• Journal of the Korean Institute of Intelligent Systems
• /
• v.26 no.5
• /
• pp.361-367
• /
• 2016

The intruder detection system using digital PIR sensor has the problem that it can't recognize human correctly. In this paper, we suggest a new intruder detection system based on analog PIR sensor to get around the drawbacks of the digital PIR sensor. The analog type PIR sensor emits the voltage output at various levels whereas the output of the digitial PIR sensor is binary. The signal captured using analog PIR sensor is sampled, and its frequency feature is extracted using FFT or MFCC. The extracted features are used for the input of neural networks. After neural network is trained using various human and pet's intrusion data, it is used for classifying human and pet in the intrusion situation.

• The KIPS Transactions:PartC
• /
• v.9C no.4
• /
• pp.473-480
• /
• 2002

Although many researches on IDS (Intrusion Detection System) have been performed, the most of them are limited to the algorithm of detection software. However, even an IDS with superior algorithm can not detect intrusion, if it loses packets which nay have a clue of intrusions. In this paper, we suggest an efficient wav to improve the performance of IDS by reducing packet losses occurred due to hardware limitation and abundant processing overhead introduced by massive detection software itself. The reduction in packet losses is achieved by dropping hacking-free packets. The result shows that this decrease of packet losses leads an IDS to improve the detection rate of real attack.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.9B
• /
• pp.914-922
• /
• 2009

In this paper, we propose a matrix based real-time pattern matching method, called MDPI, for real-time intrusion detection on several Gbps network traffic. Particularly, in order to minimize a kind of overhead caused by buffering, reordering, and reassembling under the circumstance where the incoming packet sequence is disrupted, MDPI adopts independent partial matching in the case dealing with pattern matching matrix. Consequently, we achieved the performance improvement of the amount of 61% and 50% with respect to TCAM method efficiency through several experiments where the average length of the Snort rule set was maintained as 9 bytes, and w=4 bytes and w=8bytes were assigned, respectively, Moreover, we observed the pattern scan speed of MDPI was 10.941Gbps and the consumption of hardware resource was 5.79LC/Char in the pattern classification of MDPI. This means that MDPI provides the optimal performance compared to hardware complexity. Therefore, by decreasing the hardware cost came from the increased TCAM memory efficiency, MDPI is proven the cost effective high performance intrusion detection technique.

• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.95-102
• /
• 2023

The emergence of Internet of Things (IoT) into our daily lives has grown rapidly. It's been integrated to our homes, cars, and cities, increasing the intelligence of devices involved in communications. Enormous amount of data is exchanged over smart devices through the internet, which raises security concerns in regards of privacy evasion. This paper is focused on the forensics and intrusion detection on one of the most common protocols in IoT environments, especially smart home environments, which is the Message Queuing Telemetry Transport (MQTT) protocol. The paper covers general IoT infrastructure, MQTT protocol and attacks conducted on it, and multiple network forensics frameworks in smart homes. Furthermore, a machine learning model is developed and tested to detect several types of attacks in an IoT network. A forensics tool (MQTTracker) is proposed to contribute to the investigation of MQTT protocol in order to provide a safer technological future in the warmth of people's homes. The MQTT-IOT-IDS2020 dataset is used to train the machine learning model. In addition, different attack detection algorithms are compared to ensure the suitable algorithm is chosen to perform accurate classification of attacks within MQTT traffic.

• Journal of the Korea Convergence Society
• /
• v.10 no.11
• /
• pp.1-7
• /
• 2019

Recently, various approaches to detect network attacks using machine learning have been studied and are being applied to detect new attacks and to increase precision. However, the machine learning method is dependent on feature extraction and takes a long time and complexity. It also has limitation of performace due to learning data imbalance. In this study, we propose a method to solve the degradation of classification performance due to imbalance of learning data among the limit points of detection system. To do this, we generate data using Generative Adversarial Networks (GANs) and propose a classification method using Convolutional Neural Networks (CNNs). Through this approach, we can confirm that the accuracy is improved when applied to the NSL-KDD and UNSW-NB15 datasets.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.785-796
• /
• 2012

