• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.397-406
• /
• 2003

As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, has been raised. In the field of anomaly-based IDS several artificial intelligence techniques such as hidden Markov model (HMM), artificial neural network, statistical techniques and expert systems are used to model network rackets, system call audit data, etc. However, there are undetectable intrusion types for each measure and modeling method because each intrusion type makes anomalies at individual measure. To overcome this drawback of single-measure anomaly detector, this paper proposes a multiple-measure intrusion detection method. We measure normal behavior by systems calls, resource usage and file access events and build up profiles for normal behavior with hidden Markov model, statistical method and rule-base method, which are integrated with a rule-based approach. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.

• Analytical Science and Technology
• /
• v.34 no.2
• /
• pp.68-77
• /
• 2021

Cannabis is one of the most abused drugs in Korea. The main psychoactive component in cannabis, Δ9-tetrahydrocannabinol, is metabolized to 11-nor-9-carboxy-Δ9-tetrahydrocannabinol (THCCOOH) and THCCOOH-glucuronide (THCCOOH-glu) in the human liver, whereby the amount of THCCOOH-glu found in urine is twice as high as that of THCCOOH. The analytical process adapted by the majority of urine drug-testing programs involves a two-step method consisting of an initial immunoassay-based screening test followed by a confirmatory test if the screening test result is positive. In this study, a qualitative gas chromatography-mass spectrometry (GC-MS) method was developed and validated for the detection of THCCOOH in human urine, where THCCOOH-glu was converted into THCCOOH by alkaline hydrolysis. For purification of the urine extract prior to instrumental analysis, high-speed centrifugation was used to minimize interference. In addition, an injection-port derivatization method using ethyl acetate and N,O-bis(trimethylsilyl)-trifluoroacetamide containing 1 % trimethylchlorosilane was employed to reduce the time required for derivatization, and an aliquot of the final solution was injected into the GC-MS. The method was validated by measuring the selectivity, limit of detection (LOD), and repeatability. The sensitivity, specificity, precision, accuracy, Kappa, F-measure, false positive, and false negative rate were determined by comparing the GC-MS results with those obtained using the immunoassay. The LOD was determined to be 0.32 ng/mL, while the repeatability was within 9.1 % for THCCOOH. Furthermore, a comparison study was carried out, whereby the screening immunoassay exhibited a sensitivity of 86.4 % and a specificity of 100 % compared to GC-MS. The applicability of the developed method was examined by analyzing spiked urine and forensic urine samples obtained from suspected cannabis abusers (n = 221).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.1059-1071
• /
• 2024

The 5G mobile network provides various services to numerous devices and applications, unlike LTE which focuses on smartphones. Features of 5G, such as low latency and massive connectivity, increase the overhead of the control plane(CP, signaling part) and make it difficult to detect abnormal devices due to random traffic patterns. In this paper, we propose a DBSCAN clustering-based detection method to counter signaling attacks, which are a type of 'Denial of Service(DoS)' attack targeting mobile networks. DBSCAN helps to create clusters of various shapes and can address dynamic traffic because the algorithm needs not to depend on past traffic statistics. We also use a real-time traced dataset for experiments to assess usability in real-world scenarios. According to the experiments, our method achieves 99.32% of accuracy and 0.03% of false-positive rates, demonstrating superior performance compared to previous works.

• Journal of Preventive Medicine and Public Health
• /
• v.17 no.1
• /
• pp.203-210
• /
• 1984

Primary screening test for serum HBsAg by RPHA from 4,805 persons who were clinically well through preemployment examination for the period of one calendar year of 1983 revealed 476 (9.9%) positive individual carriers. There were no significant differences in distribution of positives of serum HBsAg by age group, profession, or province area. Among positives of serum HBsAg, 356 (74.8%) showed normal findings and 120 (25.2%) showed abnormal findings in liver function test, respectively. Radioimmunoassay was done in 169 positives of HBsAg and RIA detected 10 negative persons who were positive by RPHA revealing 5.9% of false positive rate and 94.1% of sensitivity of RPHA. In RIA profile of HBV markers, pattern I (HBsAg+, Anti-HBe+) was 46.6%, pattern II (HBsAg+, HBeAg+) was 33.3%, pattern III (HBsAg+only) was 18.3%, pattern IV (HBsAg+, HBeAg+, Anti-HBs+) was 1.3%, pattern V (HBsAg+, HBeAg+, Anti-HBe+) was 0.6%, respectively. There were no positives of HBsAg among 10 persons who were negatives of HBsAg by RIA.

