• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.8 no.4
• /
• pp.316-321
• /
• 2008

Advanced computer network technology enables computers to be connected in an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, which makes it vulnerable to previously unidentified attack patterns and variations in attack and increases false negatives. Intrusion detection and analysis technologies are thus required. This paper investigates the asymmetric costs of false errors to enhance the performances the detection systems. The proposed method utilizes the network model to consider the cost ratio of false errors. By comparing false positive errors with false negative errors, this scheme achieved better performance on the view point of both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of anomaly traffic detection is enhanced by considering the costs of false errors.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.2
• /
• pp.401-406
• /
• 2008

Fall event detection is one of the most common problems for elderly people, especially those living alone because falls result in serious injuries such as joint dislocations, fractures, severe head injuries or even death. In order to prevent falls or fall-related injuries, several previous methods based on video sensor showed low fall detection rates in recent years. To improve this problem and outperform the system performance, this paper presented a novel approach for fall event detection in the elderly using a subtraction between successive difference images and temporal templates in real time environment. The proposed algorithm obtained the successful detection rate of 96.43% and the low false positive rate of 3.125% even though the low-quality video sequences are obtained by a USB PC camera sensor. The experimental results have shown very promising performance in terms of high detection rate and low false positive rate.

• Journal of information and communication convergence engineering
• /
• v.7 no.1
• /
• pp.7-12
• /
• 2009

The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.1
• /
• pp.395-405
• /
• 2012

A joint template matching algorithm is proposed in this paper to reduce the high rate of miss-detection and false-alarm caused by the traditional template matching algorithm during the process of multi-object detection. The proposed algorithm can reduce the influence on each object by matching all objects together according to the correlation information among different objects. Moreover, the rate of miss-detection and false-alarm in the process of single-template matching is also reduced based on the algorithm. In this paper, firstly, joint template is created from the information of relative positions among different objects. Then, matching criterion according to normalized cross correlation is generated for multi-object matching. Finally, the proposed algorithm is applied to the detection of watermarks in bill. The experiments show that the proposed algorithm has lower miss-detection and false-alarm rate comparing to the traditional NCC algorithm during the process of multi-object detection.

• Journal of electromagnetic engineering and science
• /
• v.19 no.2
• /
• pp.107-114
• /
• 2019

Alert-confirm detection is a highly efficient method to improve phased array radar search performance. It comprises sequential detection in two steps: alert detection, in which a target is detected at a low detection threshold, and confirm detection, which is triggered by alert detection with a longer dwell time to minimize false alarms. This paper provides a design method for applying the alert-confirm detection to multifunctional radars. We find optimum dwell times and false alarm probabilities for each alert detection and confirm detection under the dual constraints of total false alarm probability and maximum allowable dwell time per position. These optimum values are expressed as a function of the mean new target appearance rate. The proposed alert-confirm detection increases the maximum detection range even with a shorter frame time than that of uniform scanning.

• Journal of Electrical Engineering and Technology
• /
• v.11 no.6
• /
• pp.1839-1845
• /
• 2016

Detecting remote targets is important to active protection system (APS) or infrared search and track (IRST) applications. In normal situation, the well-known constant false alarm rate (CFAR) detector works properly. However, decoys in APS or closely spaced targets in IRST degrade the detection capability by increasing background noise level in the CFAR detector. This paper presents a context aware CFAR detector by the intensity sorting and selection of background region to reduce the effect of neighboring targets that lead to incorrect estimation of background statistics. The existence of neighboring targets can be recognized by intensity sorting where neighboring targets usually show highest ranks. The proposed background statistics (mean, standard deviation) estimation method from median local pixels can be aware of the background context and reduce the effects of the neighboring targets, which increase the signal-to-clutter ratio. The experimental results on the synthetic APS sequence, real adjacent target sequence, and remote pedestrian sequence validated that the proposed method produced an enhanced detection rate with the same false alarm rate compared with the hysteresis-CFAR (H-CFAR) detection.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.17 no.7
• /
• pp.719-729
• /
• 1992

