• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.99-108
• /
• 2010

The traffic classification is a preliminary but essentialstep for stable network service provision and efficient network resource management. While various classification methods have been introduced in literature, the payload signature-based classification is accepted to give the highest performance in terms of accuracy, completeness, and practicality. However, the collection and maintenance of up-to-date signatures is very difficult and time consuming process to cope with the dynamics of Internet traffic over time. In this paper, We propose an automatic payload signature generation mechanism which reduces the time for signature generation and increases the granularity of signatures. Furthermore, We describe a signature update system to keep the latest signatures over time. By experiments with our campus network traffic we proved the feasibility of our mechanism.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.808-810
• /
• 2013

최근 인터넷 사용이 보편화됨과 더불어 정치적, 경제적인 목적으로 웹사이트와 이메일을 악용한 악성 코드가 급속히 유포되고 있다. 유포된 악성코드의 대부분은 기존 악성코드를 변형한 변종 악성코드이다. 이에 변종 악성코드를 탐지하기 위해 유사 악성코드를 분류하는 연구가 활발하다. 그러나 기존 연구에서는 정적 분석을 통해 얻어진 정보를 가지고 분류하기 때문에 실제 발생되는 행위에 대한 분석이 어려운 단점이 있다. 본 논문에서는 악성코드가 호출하는 API(Application Program Interface) 정보를 추출하고 유사도를 분석하여 악성코드를 분류하는 기법을 제안한다. 악성코드가 호출하는 API의 유사도를 분석하기 위해서 동적 API 후킹이 가능한 악성코드 API 분석 시스템을 개발하고 퍼지해시(Fuzzy Hash)인 ssdeep을 이용하여 비교 가능한 고유패턴을 생성하였다. 실제 변종 악성코드 샘플을 대상으로 한 실험을 수행하여 제안하는 악성코드 분류 기법의 유용성을 확인하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.7
• /
• pp.2667-2682
• /
• 2015

Due to the wide application of face recognition (FR) in information security, surveillance, access control and others, it has received significantly increased attention from both the academic and industrial communities during the past several decades. However, partial face occlusion is one of the most challenging problems in face recognition issue. In this paper, a novel method based on linear regression-based classification (LRC) algorithm is proposed to address this problem. After all images are downsampled and divided into several blocks, we exploit the evaluator of each block to determine the clear blocks of the test face image by using linear regression technique. Then, the remained uncontaminated blocks are utilized to partial occluded face recognition issue. Furthermore, an improved Distance-based Evidence Fusion approach is proposed to decide in favor of the class with average value of corresponding minimum distance. Since this occlusion removing process uses a simple linear regression approach, the completely computational cost approximately equals to LRC and much lower than sparse representation-based classification (SRC) and extended-SRC (eSRC). Based on the experimental results on both AR face database and extended Yale B face database, it demonstrates the effectiveness of the proposed method on issue of partial occluded face recognition and the performance is satisfactory. Through the comparison with the conventional methods (eigenface+NN, fisherfaces+NN) and the state-of-the-art methods (LRC, SRC and eSRC), the proposed method shows better performance and robustness.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.7
• /
• pp.3286-3300
• /
• 2016

High Efficiency Video Coding (HEVC) Standard, as the latest coding standard, introduces satisfying compression structures with respect to its predecessor Advanced Video Coding (H.264/AVC). The new coding standard can offer improved encoding performance compared with H.264/AVC. However, it also leads to enormous computational complexity that makes it considerably difficult to be implemented in real time application. In this paper, based on machine learning, a fast partitioning method is proposed, which can search for the best splitting structures for Intra-Prediction. In view of the video texture characteristics, we choose the entropy of Gray-Scale Difference Statistics (GDS) and the minimum of Sum of Absolute Transformed Difference (SATD) as two important features, which can make a balance between the computation complexity and classification performance. According to the selected features, adaptive decision trees can be built for the Coding Units (CU) with different size by offline training. Furthermore, by this way, the partition of CUs can be resolved as a binary classification problem. Experimental results have shown that the proposed algorithm can save over 34% encoding time on average, with a negligible Bjontegaard Delta (BD)-rate increase.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.5765-5781
• /
• 2018

