• Journal of the Korea Society of Computer and Information
• /
• v.24 no.2
• /
• pp.139-147
• /
• 2019

A false alarm, which is an incorrect report of an emergency, could trigger an unnecessary action. The predictive maintenance framework developed in our previous work has a feature whereby a machine alarm is triggered based on sensor data evaluation. The sensor data evaluator performs three essential evaluation steps. First, it evaluates each sensor data value based on its threshold (lower and upper bound) and labels the data value as "alarm" when the threshold is exceeded. Second, it calculates the duration of the occurrence of the alarm. Finally, in the third step, a domain expert is required to assess the results from the previous two steps and to determine, thereby, whether the alarm is true or false. There are drawbacks of the current evaluation method. It suffers from a high false-alarm ratio, and moreover, given the vast amount of sensor data to be assessed by the domain expert, the process of evaluation is prolonged and inefficient. In this paper, we propose a method for automatic false-alarm labeling that mimics how the domain expert determines false alarms. The domain expert determines false alarms by evaluating two critical factors, specifically the duration of alarm occurrence and identification of anomalies before or while the alarm occurs. In our proposed method, Hierarchical Temporal Memory (HTM) is utilized to detect anomalies. It is an unsupervised approach that is suitable to our main data characteristic, which is the lack of an example of the normal form of sensor data. The result shows that the technique is effective for automatic labeling of false alarms in sensor data.

• Journal of KIISE:Databases
• /
• v.34 no.6
• /
• pp.473-482
• /
• 2007

Network-based IDS(Intrusion Detection System) gathers network packet data and analyzes them into attack or normal. They raise alarm when possible intrusion happens. But they often output a large amount of low-level of incomplete alert information. Consequently, a large amount of incomplete alert information that can be unmanageable and also be mixed with false alerts can prevent intrusion response systems and security administrator from adequately understanding and analyzing the state of network security, and initiating appropriate response in a timely fashion. So it is important for the security administrator to reduce the redundancy of alerts, integrate and correlate security alerts, construct attack scenarios and present high-level aggregated information. False alarm rate is the ratio between the number of normal connections that are incorrectly misclassified as attacks and the total number of normal connections. In this paper we propose a false alarm classification model to reduce the false alarm rate using classification analysis of data mining techniques. The proposed model can classify the alarms from the intrusion detection systems into false alert or true attack. Our approach is useful to reduce false alerts and to improve the detection rate of network-based intrusion detection systems.

• Journal of the Korea Society for Simulation
• /
• v.19 no.4
• /
• pp.139-149
• /
• 2010

Internet was designed for network scalability and best-effort service which makes all hosts connected to Internet to be vulnerable against attack. Many papers have been proposed about attack detection algorithms against the attack using IP spoofing and DoS/DDoS attack. Purpose of DoS/DDoS attack is achieved in short period after the attack begins. Therefore, DoS/DDoS attack should be detected as soon as possible. Attack detection algorithms using false alarm rates consist of the false negative rate and the false positive rate. Moreover, they are important metrics to evaluate the attack detections. In this paper, we analyze the performance of the attack detection algorithms using the impact of false negative rate and false positive rate variation to the normal traffic and the attack traffic by simulations. As the result of this, we find that the number of passed attack packets is in the proportion to the false negative rate and the number of passed normal packets is in the inverse proportion to the false positive rate. We also analyze the limits of attack detection due to the relation between the false negative rate and the false positive rate. Finally, we propose a solution to minimize the limits of attack detection algorithms by defining the network state using the ratio between the number of packets classified as attack packets and the number of packets classified as normal packets. We find the performance of attack detection algorithm is improved by passing the packets classified as attacks.

• The Journal of the Acoustical Society of Korea
• /
• v.10 no.5
• /
• pp.69-76
• /
• 1991

본 논문에서는 통계적 방법에 의한 음소의 자동분할에 관한 알고리즘을 제안하였다. 우선 음성 신호를 AR 모델로 모델링한 후 스펙트럼이 변화하기 전과 변화한 후의 모델에 대해서 likelihood ratio 와 mutual information을 고려한 test statistics 로부터 모델 계수가 변화하는 곳을 예측해 내고 이 곳을 음소의 경계로 판단한다. 이 경우 검파되지 못하는 대부분의 음소는 짧은 자음이었으며 Signed front-to-back maximum area ratio을 이용하여 개선하였다. 또한 false alarm error을 줄이기 위해 두 segment 사이의 distortion 으로부터 smoothing을 하였다. 3명의 화자에 대한 실험 결과 non-detection error는 10%, false alarm error는 20% 정도로 나타났지만 화자간에 알고리즘의 성능 변화가 거의 없으 며 특히 분할된 경계치 분포는 전체 음소의 90% 이상이 이 30ms 이내에 위치하였다.

