• Journal of Korean Society of Transportation
• /
• v.31 no.4
• /
• pp.85-94
• /
• 2013

The Continuous Risk Profile (CRP) has been well known to be the most accurate and efficient among existing network screening methods. However, the classical CRP uses safety performance functions (SPFs) which require a huge investment to construct a database system. This study aims to suggest a new CRP method using average crash frequencies of homogeneous groups, instead of SPFs, as rescaling factors. Hierarchical clustering analysis is performed to classify freeway segments into homogeneous groups based on the data of AADT and number of lanes. Using the data from I-880 in California, the proposed method is compared to other several network screening methods. The results show that the proposed method decrease false positive rates while it does not produce any false negatives. The method developed in this study can be easily applied to screen freeway networks without any additional complex database systems, and contribute to the improvement of freeway safety management systems.

• The Bulletin of The Korean Astronomical Society
• /
• v.36 no.2
• /
• pp.64-64
• /
• 2011

We present a new quasi-stellar object (QSO) selection algorithm using a Support Vector Machine, a supervised classification method, on a set of extracted time series features including period, amplitude, color, and autocorrelation value. We train a model that separates QSOs from variable stars, non-variable stars, and microlensing events using 58 known QSOs, 1629 variable stars, and 4288 non-variables in the MAssive Compact Halo Object (MACHO) database as a training set. To estimate the efficiency and the accuracy of the model, we perform a cross-validation test using the training set. The test shows that the model correctly identifies ~80% of known QSOs with a 25% false-positive rate. The majority of the false positives are Be stars. We applied the trained model to the MACHO Large Magellanic Cloud (LMC) data set, which consists of 40 million lightcurves, and found 1620 QSO candidates. During the selection, none of the 33,242 known MACHO variables were misclassified as QSO candidates. In order to estimate the true false-positive rate, we crossmatched the candidates with astronomical catalogs including the Spitzer Surveying the Agents of a Galaxy's Evolution (SAGE) LMC catalog and a few X-ray catalogs. The results further suggest that the majority of the candidates, more than 70%, are QSOs.

• Journal of Information Processing Systems
• /
• v.15 no.1
• /
• pp.203-216
• /
• 2019

The nature of wireless transmission has made wireless sensor networks defenseless against various attacks. This paper presents warning message counter method (WMC) to detect blackhole attack, grayhole attack and sinkhole attack in wireless sensor networks. The objective of these attackers are, to draw the nearby network traffic by false routing information and disrupt the network operation through dropping all the received packets (blackhole attack), selectively dropping the received packets (grayhole and sinkhole attack) and modifying the content of the packet (sinkhole attack). We have also attempted light weighted symmetric key cryptography to find data modification by the sinkhole node. Simulation results shows that, WMC detects sinkhole attack, blackhole attack and grayhole attack with less false positive 8% and less false negative 6%.

• Journal of Communications and Networks
• /
• v.12 no.1
• /
• pp.74-85
• /
• 2010

For the purpose of compromising hosts, attackers including infected hosts initially perform a portscan using IP addresses in order to find vulnerable hosts. Considerable research related to portscan detection has been done and many algorithms have been proposed and implemented in the network intrusion detection system (NIDS). In order to distinguish portscanners from remote hosts, most portscan detection algorithms use a fixed threshold that is manually managed by the network manager. Because the threshold is a constant, even though the network environment or the characteristics of traffic can change, many false positives and false negatives are generated by NIDS. This reduces the efficiency of NIDS and imposes a high processing burden on a network management system (NMS). In this paper, in order to address this problem, we propose an automatic portscan detection system using an fast increase slow decrease (FISD) scheme, that will automatically and adaptively set the threshold based on statistical data for traffic during prior time periods. In particular, we focus on reducing false positives rather than false negatives, while the threshold is adaptively set within a range between minimum and maximum values. We also propose a new portscan detection algorithm, rate of increase in the number of failed connection request (RINF), which is much more suitable for our system and shows better performance than other existing algorithms. In terms of the implementation, we compare our scheme with other two simple threshold estimation methods for an adaptive threshold setting scheme. Also, we compare our detection algorithm with other three existing approaches for portscan detection using a real traffic trace. In summary, we show that FISD results in less false positives than other schemes and RINF can fast and accurately detect portscanners. We also show that the proposed system, including our scheme and algorithm, provides good performance in terms of the rate of false positives.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.674-684
• /
• 2002

Anomaly detection techniques have teen devised to address the limitations of misuse detection approach for intrusion detection. An HMM is a useful tool to model sequence information whose generation mechanism is not observable and is an optimal modeling technique to minimize false-positive error and to maximize detection rate, However, HMM has the short-coming of login training time. This paper proposes an effective HMM-based IDS that improves the modeling time and performance by only considering the events of privilege flows based on the domain knowledge of attacks. Experimental results show that training with the proposed method is significantly faster than the conventional method trained with all data, as well as no loss of recognition performance.

