• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.490-493
• /
• 2020

오늘날 정보통신 기술이 급격하게 발달하면서 IT 인프라에서 보안의 중요성이 높아졌고 동시에 APT(Advanced Persistent threat)처럼 고도화되고 다양한 형태의 공격이 증가하고 있다. 점점 더 고도화되는 공격을 조기에 방어하거나 예측하는 것은 매우 중요한 문제이며, NIDS(Network-based Intrusion Detection System) 관련 데이터 분석만으로는 빠르게 변형하는 공격을 방어하지 못하는 경우가 많이 보고되고 있다. 따라서 HIDS(Host-based Intrusion Detection System) 데이터 분석을 통해서 위와 같은 공격을 방어하는데 현재는 침입탐지 시스템에서 생성된 데이터가 주로 사용된다. 하지만 데이터가 많이 부족하여 과거에 생성된 DARPA(Defense Advanced Research Projects Agency) 침입 탐지 평가 데이터 세트인 KDD(Knowledge Discovery and Data Mining) 같은 데이터로 연구를 하고 있어 현대 컴퓨터 시스템 특정을 반영한 데이터의 비정상행위 탐지에 대한 연구가 많이 부족하다. 본 논문에서는 기존에 사용되었던 데이터 세트에서 결여된 스레드 정보, 메타 데이터 및 버퍼 데이터를 포함하고 있으면서 최근에 생성된 LID-DS(Leipzig Intrusion Detection-Data Set) 데이터를 이용한 분석 비교 연구를 통해 앞으로 호스트 기반 침입 탐지 데이터 시스템의 나아갈 새로운 연구 방향을 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.526-529
• /
• 2020

최근 네트워크 환경에 대한 공격이 급속도로 고도화 및 지능화 되고 있기에, 기존의 시그니처 기반 침입탐지 시스템은 한계점이 명확해지고 있다. 이러한 문제를 해결하기 위해서 기계학습 기반의 침입 탐지 시스템에 대한 연구가 활발히 진행되고 있지만 기계학습을 침입 탐지에 이용하기 위해서는 두 가지 문제에 직면한다. 첫 번째는 실시간 탐지를 위한 학습과 연관된 중요 특징들을 선별하는 문제이며 두 번째는 학습에 사용되는 데이터의 불균형 문제로, 기계학습 알고리즘들은 데이터에 의존적이기에 이러한 문제는 치명적이다. 본 논문에서는 위 제시된 문제들을 해결하기 위해서 Hybrid Feature Selection과 Data Balancing을 통한 심층 신경망 기반의 네트워크 침입 탐지 모델을 제안한다. NSL-KDD 데이터 셋을 통해 학습을 진행하였으며, 평가를 위해 Accuracy, Precision, Recall, F1 Score 지표를 사용하였다. 본 논문에서 제안된 모델은 Random Forest 및 기본 심층 신경망 모델과 비교해 F1 Score를 기준으로 7~9%의 성능 향상을 이루었다.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.170-178
• /
• 2024

Through the growth of the fifth-generation networks and artificial intelligence technologies, new threats and challenges have appeared to wireless communication system, especially in cybersecurity. And IoT networks are gradually attractive stages for introduction of DDoS attacks due to integral frailer security and resource-constrained nature of IoT devices. This paper emphases on detecting DDoS attack in wireless networks by categorizing inward network packets on the transport layer as either "abnormal" or "normal" using the integration of machine learning algorithms knowledge-based system. In this paper, deep learning algorithms and CNN were autonomously trained for mitigating DDoS attacks. This paper lays importance on misuse based DDOS attacks which comprise TCP SYN-Flood and ICMP flood. The researcher uses CICIDS2017 and NSL-KDD dataset in training and testing the algorithms (model) while the experimentation phase. accuracy score is used to measure the classification performance of the four algorithms. the results display that the 99.93 performance is recorded.

• Journal of Nutrition and Health
• /
• v.56 no.5
• /
• pp.537-553
• /
• 2023

Purpose: The purpose of this study was to evaluate the nutritional quality of complementary baby food products sold in Korea according to the baby food stages and food composition. Methods: A total of 1,587 complementary food products sold online and offline between March and December 2021 were investigated. They ranged from liquid meals to solid rice for babies aged 5 to 36 months. Results: The number of intakes per packaged volume was 2.8 in Stage 1, 1.9 in Stage 2, 1.4 in Stage 3, and 1.1 in Stage 4 (p < 0.0001). The dietary variety scores (DVS) of the complementary baby food products were 3.4 in Stage 1, 5.5 in Stage 2, 7.1 in Stage 3, and 9.7 in Stage 4 (p < 0.0001) and showed a significant increase in the later stages. The Korean dietary diversity score (KDDS) significantly increased from 2.3 in Stage 1, to 2.8 in Stage 2, 3.0 in Stage 3, and 3.4 in Stage 4 (p < 0.0001). The higher the baby food stage, the higher the proportion of grains/meat/vegetable ingredients. The ratio of protein intake to Adequate Intake (AI) or Recommended Nutrition Intake (RNI) was higher in products with a KDDS of 3 points or more, or in products with 2 points or fewer in Stages 1 and 2 (p < 0.0001, respectively). The ratio of protein intake to RNI increased as the KDDS score increased in Stages 3 and 4 (p < 0.0001, respectively). For all stages of baby foods, the ratio of protein intake to AI or RNI was high in products that included the meat group (beans, nuts, meat, eggs, fish, and shellfish) (p < 0.0001, respectively). Conclusion: Continuous research and nutritional evaluation are required for establishing nutrient content standards for commercially available baby foods, considering breast milk intake.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.4
• /
• pp.811-817
• /
• 2009

