• The Transactions of the Korean Institute of Power Electronics
• /
• v.27 no.2
• /
• pp.100-105
• /
• 2022

This paper applies the arc detection algorithm to prevent the false detection in photo voltaic series arc detection circuit, which is required not only to detect the series arc quickly, but also not falsely detect the arc for the non-arc noise. For this purpose, this study proposes a rapid and preventive false detection method of single peak noise and short noise signals. First, to prevent false detection by single peak noise, Discrete wavelet transform (DWT)-based characteristic parameters are applied to determine the shape and the amplitude of the noise. In addition, arc fault detection within a few milliseconds is performed with the DWT iterative algorithm to quickly prevent false detection for short noise signals, considering the continuity of serial arc noise. Thus, the method operates not only to detect series arc, but also to avoid false arc detection for peak and short noises. The proposed algorithm is applied to real-time serial arc detection circuit based on the TMS320F28335 DSP. The serial arc detection and peak noise filtering performances are verified in the built simulated arc test facility. Furthermore, the filtering performance of short noise generated through DC switch operation is confirmed.

• The KIPS Transactions:PartC
• /
• v.13C no.3 s.106
• /
• pp.295-302
• /
• 2006

An intrusion detection system writes a lot of alarms against attack behaviors in real time. These alarms contain not only actual attack alarms, but also false alarms that are mistakes made by the intrusion detection system. False alarms are the main reason that reduces the efficiency of the intrusion detection system, and we propose framework for false alarms analysis in the paper. Also, we apply an incremental data mining method for pattern analysis of false alarms increasing continuously. The framework consists of GUI, DB Manager, Alert Preprocessor, and False Alarm Analyzer. We analyze the false alarms increasingly through the experiment of the proposed framework and show that false alarms are reduced by applying the analyzed false alarm rules in the intrusion detection system.

• Proceedings of the KSRS Conference
• /
• 2004.10a
• /
• pp.716-718
• /
• 2004

The false alarm data in intrusion detection systems are divided into false positive and false negative. The false positive makes bad effects on the performance of intrusion detection system. And the false negative makes bad effects on the efficiency of intrusion detection system. Recently, the most of works have been studied the data mining technique for analysis of alert data. However, the false alarm data not only increase data volume but also change patterns of alert data along the time line. Therefore, we need a tool that can analyze patterns that change characteristics when we look for new patterns. In this paper, we focus on the false positives and present a framework for analysis of false alarm pattern from the alert data. In this work, we also apply incremental data mining techniques to analyze patterns of false alarms among alert data that are incremental over the time. Finally, we achieved flexibility by using dynamic support threshold, because the volume of alert data as well as included false alarms increases irregular.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.6 no.2
• /
• pp.173-177
• /
• 2006

This paper investigates the asymmetric costs of false errors to enhance the detection systems performance. The proposed method utilizes the network model to consider the cost ratio of false errors. By comparing false positive errors with false negative errors this scheme achieved better performance on the view point of both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of probe detection is enhanced by considering the costs of false errors.

• Journal of the Korean Society for Industrial and Applied Mathematics
• /
• v.17 no.1
• /
• pp.47-54
• /
• 2013

This work deals with automatic motion detection for with surveillance tracking that aims to provide high-lighting movable objects which is discriminated from moving backgrounds such as moving trees, etc. For this aim, we perform a false background region detection together with an initial foreground detection. The false background detection detects the moving backgrounds, which become eliminated from the initial foreground detection. This false background detection is done by performing the bimodal segmentation on a deformed image, which is constructed using the information of the dominant colors in the background.