• Journal of Electrical Engineering and Technology
• /
• v.11 no.6
• /
• pp.1839-1845
• /
• 2016

Detecting remote targets is important to active protection system (APS) or infrared search and track (IRST) applications. In normal situation, the well-known constant false alarm rate (CFAR) detector works properly. However, decoys in APS or closely spaced targets in IRST degrade the detection capability by increasing background noise level in the CFAR detector. This paper presents a context aware CFAR detector by the intensity sorting and selection of background region to reduce the effect of neighboring targets that lead to incorrect estimation of background statistics. The existence of neighboring targets can be recognized by intensity sorting where neighboring targets usually show highest ranks. The proposed background statistics (mean, standard deviation) estimation method from median local pixels can be aware of the background context and reduce the effects of the neighboring targets, which increase the signal-to-clutter ratio. The experimental results on the synthetic APS sequence, real adjacent target sequence, and remote pedestrian sequence validated that the proposed method produced an enhanced detection rate with the same false alarm rate compared with the hysteresis-CFAR (H-CFAR) detection.

• ETRI Journal
• /
• v.25 no.3
• /
• pp.171-178
• /
• 2003

To improve the detection performance of surveillance radars with polarization diversity, we developed an adaptive polarimetric processor and compared it with other polarimetric processors. We derived our adaptive polarimetric processor, called the polarization discontinuity detector (PDD), from the generalized likelihood ratio (GLR) test principle for the unspecified target component. We derived closed-form expressions of its probabilities of detection and false alarm, and compared its performance to that of the adaptive polarization canceller (APC) and Kelly's GLR processor. The PDD had a performance similar to Kelly's GLR in Gaussian clutter, and both the PDD and Kelly's GLR, which have embedded constant false alarm rates (CFARs), outperformed the APC, especially when the target polarization state was close to the clutter's polarization state. The important difference is that the PDD is much simpler than Kelly's GLR for hardware/software implementation, because the PDD does not require a costly two-parameter filter bank to cover the unknown target polarization state as Kelly's GLR does.

• Proceedings of the IEEK Conference
• /
• 2000.06a
• /
• pp.252-255
• /
• 2000

In this paper, a fast pseudo-noise (PN) code acquisition with novel adaptive architecture is presented in direct-sequence spread- spectrum (DS-SS) systems. Since an existing acquisition system has a fixed correlation tap size and threshold value, this system cannot adapt to various mobile communication environments and results in a low detection probability or a high false alarm rate and long acquisition time. Therefore, if a correlation tap size and a threshold value can be controlled adaptively according to received signals, problems of ail existing system will be solved. The system parameter varies adaptively by using constant false alarm rate (CFAR) algorithm well known in a field of detection and proposed signal-to-noise ratio (SNR) measurement system. By deriving formulas of the proposed system, the performance is analyzed.

• ETRI Journal
• /
• v.36 no.4
• /
• pp.545-553
• /
• 2014

This paper proposes an algorithm to sense orthogonal frequency-division multiplexing (OFDM) signals in cognitive radio (CR) systems. The basic idea behind this study is when a primary user is occupying a wireless channel, the covariance matrix is non-diagonal because of the time domain cross-correlation of the cyclic prefix (CP). In light of this property, a new decision metric that measures the power of the data found on two minor diagonals in the covariance matrix related to the CP is introduced. The impact of synchronization errors on the signal detection is analyzed. Besides this, a likelihood-ratio test is proposed according to the Neyman-Pearson criterion after deriving probability distribution functions of the decision metric under hypotheses of signal presence and absence. A threshold, subject to the requirement of probability of false alarm, is derived; also the probabilities of detection and false alarm are computed accordingly. Finally, numerical simulations are conducted to demonstrate the effectiveness of the proposed algorithm.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.6
• /
• pp.1073-1080
• /
• 2011

In this study, a target detection algorithm was proposed for using hyperspectral imagery. The proposed algorithm is designed to have minimal processing time, low false alarm rate, and flexible threshold selection. The target detection procedure can be divided into two steps. Initially, candidates of target pixel are extracted using matching ratio of spectral pattern that can be calculated by spectral derivation. Secondly, spectral distance is computed only for those candidates using Euclidean distance. The proposed two-step method showed lower false alarm rate than the Euclidean distance detector applied over the whole image. It also showed much lower processing time as compared to the Mahalanobis distance detector.

• The Journal of Information Technology
• /
• v.2 no.2
• /
• pp.139-144
• /
• 1999

This thesis is a study on using of entropy information about the additional words in the after processing step to promote an accuracy in speech recognition system. The exsisting ratio of Woodo detective method changes the efficiency of speech recognition system according to speech data and increases the probability of producing error recognition because of similarity of value of Woodo in the additional words. But we could obtain the accurate speech recognition system which heightens discrimination becoming independent of speech data by using of after processing method refusing a candidate which entropy price is lower among words except words we could recognize than entropy Price of each additional word. As a result of this experiment when the false alarm is 20 percent, we could put out the maximum 3.6 percent efficiency of recognition system through this after processing method by entropy more than the method by ratio of Woods.