An improved MXTM (maximum trimmed mean) -CFAR (constant false alarm rate) processor is proposed to reduce false alarm rates In detecting radar targets and Its performance character is ticsare analyzed to be compared with those of other CFAR processors. The proposed MXTM-CFAR processor is obtained by combining the GO (greatest of ) -CFAR processor reducing excessive falsealarm rate at riutter edges with the TM-CFAR processor showing good performances In homo-geneous Jnonhornog eneous background. Performance analyses have been done by computing detection probability, constant false alarm rate and detection thresholds under the homogeneous or multiple target environments and at the clutter edges. Analysis results how that the proposed CFAR processor maintains its performance as good as those of,05(order statistics) and TM-CFAR inhomogeneous and multiple target environments and Can reduce the false alarm rate at clutter edges. Overall computing time hfs been also reduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.111-121
• /
• 2006

As Internet lastly grows, network attack techniques are transformed and new attack types are appearing. The existing network-based intrusion detection systems detect well known attack, but the false-positive or false-negative against unknown attack is appearing high. In addition, The existing network-based intrusion detection systems is difficult to real time detection against a large network pack data in the network and to response and recognition against new attack type. Therefore, it requires method to heighten the detection rate about a various large dataset and to reduce the false-positive. In this paper, we propose method to reduce the false-positive using multi-level detection algorithm, that is combine the multidimensional Apriori algorithm and the modified Negative Selection algorithm. And we apply this algorithm in intrusion detection and, to be sure, it has a good performance.

• International Journal of Naval Architecture and Ocean Engineering
• /
• v.13 no.1
• /
• pp.187-193
• /
• 2021

In order to solve the problem of false terrains caused by environmental interferences and tunneling effect in the conventional multi-beam seafloor terrain detection, this paper proposed a seafloor topography detection method based on fast two-dimensional (2D) Censored Mean Level Detector-statistics Constant False Alarm Rate (CMLD-CFAR) method. The proposed method uses s cross-sliding window. The target occlusion phenomenon that occurs in multi-target environments can be eliminated by censoring some of the large cells of the reference cells, while the remaining reference cells are used to calculate the local threshold. The conventional 2D CMLD-CFAR methods need to estimate the background clutter power level for every pixel, thus increasing the computational burden significantly. In order to overcome this limitation, the proposed method uses a fast algorithm to select the Regions of Interest (ROI) based on a global threshold, while the rest pixels are distinguished as clutter directly. The proposed method is verified by experiments with real multi-beam data. The results show that the proposed method can effectively solve the problem of false terrain in a multi-beam terrain survey and achieve a high detection accuracy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2651-2673
• /
• 2019

In order to detect Denial of Service (DoS) attacks, victim-side detection methods are used popularly such as static threshold-based method and machine learning-based method. However, as DoS attacking methods become more sophisticated, these methods reveal some natural disadvantages such as the late detection and the difficulty of tracing back attackers. Recently, in order to mitigate these drawbacks, source-side DoS detection methods have been researched. But, the source-side DoS detection methods have limitations if the volume of attack traffic is relatively very small and it is blended into legitimate traffic. Especially, with the subtle attack traffic, DoS detection methods may suffer from high false positive, considering legitimate traffic as attack traffic. In this paper, we propose an effective source-side DoS detection method with traffic seasonality aware adaptive threshold. The threshold of detecting DoS attack is adjusted adaptively to the fluctuated legitimate traffic in order to detect subtle attack traffic. Moreover, by understanding the seasonality of legitimate traffic, the threshold can be updated more carefully even though subtle attack happens and it helps to achieve low false positive. The extensive evaluation with the real traffic logs presents that the proposed method achieves very high detection rate over 90% with low false positive rate down to 5%.