• Journal of Information Processing Systems
• /
• v.13 no.2
• /
• pp.321-339
• /
• 2017

In this work, we are interested in the extraction of areas of interest from satellite images by introducing a MO-TRIBES/OC-SVM approach. The One-Class Support Vector Machine (OC-SVM) is based on the estimation of a support that includes training data. It identifies areas of interest without including other classes from the scene. We propose generating optimal training data using the Multi-Objective TRIBES (MO-TRIBES) to improve the performances of the OC-SVM. The MO-TRIBES is a parameter-free optimization technique that manages the search space in tribes composed of agents. It makes different behavioral and structural adaptations to minimize the false positive and false negative rates of the OC-SVM. We have applied our proposed approach for the extraction of earthquakes and urban areas. The experimental results and comparisons with different state-of-the-art classifiers confirm the efficiency and the robustness of the proposed approach.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.47-53
• /
• 2019

Network-based sharing of information has evolved into a cloud service environment today, increasing its number of users rapidly, but has become a major target for network-based illegal attackers.. In addition, IP spoofing among attackers' various attack techniques generally involves resource exhaustion attacks. Therefore, fast detection and response techniques are required. The existing detection method for IP spoofing attack performs the final authentication process according to the analysis and matching of traceback information of the client who attempted the connection request. However, the simple comparison method of traceback information may require excessive OTP due to frequent false positives in an environment requiring service transparency. In this paper, symmetric key cryptography based on traceback information is used as mutual authentication information to improve this problem. That is, after generating a traceback-based encryption key, mutual authentication is possible by performing a normal decryption process. In addition, this process could improve the overhead caused by false positives.

• Journal of Biomedical Engineering Research
• /
• v.18 no.4
• /
• pp.485-491
• /
• 1997

This paper describes the relationship between skin impedance signal, behavioral signal, and subjective evaluation depending on arousal level. Nz and reaction time had similar trend with mKSS level, but eyeblink rate was different from these two parameters. eye-blink rate increased slowly from mKSS level 1 to 5, and had high increasing rate at mKSS 7. But it showed steep descent at mKSS level 9. Each subject showed different eye-blink rates, but changing rates of EBR was similar at eachm KSS level. Therefore it suggests that rising rate of EBR can be used arousal level criterion. From the result of reaction time test. human performance was decreased rapidly above the mKSS level 5, and false positive and false negative data was observed above the mKSS level 3. It is desirable to give a subject some stimuli such as sound or aroma to rise arousal level between mKSS level 3 and mKSS level 5.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.6
• /
• pp.1113-1120
• /
• 2017

As the size of the data is getting larger and larger due to improvement of the telecommunication techniques, it would be main issues to develop and process the database. The bloom filter used to lookup a particular element under the given set is very useful structure because of the space efficiency. In this paper, we analyse the main factor of the false positive and propose the new parallel type bloom filter in order to minimize the false positive which is caused by other hash functions. The proposed method uses the memory as large as the conventional bloom filter use, but it can improve the processing speed using parallel processing. In addition, if we use the perfect hash function, the insertion and deletion function in the proposed bloom filter would be possible.

• Journal of the Korean Data and Information Science Society
• /
• v.26 no.3
• /
• pp.611-618
• /
• 2015

By Wikipedia, big data is a broad term for data sets so large or complex that traditional data processing applications are inadequate. Data mining is the computational process of discovering patterns in huge data sets involving methods at the intersection of association rule, decision tree, clustering, artificial intelligence, machine learning. Association rule is a well researched method for discovering interesting relationships between itemsets in huge databases and has been applied in various fields. There are positive, negative, and inverse association rules according to the direction of association. If you want to set the evaluation criteria of association rule, it may be desirable to consider three types of association rules at the same time. To this end, we proposed a balanced comparative confidence considering sensitivity, specificity, false positive, and false negative, checked the conditions for association threshold by Piatetsky-Shapiro, and compared it with comparative confidence and inversely comparative confidence through a few experiments.