• Journal of KIISE:Information Networking
• /
• v.31 no.2
• /
• pp.171-178
• /
• 2004

Port scanning detection systems should rather satisfy a certain level of the requirement for system performance like a low rate of “False Positive” and “False Negative”, and requirement for convenience for users to be easy to manage the system security with detection systems. However, public domain Real Time Scan Detection Systems have high rate of false detection and have difficulty in detecting various scanning techniques. In addition, as current real time scan detection systems are based on command interface, the systems are poor at user interface and thus it is difficult to apply them to the system security management. Hence, we propose TkRTSD(Tcl/Tk Real Time Scan Detection System) that is able to detect various scan attacks based on port scanning techniques by applying a set of new filter rules, and minimize the rate of False Positive by applying proposed ABP-Rules derived from attacker's behavioral patterns. Also a GUI environment for TkRTSD is implemented by using Tcl/Tk for user's convenience of managing network security.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.8 no.4
• /
• pp.316-321
• /
• 2008

Advanced computer network technology enables computers to be connected in an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, which makes it vulnerable to previously unidentified attack patterns and variations in attack and increases false negatives. Intrusion detection and analysis technologies are thus required. This paper investigates the asymmetric costs of false errors to enhance the performances the detection systems. The proposed method utilizes the network model to consider the cost ratio of false errors. By comparing false positive errors with false negative errors, this scheme achieved better performance on the view point of both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of anomaly traffic detection is enhanced by considering the costs of false errors.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.7
• /
• pp.1874-1893
• /
• 2012

An approach to detect abnormal activities based on reputations created individually by each node is vulnerable to a false accusation since intrusion detection in ad-hoc networks is done in a distributed and cooperative manner. Detection of false accusation is considered important because the efficiency or survivability of the network can be degraded severely if normal nodes were excluded from the network by being considered as abnormal ones in the intrusion detection process. In this paper, we propose an improved reputation-based intrusion detection technique to efficiently detect and manage false accusations in ad-hoc networks. Additionally, we execute simulations of the proposed technique to analyze its performance and feasibility to be implemented in a real environment.

• Journal of Communications and Networks
• /
• v.12 no.1
• /
• pp.74-85
• /
• 2010

For the purpose of compromising hosts, attackers including infected hosts initially perform a portscan using IP addresses in order to find vulnerable hosts. Considerable research related to portscan detection has been done and many algorithms have been proposed and implemented in the network intrusion detection system (NIDS). In order to distinguish portscanners from remote hosts, most portscan detection algorithms use a fixed threshold that is manually managed by the network manager. Because the threshold is a constant, even though the network environment or the characteristics of traffic can change, many false positives and false negatives are generated by NIDS. This reduces the efficiency of NIDS and imposes a high processing burden on a network management system (NMS). In this paper, in order to address this problem, we propose an automatic portscan detection system using an fast increase slow decrease (FISD) scheme, that will automatically and adaptively set the threshold based on statistical data for traffic during prior time periods. In particular, we focus on reducing false positives rather than false negatives, while the threshold is adaptively set within a range between minimum and maximum values. We also propose a new portscan detection algorithm, rate of increase in the number of failed connection request (RINF), which is much more suitable for our system and shows better performance than other existing algorithms. In terms of the implementation, we compare our scheme with other two simple threshold estimation methods for an adaptive threshold setting scheme. Also, we compare our detection algorithm with other three existing approaches for portscan detection using a real traffic trace. In summary, we show that FISD results in less false positives than other schemes and RINF can fast and accurately detect portscanners. We also show that the proposed system, including our scheme and algorithm, provides good performance in terms of the rate of false positives.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.111-121
• /
• 2006

As Internet lastly grows, network attack techniques are transformed and new attack types are appearing. The existing network-based intrusion detection systems detect well known attack, but the false-positive or false-negative against unknown attack is appearing high. In addition, The existing network-based intrusion detection systems is difficult to real time detection against a large network pack data in the network and to response and recognition against new attack type. Therefore, it requires method to heighten the detection rate about a various large dataset and to reduce the false-positive. In this paper, we propose method to reduce the false-positive using multi-level detection algorithm, that is combine the multidimensional Apriori algorithm and the modified Negative Selection algorithm. And we apply this algorithm in intrusion detection and, to be sure, it has a good performance.