• 한국정보통신설비학회:학술대회논문집
• /
• 2009.08a
• /
• pp.127-130
• /
• 2009

We propose a method for detecting DDoS (Distributed Denial of Service) traffic in real-time inside the backbone network. For this purpose, we borrow the concepts of MACD (Moving Average Convergence Divergence) and RoC (Rate of Change), which are used for technical analysis in the stock market Due to the fact that the method is based on a quantitative, rather than a heuristic, detection level, DDoS traffic can be detected with greater accuracy (by reducing the false alarm ratio). Through simulation results, we show how the detection level is determined and demonstrate how much the accuracy of detection is enhanced.

• Proceedings of the IEEK Conference
• /
• 2002.07b
• /
• pp.928-931
• /
• 2002

Network based intrusion detection system is a computer network security tool. In this paper, we present an intrusion detection system based on Self-Organizing Maps (SOM) and Resilient Propagation Neural Network (RPROP) for visualizing and classifying intrusion and normal patterns. We introduce a cluster matching equation for finding principal associated components in component planes. We apply data from The Third International Knowledge Discovery and Data Mining Tools Competition (KDD cup'99) for training and testing our prototype. From our experimental results with different network data, our scheme archives more than 90 percent detection rate, and less than 5 percent false alarm rate in one SYN flooding and two port scanning attack types.

• Proceedings of the IEEK Conference
• /
• 2003.07a
• /
• pp.242-245
• /
• 2003

This paper introduces a new algorithm of pulse generation and detection for UWB communication system. The existing UWB systems using Gaussian pulse have some difficulties to cope with bandwidth limitation and frequency transition. Moreover. the system sensitivity to channel noise has made the processes of acquisition and tacking difficult. in this paper, we introduce a new pulse generation method which is able to control the bandwidth and center frequency applying modulation method. thus could improve the detection performance of receiving algorithm. Also, we made a system to search maximum perk by applying the proposed algorithm and consequently could guarantee the correct detection. By the result of simulation, when accumulate 10 times at every 2dB band shifting from 0 to 18dB on AWGN channel, we could confirm the proposed method has 97.4% PDR(Pulse Detection Rate) and 1.868% FAR(False Alarm Rate) performance at 4dB SNR and 15% transmission power threshold level.

• Journal of IKEEE
• /
• v.18 no.4
• /
• pp.502-508
• /
• 2014

This paper has reviewed the performances of various AGCs which can be adopted in IEEE802.11p modems. IEEE802.11p, a high speed mobile communication standard for vehicles, requires high performance signal detector since the channel impulse responses are varied rapidly in time. In order to select the optimal signal detector, we simulated the performances of three detection methods. One is using RSSI signal, the other is using RSSI signal and I/Q signal, and the third is using I/Q signal through the Monte Carlo simulation. We evaluated the performances of the algorithms using our own system based on MAX 2829 transceiver(MAXIM $Integrated^{TM}$) in a real vehicular environment. As a result, the experiment using Fully I/Q signal derives the most excellent performance with the lowest minimum receiver sensitivity, packet error rate (PER) and false alarm rate (FAR).

• Proceedings of the Acoustical Society of Korea Conference
• /
• 1991.06a
• /
• pp.163-168
• /
• 1991

In this paper, we propose a new systolic architecture for the order statistics(OS) constant false alarm rate(CFAR) processor. In the proposed architecture, each processing element(PE) can compare two reference data cells with one test cell simultaneously in each clock cycle. So the utilization of each PE in this architecture is 100% whereas the utilization of each PE in the systolic architecture previously reported by Ritcey and Hwang is 50% because of one clock delay between two adjacent PE's active in computation. This can speed up the data processing rate by a factor of two. With this architecture, we can obtain the reduced number of communication links between adjacent PE's and reduction of the latency by half in comparison with the one proposed by Ritcey and Hwang.

