• Journal of information and communication convergence engineering
• /
• v.7 no.1
• /
• pp.7-12
• /
• 2009

The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.111-121
• /
• 2006

As Internet lastly grows, network attack techniques are transformed and new attack types are appearing. The existing network-based intrusion detection systems detect well known attack, but the false-positive or false-negative against unknown attack is appearing high. In addition, The existing network-based intrusion detection systems is difficult to real time detection against a large network pack data in the network and to response and recognition against new attack type. Therefore, it requires method to heighten the detection rate about a various large dataset and to reduce the false-positive. In this paper, we propose method to reduce the false-positive using multi-level detection algorithm, that is combine the multidimensional Apriori algorithm and the modified Negative Selection algorithm. And we apply this algorithm in intrusion detection and, to be sure, it has a good performance.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.1614-1615
• /
• 2011

It is difficult to differentially diagnose between lung cancer and benign inflammatory lung lesion due to high false positive rate on F-18 FDG-PET. We investigated whether application of artificial neural network to this diagnosis may be helpful. We reviewed the medical records and F-18 FDG PET images of 12 patients, selecting clinical and PET variables such as SUV. For selected variables and confirm, multilayer neural perceptron was applied in crossvalidation method and compared to visual interpretation. Neural network correctly classified the lung lesions in 83%, and reduced greately the false positive rate. However, false negative rate was not influenced. Application of neural network to the differential diagnosis between lung cancer and benigh inflammatory lesion may be helpful. Further studies with more patients are warranted.

• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.622-627
• /
• 2022

This paper proposes an intrusion detection system for in-vehicle network to improve detection performance considering attack counts and attack types. In intrusion detection system, both FNR (False Negative Rate), where intrusion frame is misjudged as normal frame, and FPR (False Positive Rate), where normal frame is misjudged as intrusion frame, seriously affect vechicle safety. This paper proposes a novel intrusion detection algorithm to improve both FNR and FPR, where data frame previously detected as intrusion above certain attack counts is automatically detected as intrusion and the automatic intrusion detection method is adaptively applied according to attack types. From the simulation results, the propsoed method effectively improve both FNR and FPR in DoS(Denial of Service) attack and spoofing attack.

• Journal of IKEEE
• /
• v.9 no.2 s.17
• /
• pp.108-114
• /
• 2005

While E-mail has become an important way of communications in IT societies, it creates various social problems due to increase of spam mails. Even though many organizations and corperations have been doing researches to develop spam mail blocking technologies, more cost and system complexities are required because of varieties of blocking technologies. In case of adopting spam blocking technologies, system reliability largely relies on the False-positive error rate with the order of employing spam blocking filters. In this paper, a False-positive mail recovery technique based on privacy information is proposed and implemented in order to improve the reliability of spam locking filters. Through the implemented prototype, recovery procedure for False-positive mails is verified and the results are summarized and analyzed.

• The Korean Journal of Applied Statistics
• /
• v.32 no.4
• /
• pp.593-605
• /
• 2019

Significant literature exists on the area under the ROC curve (AUC) and the volume under the ROC surface (VUS) which are statistical measures of the discriminant power of classification models. Whereas the partial AUC is restricted on the false positive rate, the two-way partial AUC is restricted on both the false positive rate and true positive rate, which could be more efficient and accurate than partial AUC. The two-way partial AUC was suggested as more efficient and accurate than the partial AUC. Partial VUS as well as the three-way partial VUS were also developed for the ROC surface. A proposed AUC is expressed in this paper with probability and integration using two truncated distribution functions restricted on both the false positive rate and true positive rate. It is also found that this AUC has a relation with the two-way partial AUC. The three-way partial VUS for the ROC surface is also related to the VUS using truncated distribution functions. These AUC and VUS are represented and estimated in terms of Mann-Whitney statistics. Their parametric and non-parametric estimation methods are explored based on normal distributions and random samples.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.29-39
• /
• 2002

In general, the intrusion detection method of anomalous behaviors has high false alarm rate which contains false-positive and false-negative. To increase the sensitivity of intrusion detection, we propose a method of aggregate detection to reduce false alarm rate by using correlation between misuse activity detection sensors and anomalous ones. For each normal behavior and anomalous one, we produce the reflection rate between the result from one sensor and another in off-line. Then, we apply this rate to the result of real-time detection to reduce false alarm rate.

