called MyMemex, collects the personal life log "web data" using the web services that the web sites provide and stores the web data into the server. The "file data" stored in the off-line digital devices are also loaded into the server. Each of the file data or web data is viewed as a memex event that can be described by 4W1H form. The different types of data in different services are transformed into the memex event data in 4W1H form. The memex event ontology is used in this transform. Users can sign in to the web server of this service to view their life logs in the chronological manner. Users can also search the life logs using keywords. Moreover, the life logs can be viewed as a diary or story style by converting the memex events to sentences. The related memex events are grouped to be displayed as an "episode" by a heuristic identification method. A result with high accuracy has been obtained by the experiment for the episode identification using the real life log data of one of the authors.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.13-23
• /
• 2021

The attacker's techniques and tools are becoming intelligent and sophisticated. Existing Anti-Virus cannot prevent security accident. So the security threats on the endpoint should also be considered. Recently, EDR security solutions to protect endpoints have emerged, but they focus on visibility. There is still a lack of detection and responsiveness. In this paper, we use real-world EDR event logs to aggregate knowledge-based MITRE ATT&CK and autoencoder-based anomaly detection techniques to detect anomalies in order to screen effective analysis and analysis targets from a security manager perspective. After that, detected anomaly attack signs show the security manager an alarm along with log information and can be connected to legacy systems. The experiment detected EDR event logs for 5 days, and verified them with hybrid analysis search. Therefore, it is expected to produce results on when, which IPs and processes is suspected based on the EDR event log and create a secure endpoint environment through measures on the suspicious IP/Process.

• Journal of Internet Computing and Services
• /
• v.20 no.5
• /
• pp.49-55
• /
• 2019

Organizations design and operate business process models to achieve their goals efficiently and systematically. With the advancement of IT technology, the number of items that computer systems can participate in and the process becomes huge and complicated. This phenomenon created a more complex and subdivide flow of business process.The process instances that contain workcase and events are larger and have more data. This is an essential resource for process mining and is used directly in model discovery, analysis, and improvement of processes. This event log is getting bigger and broader, which leads to problems such as capacity management and I / O load in management of existing row level program or management through a relational database. In this paper, as the event log becomes big data, we have found the problem of management limit based on the existing original file or relational database. Design and apply schemes to archive and analyze large event logs through Hadoop, an open source distributed file system, and HBase, a NoSQL database system.