• ETRI Journal
• /
• v.39 no.5
• /
• pp.621-631
• /
• 2017

Abnormal samples are usually difficult to obtain in production systems, resulting in imbalanced training sample sets. Namely, the number of positive samples is far less than the number of negative samples. Traditional Support Vector Machine (SVM)-based anomaly detection algorithms perform poorly for highly imbalanced datasets: the learned classification hyperplane skews toward the positive samples, resulting in a high false-negative rate. This article proposes a new imbalanced SVM (termed ImSVM)-based anomaly detection algorithm, which assigns a different weight for each positive support vector in the decision function. ImSVM adjusts the learned classification hyperplane to make the decision function achieve a maximum GMean measure value on the dataset. The above problem is converted into an unconstrained optimization problem to search the optimal weight vector. Experiments are carried out on both Cloud datasets and Knowledge Discovery and Data Mining datasets to evaluate ImSVM. Highly imbalanced training sample sets are constructed. The experimental results show that ImSVM outperforms over-sampling techniques and several existing imbalanced SVM-based techniques.

• Journal of Convergence Society for SMB
• /
• v.6 no.4
• /
• pp.71-77
• /
• 2016

In this paper, we proposed a verification of speaker change utilizing the KL distance based on GMM-UBM to improve the performance of conventional BIC based Speaker Change Detection(SCD). We have verified Conventional BIC-based SCD using KL-distance based SCD which is robust against difference of information volume than BIC-based SCD. And we have applied GMM-UBM to compensate asymmetric information volume. Conventional BIC-based SCD was composed of two steps. Step 1, to detect the Speaker Change Candidate Point(SCCP). SCCP is positive local maximum point of dissimilarity d. Step 2, to determine the Speaker Change Point(SCP). If ${\Delta}BIC$ of SCCP is positive, it decides to SCP. We examined verification of SCP using GMM-UBM based KL distance D. If the value of D on each SCP is higher than threshold, we accepted that point to the final SCP. In the experimental condition MDR(Missed Detection Rate) is 0, FAR(False Alarm Rate) when the threshold value of 0.028 has been improved to 60.7%.

• Journal of IKEEE
• /
• v.20 no.1
• /
• pp.82-88
• /
• 2016

The detection rate of Progressive Probability Hough Transform(PPHT) is decreased when a lot of noise components exist due to an unclear or complex original image although it is quite a good algorithm that detects line segments accurately. In order to solve the problem, we propose an improved line detecting algorithm which is robust to noise components and recovers slightly damaged edges. The proposed algorithm is based on PPHT and traces a line segments by pixel and checks of it is straight. It increases the detection rate by reducing the effect of noise components and by recovering edge patterns within a limited pixel size. The proposed algorithm is applied to a lane detection method and the false positive detection rate is decreased by 30% and the line detection rate is increased by 15%.

• Korean Journal of Veterinary Research
• /
• v.24 no.1
• /
• pp.91-98
• /
• 1984