• Journal of The Korean Society of Inherited Metabolic disease
• /
• v.16 no.1
• /
• pp.18-23
• /
• 2016

Objective: Newborn screening leads to improved treatment and disease outcomes, but false-positive newborn screening results may impact include parental stress and anxiety, perception of child as unhealthy, parent-child relationship dysfunction, and increased infant hospitalizations. The purpose of this study was to investigate of the false positive rates and the causative factors of false positive results in Tandem Mass Spectrometry (TMS) in single center. Methods: Records were reviewed for all 18,872 subjects who were born in Cheill General Hospital, during January 1st, 2012 to December 31st, 2014. 17,292 neonates (91.62%) were tested for tandem mass screening almost in 2-5th day of life. Newborn babies whose first results were abnormal had been tested repeatedly by same methods in 7-14 day. If the results were abnormal again, further evaluation was performed. TMS analysis included data for the 43 disorders screened for using TMS broken down into three categories: fatty acid oxidation disorders, organic acidurias, and aminoacidopathies. The impact of several factors on increased false positive rates was analyzed using a multivariate analysis: time from birth to sample collection, birth weight, birth height, BMI, gender, gestational age, delivery type. Results: Males of the subjects were 8942 (51.7%), female 8350 (48.3%), the mean gestational age was $38.6{\pm}1.7$ weeks, the average birth weight $3,155.6{\pm}502.4g$, the average birth height $49.1{\pm}2.9cm$, and the average BMI $13.0{\pm}3.8(kg/m^2)$. Vaginal delivery cases were 9713 (56.2%), caesarean section 7,579 (43.8%). The average date of the inspection was $2.8{\pm}1.1$ days. 224 cases were identified as TMS positive. All the subjects were false positive (222/17,292, 1.30%) except 2 cases (1 male; benign phenylketonuria and 1 female; Short chain acyl-CoA dehydrogenase deficiency). The false positive rates were 0.61% in fatty acid oxidation disorders, 0.25% in organic acidurias, and 0.45% in aminoacidopathies. In our study, the date of inspection got late, the false positive rates got higher. Because almost the cases of late test date were in treatment in neonatal intensive care unit so their test date was affected by their medical conditions. False positive rate was higher in extreme immaturity${\leq}27$ weeks than newborns of gestational age >27 weeks [OR=6.957 (CI=1.273-38.008), p<0.025] and extremely low birth weight<1,000 g than newborns of birthweight ${\geq}1,000g$ [OR=5.616 (CI=1.134-27.820), p<0.035]. Conclusion: False positive rate of TMS was 1.30% in Cheil General Hospital. Lower gestational age and birth weight impacted on increased false positive rates. Better understanding of factors that influence the reporting of screening tests, and the ability to modify these important factors, may improve the screening process and reduce the need for retesting. of screening tests, and the ability to modify these important factors, may improve the screening process and reduce the need for retesting.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2005.04a
• /
• pp.403-414
• /
• 2005

Most of the currently used spam-filters are based on a Bayesian classification technique, where some serious problems occur such as a limited precision/recall rate and the false positive error. This paper addresses a solution to the problems using a modified Bayesian classifier based on chi-square statistics. The resulting spam-filter is more accurate and flexible than traditional Bayesian spam-filters and can be a personalized one providing some parameters when the filter is teamed from training data.

• The Korean Journal of Cytopathology
• /
• v.1 no.1
• /
• pp.51-59
• /
• 1990

Fine needle aspiration biopsy cytology (FNA) for diagnosis of a variety of breast tumors has been proven to be a simple, safe, and cost saving diagnostic methodology with high accuracy. Cytologic specimens from 1,029 fine needle aspirations of the breast during last 3-year period were reviewed and subsequent biopsies from 107 breast lesions were reevaluated for cytohistological correlation. FNA had a sensitivity of 81.6% and a specificity of 98.3%. One oui of 107 cases biopsied revealed a false positive result (0.9%) and the case was due to misinterpretation of apocrine metaplastic cells in necrotic backgound as malignant cells. A false negative rate was 8.4% (9 of 107 cases biopsied). Six of 9 false negative cases were resulted from insufficient aspirates for diagnosis, and remaining three of 9 false negative cases revealed extensive necrosis with no or scanty viable cells on smears. The results indicate that for reducing false positive and false negative rates of FNA, an experienced cytopathologist and a proficient aspirator are of great importance.