• Speech Sciences
• /
• v.8 no.4
• /
• pp.59-72
• /
• 2001

In this paper, we experimented with speaker change detection that uses a statistical method for NOD (News On Demand) service. A specified speaker's change can find out content of each data in speech if analysed because it means change of data contents in news data. Speaker change detection acts as preprocessor that divide input speech by speaker. This is an important preprocessor phase for speaker tracking. We detected speaker change using GLR(generalized likelihood ratio) distance base division and BIC (Bayesian information criterion) base division among matrix method. An experiment verified speaker change point using BIC base division after divide by speaker unit using GLR distance base method first. In the experimental result, FAR (False Alarm Rate) was 63.29 in high noise environment and FAR was 54.28 in low noise environment in MDR (Missed Detection Rate) 15% neighborhood.

• Journal of Information Processing Systems
• /
• v.15 no.1
• /
• pp.137-150
• /
• 2019

Although the research of immune-based anomaly detection technology has made some progress, there are still some defects which have not been solved, such as the loophole problem which leads to low detection rate and high false alarm rate, the exponential relationship between training cost of mature detectors and size of self-antigens. This paper proposed an intrusion detection method based on changes of antibody concentration in immune response to improve and solve existing problems of immune based anomaly detection technology. The method introduces blood relative and blood family to classify antibodies and antigens and simulate correlations between antibodies and antigens. Then, the method establishes dynamic evolution models of antigens and antibodies in intrusion detection. In addition, the method determines concentration changes of antibodies in the immune system drawing the experience of cloud model, and divides the risk levels to guide immune responses. Experimental results show that the method has better detection performance and adaptability than traditional methods.

• Journal of Korean Society of Transportation
• /
• v.22 no.6
• /
• pp.175-196
• /
• 2004

This study focuses on improving the performance of freeway incident detection by introducing some new measures to reduce false alarms in developing a new incident detection model. The model consists of the 5 major components through which a series of decision makings in determining the given traffic flow condition are made. The decision making process was designed such that the causes of traffic congestions can be accurately classified into several types including incidents and bottlenecks according to their unique characteristics. The model performance was tested and found to be compatible with that of the existing well-recognized models in terms of the detection rate and detection time. It should noted that the model produced much less false alarms than most of the existing models. The study results prove that the initial objective of the study was satisfied as it was an experimental trial to improve the false alarm rate for the incident detection model to be more pactically usable for traffic management purposes.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.35-38
• /
• 2009

The paper presents an effective method to detect fire in video surveillance and monitoring system. The main contribution of this work is that we successfully use the Hidden Markov Models in the process of detecting the fire with a few preprocessing steps. First, the moving pixels detected from image difference, the color values obtained from the fire flames, and their pixels clustering are applied to obtain the image regions labeled as fire candidates; secondly, utilizing massive training data, including fire videos and non-fire videos, creates the Hidden Markov Models of fire and non-fire, which are used to make the final decision that whether the frame of the real-time video has fire or not in both temporal and spatial analysis. Experimental results demonstrate that it is not only robust but also has a very low false alarm rate, furthermore, on the ground that the HMM training which takes up the most time of our whole procedure is off-line calculated, the real-time detection and alarm can be well implemented when compared with the other existing methods.

• Korean Journal of Remote Sensing
• /
• v.34 no.2_2
• /
• pp.327-338
• /
• 2018

The possibility of ship detection monitoring at operational level using KOMPSAT-5 Synthetic Aperture Radar (SAR) and Automatic Identification System (AIS) data is investigated. For the analysis, the KOMPSAT-5 SLC images, which are collected from the west coast of Shinjin port and the northern coast of Jeju port are used along with portable AIS data from near the coast. The ship detection algorithm based on HVAS (Human Visual Attention System) was applied, which has significant advantages in terms of detection speed and accuracy compared to the commonly used CFAR (Constant False Alarm Rate). As a result of the integrated analysis, the ship detection from KOMPSAT-5 and AIS were generally consistent except for small vessels. Some ships detected in KOMPSAT-5 but not in AIS are due to the data absence from AIS, while it is clearly visible in KOMPSAT-5. Meanwhile, SAR imagery also has some false alarms due to ship wakes, ghost effect, and DEM error (or satellite orbit error) during object masking in land. Improving the developed ship detection algorithm and collecting reliable AIS data will contribute for building wide integrated surveillance system of marine territory at operational level.