A total of 466 foremilk from dairy farms in Chonnam district was examined for the subclinical mastitis over a period of one year, using a method of the electrical conductivities(EC); absolute conductivity(AC) and differential conductivity(DC) and quarter difference value(QD), in relation to the California mastitis test(CMT) and the direct somatic cell count(DSCC). The compatibility and efficiency rating between the EC values and the other screening tests was conducted. Obtained results are summarized as follows. 1. A linear relationship was found between the EC values and the CMT scores and direct somatic cell counts and it was found that electrical conductivity measurements were comparable with other screening tests for diagnosing animals with mastitis. 2. Compatibilities between the EC and CMT were 70.4% in AC, 74.6% in DC and 70.7% in QD, and that of the EC and DSCC were 53.0% in AC, 63.1% in DC and 53.2% in QD. On the other hand, relative efficiency ratings of Postle's equation between EC and CMT were 37.3% in AC, 26.5% in DC and 13.6% in QD, and that of the EC and DSCC were 33.1% in AC, 20.2% in DC and 11.9% in QD. 3. In the foremilk samples collected from damaged quarters determined by EC, the false positive rate wart higher than the false negative rate, and consequently tests of EC produced lower compatibility or efficiency rating scores. These tendencies suggested that any factors other than the mastitic condition influencing the EC values might be existed.

• Korean Journal of Head & Neck Oncology
• /
• v.10 no.2
• /
• pp.91-101
• /
• 1994

Nodular thyroid disease is a common clinical problem. The problem in clinical practice is to distinguish malignant or potentially malignant tumor from harmless nodules. The cases of thyroid nodule surgically managed at Department of General Surgery, Soon Chun Hyang Univ. Hospital during the period Jan. 1985 to July. 1992 were reviewed retrospectively. To assess method of distinguishing malignant from benign lesions of the thyroid gland, we reviewed 162 patients with thyroid nodule. There were 61(37.7%) malignant nodules and 101(62.3%) benign nodules. According to the review, distinguishing the benign from the malignant nodule with history, physical examination, clinical manifestation, and duration of illness was not suggested sufficiently. In ultrasonogram of 73 cases, 57.5% of nodules were solid, 20.6% were cystic, 21.9% were mixed solid and cystic. Of these, 28.5% of the operated solid lesions, 12.5% of the mixed lesions, and only 6.7% of the cystic lesions were malignant. Thyroid scanning of 82 cases revealed cold nodules in 60 patients(73.2%), of which 26 cases were malignant(36.6%) 137 patients underwent fine needle aspiration cytology(FNAC), and these results were as follow: sensitiviey was 70.6%, specificity was 93.0%, false-positive rate was 14.3%, and false-negative rate was 15.8%. 41 patients underwent frozen biopsy, and the results as follow: sensitivity was 80.0%, specificity was 89.7%. Neither scintigraphy nor ultrasonogram has sufficient specificity to distinguish benign from malignant nodule. But FNAC and frozen biopsy have sufficient accuracy to differentiate benign from malignant nodule. In the benign nodules, the most common type of operation was total lobectomy (60.4%). Of the malignant nodules, total thyroidectomy with or without modified radical neck dissection was performed in 30 cases(49.2%). We conclude that the single technique used to determine the differential diagnosis of a thyroid nodule are unrealiable. It is therefore essential to combine all avaiable clinical and laboratory information.

• Journal of Ecology and Environment
• /
• v.41 no.12
• /
• pp.345-350
• /
• 2017

Background: Ecological research often requires monitoring of a specific individual over an extended period of time. To enable non-invasive re-identification, consistent external marking is required. Treefrogs possess lateral lines for crypticity. While these patterns decrease predator detection, they also are individual specific patterns. In this study, we tested the use of lateral lines in captive and wild populations of Dryophytes japonicus as natural markers for individual identification. For the purpose of the study, the results of visual and software assisted identifications were compared. Results: In normalized laboratory conditions, a visual individual identification method resulted in a 0.00 rate of false-negative identification (RFNI) and a 0.0068 rate of false-positive identification (RFPI), whereas Wild-ID resulted in RFNI = 0.25 and RFNI = 0.00. In the wild, female and male data sets were tested. For both data sets, visual identification resulted in RFNI and RFPI of 0.00, whereas the RFNI was 1.0 and RFPI was 0.00 with Wild-ID. Wild-ID did not perform as well as visual identification methods and had low scores for matching photographs. The matching scores were significantly correlated with the continuity of the type of camera used in the field. Conclusions: We provide clear methodological guidelines for photographic identification of D. japonicus using their lateral lines. We also recommend the use of Wild-ID as a supplemental tool rather the principal identification method when analyzing large datasets.