In this paper, we propose an effective Behavior-based detection technique using the frequency of system calls to detect malicious code, when the number of training data is fewer than the number of properties on system calls. In this study, we collect the Native APIs which are Windows kernel data generated by running program code. Then we adopt the normalized freqeuncy of Native APIs as the basic properties. In addition, the basic properties are transformed to new properties by GLDA(Generalized Linear Discriminant Analysis) that is an effective method to discriminate between malicious code and normal code, although the number of training data is fewer than the number of properties. To detect the malicious code, kNN(k-Nearest Neighbor) classification, one of the bayesian classification technique, was used in this paper. We compared the proposed detection method with the other methods on collected Native APIs to verify efficiency of proposed method. It is presented that proposed detection method has a lower false positive rate than other methods on the threshold value when detection rate is 100%.

• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.427-434
• /
• 2006

Broadband Convergence Network(BcN) is a critical infrastructure to provide wired-and-wireless high-quality multimedia services by converging communication and broadcasting systems, However, there exist possible danger to spread the damage of an intrusion incident within an individual network to the whole network due to the convergence and newly generated threats according to the advent of various services roaming vertically and horizontally. In order to cope with these new threats, we need to analyze the vulnerabilities of BcN in a system architecture aspect and classify them in a systematic way and to make the results to be utilized in preparing proper countermeasures, In this paper, we propose a new classification of vulnerabilities which has been extended from the ITU-T recommendation X.805, which defines the security related architectural elements. This new classification includes system elements to be protected for each service, possible attack strategies, resulting damage and its criticalness, and effective countermeasures. The new classification method is compared with the existing methods of CVE(Common Vulnerabilities and Exposures) and CERT/CC(Computer Emergency Response Team/Coordination Center), and the result of an application to one of typical services, VoIP(Voice over IP) and the development of vulnerability database and its management software tool are presented in the paper. The consequence of the research presented in the paper is expected to contribute to the integration of security knowledge and to the identification of newly required security techniques.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.121-130
• /
• 2020

This paper suggests evaluating the military closed network data as an image which is generated by Generative Adversarial Network (GAN), applying an image evaluation method such as the InceptionV3 model-based Inception Score (IS) and Frechet Inception Distance (FID). We employed the famous image classification models instead of the InceptionV3, added layers to those models, and converted the network data to an image in diverse ways. Experimental results show that the Densenet121 model with one added Dense Layer achieves the best performance in data converted using the arctangent algorithm and 8 * 8 size of the image.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.6
• /
• pp.267-273
• /
• 2011

The importance of networking capability is gaining more weight for enterprise business and high-speed Internet access with guaranteed security management is essential to companies. This paper presents a unified network security management solution to support high-speed Internet access, active security management, traffic classification and control. The presented system provides firewall, VPN, intrusion detection, contents filtering, traffic management, QoS management, and history log functions in unified manner implemented in a single appliance device located at the edge of enterprise networks. This will enable cost effective unified network security solution to companies.

• Journal of Korean Society of Water and Wastewater
• /
• v.33 no.4
• /
• pp.259-268
• /
• 2019

One of the most effective methods to consistently ensure the safety of a tap water supply can be achieved by application of a comprehensive risk assessment and risk management approach for drinking water supply systems. This approach can be termed water safety plans(WSP) which recommended by WHO(world health organization) and IWA(international water association). For the introduction of WSP into Korea, 150 hazards were identified all steps in drinking water supply from catchment to consumer and risk assessment tool based on frequency and consequence of hazards were developed. Then, developed risk assessment tool by this research was implemented at a water treatment plant($Q=25,000m^3/d$) to verify its applicability, and several amendments were recommended; classification of water source should be changed from groundwater to stream to strengthen water quality monitoring contaminants and frequencies; installation of aquarium to monitor intrusion of toxic substances into raw water; relocation or new installation on-line water quality analyzers for efficient water quality monitoring; change of chlorination chemical from solid phase($Ca(OCl)_2$) to liquid phase(NaOCl) to improve soundness of chlorination. It was also meaningful to propose hazards and risk assessment tool appropriate for Korea drinking water supply systems through this research which has been inconsistent among water treatment authorities.