Extreme learning machine (ELM) is emerging as a powerful machine learning method in a variety of application scenarios due to its promising advantages of high accuracy, fast learning speed and easy of implementation. However, how to select the optimal hidden layer of ELM is still an open question in the ELM community. Basically, the number of hidden layer nodes is a sensitive hyperparameter that significantly affects the performance of ELM. To address this challenging problem, we propose to adopt multiple kernel learning (MKL) to design a multi-hidden-layer-kernel ELM (MHLK-ELM). Specifically, we first integrate kernel functions with random feature mapping of ELM to design a hidden-layer-kernel ELM (HLK-ELM), which serves as the base of MHLK-ELM. Then, we utilize the MKL method to propose two versions of MHLK-ELMs, called sparse and non-sparse MHLK-ELMs. Both two types of MHLK-ELMs can effectively find out the optimal linear combination of multiple HLK-ELMs for different classification and regression problems. Experimental results on seven data sets, among which three data sets are relevant to classification and four ones are relevant to regression, demonstrate that the proposed MHLK-ELM achieves superior performance compared with conventional ELM and basic HLK-ELM.

• Journal of the Korea Safety Management & Science
• /
• v.4 no.2
• /
• pp.103-111
• /
• 2002

Nowdays cyber education based on the internet is actively developed. But the management of the customers in the cyber education field is not enough. Then, in this paper, we provide the learner with the proposals of lectures to be extremely matched by analyzing the learning capacity and the greatest concern of him(her) using the methods of data mining, such as RFM, prediction, slickness, association rule, classification, and so on.

• Journal of Korean Library and Information Science Society
• /
• v.35 no.4
• /
• pp.1-21
• /
• 2004

The purpose of this study is to investigate historical backgrounds, maintenance, revision and application areas of UDC(Universal Decimal Classification) in order to understand current issues of it systematically. Since 1905, n has been extensively developed and is now administered by UDC Consortium(UDCC). UDCC updates MRF(Master Reference File), an electronic form of the UDC schedules, once a year. UDC updates and publishes standard edition extended edition, and abridged edition according to the degrees of notion abridgement, and is available on the web. UDC can be now applicable to collection arrangement, SDI(Selective Dissemination of Information) service, searching subject bibliographies, switching language or subject gateway and metadata on the Internet, and automatic classification.

• Journal of Korean Library and Information Science Society
• /
• v.33 no.2
• /
• pp.189-210
• /
• 2002

Constructional media centers connected to education of library and information science sets laboratory rooms for practical classification and cataloging classes; laboratory rooms for film media which can utilize advanced media, listening tools, and practical materials; information management laboratory rooms which can experience the various information research methods through the Internet, cultivate the ability of information application, and teach the curriculum of library and information science related to computers.

• The Journal of Information Systems
• /
• v.14 no.3
• /
• pp.97-104
• /
• 2005

The paper proposes an implementation architecture of DiffServ-over-MPLS traffic engineering (TE) on Intel IXP2400 network processor using Intel IXA SDK 4.0 Framework. Program architecture and functions are described. Also fast and scalable range-match classification scheme is proposed for DiffServ-over-MPLS TE that has been integrated with functional blocks from Intel Microblocks library. Performance test shows that application can process packets at approximate data rate of 3.5 Gbps. The proposed implementation architecture of DiffServ-over-MPLS TE on Network processor can provide guaranteed QoS on high-speed next generation Internet, while being flexible and easily modifiable.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.9-13
• /
• 2005

Computer security has become a critical issue with the rapid development of business and other transaction systems over the Internet. The application of artificial intelligence, machine learning and data mining techniques to intrusion detection systems has been increasing recently. But most research is focused on improving the classification performance of a classifier. Selecting important features from input data leads to simplification of the problem, and faster and more accurate detection rates. Thus selecting important features is an important issue in intrusion detection. Another issue in intrusion detection is that most of the intrusion detection systems are performed by off-line and it is not a suitable method for a real-time intrusion detection system. In this paper, we develop the real-time intrusion detection system, which combines an on-line feature extraction method with the Least Squares Support Vector Machine classifier. Applying the proposed system to KDD CUP 99 data, experimental results show that it has a remarkable feature extraction and classification performance compared to existing off-line intrusion detection systems.