The rapid growth of network based IT systems has resulted in continuous research of security issues. Probe intrusion detection is an area of increasing concerns in the internet community. Recently, a number of probe intrusion detection schemes have been proposed based on various technologies. However, the techniques, which have been applied in many systems, are useful only for the existing patterns of probe intrusion. They can not detect new patterns of probe intrusion. Therefore, it is necessary to develop a new Probe Intrusion Detection technology that can find new patterns of probe intrusion. In this paper, we proposed a new network based probe intrusion detector(NePID) using anomaly traffic analysis and fuzzy cognitive maps that can detect intrusion by the denial of services attack detection method utilizing the packet analyses. The probe intrusion detection using fuzzy cognitive maps capture and analyze the packet information to detect syn flooding attack. Using the result of the analysis of decision module, which adopts the fuzzy cognitive maps, the decision module measures the degree of risk of denial of service attack and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.094% and the max-average false negative rate of 2.936%. The true positive error rate of the NePID is similar to that of Bernhard's true positive error rate.

• Proceedings of the Korea Contents Association Conference
• /
• 2007.11a
• /
• pp.167-171
• /
• 2007

Application areas of Knowledge Discovery in Database (KDD) have been expanded into many R&D management processes including technology trends analysis, forecasting and evaluation etc. Established research field such as informetrics (or scientometrics) has recently fully utilized techniques or methods of KDD. Various systems have been developed to support works of analyzing large-scale R&D related databases such as patent DB or bibliographic DB by a few researchers or institutions. But extant systems have some problems for korean users to use. Their prices is not cheap, korean language process not available, and user's demands not reflected. To solve these problems, Korea Institute of Science and Technology Information (KISTI) developed stand-alone type information analysis system named as KnowledgeMatrix. KnowledgeMatrix system offer various functions to analyze retrieved data set from databases. Knowledge Matrix main operation unit is composed of user-defined lists and matrix generation, cluster analysis, visualization, data pre-processing. KnowledgeMatrix show better performances and offer more various functions than extant systems.

• The Journal of the Korea Contents Association
• /
• v.8 no.1
• /
• pp.68-74
• /
• 2008

Application areas of Knowledge Discovery in Database(KDD) have been expanded to many R&D management processes including technology trends analysis, forecasting and evaluation etc. Established research field such as informetrics (or scientometrics) has utilized techniques or methods of KDD. Various systems have been developed to support works of analyzing large-scale R&D related databases such as patent DB or bibliographic DB by a few researchers or institutions. But extant systems have some problems for korean users to use. Their prices is not moderate, korean language processing is impossible, and user's demands not reflected. To solve these problems, Korea Institute of Science and Technology Information(KISTI) developed stand-alone type information analysis system named as KnowledgeMatrix. KnowledgeMatrix system offer various functions to analyze retrieved data set from databases. KnowledgeMatrix's main operation unit is composed of user-defined lists and matrix generation, cluster analysis, visualization, data pre-processing. Matrix generation unit help extract information items which will be analyzed, and calculate occurrence, co-occurrence, proximity of the items. Cluster analysis unit enable matrix data to be clustered by hierarchical or non-hierarchical clustering methods and present tree-type structure of clustered data. Visualization unit offer various methods such as chart, FDP, strategic diagram and PFNet. Data pre-processing unit consists of data import editor, string editor, thesaurus editor, grouping method, field-refining methods and sub-dataset generation methods. KnowledgeMatrix show better performances and offer more various functions than extant systems.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.2
• /
• pp.703-711
• /
• 2016

IDS (Intrusion Detection System) is used to detect network attacks through network data analysis. The system requires a high accuracy and detection rate, and low false alarm rate. In addition, the system uses a range of techniques, such as expert system, data mining, and state transition analysis to analyze the network data. The purpose of this study was to compare the performance of two data mining methods for detecting network attacks. They are Support Vector Machine (SVM) and a neural network called Forward Additive Neural Network (FANN). The well-known KDD Cup 99 training and test data set were used to compare the performance of the two algorithms. The accuracy, detection rate, and false alarm rate were calculated. The FANN showed a slightly higher false alarm rate than the SVM, but showed a much higher accuracy and detection rate than the SVM. Considering that treating a real attack as a normal message is much riskier than treating a normal message as an attack, it is concluded that the FANN is more effective in intrusion detection than the SVM.

• The Journal of the Acoustical Society of Korea
• /
• v.15 no.4
• /
• pp.24-31
• /
• 1996

In this paper, we present a speech translation system for hotel reservation, KT_STS(Korea Telecom Speech Translation System). KT-STS is a speech-to-speech translation system which translates a spoken utterance in Korean into one in Japanese. The system has been designed around the task of hotel reservation(dialogues between a Korean customer and a hotel reservation de나 in Japan). It consists of a Korean speech recognition system, a Korean-to-Japanese machine translation system and a korean speech synthesis system. The Korean speech recognition system is an HMM(Hidden Markov model)-based speaker-independent, continuous speech recognizer which can recognize about 300 word vocabularies. Bigram language model is used as a forward language model and dependency grammar is used for a backward language model. For machine translation, we use dependency grammar and direct transfer method. And Korean speech synthesizer uses the demiphones as a synthesis unit and the method of periodic waveform analysis and reallocation. KT-STS runs in nearly real time on the SPARC20 workstation with one TMS320C30 DSP board. We have achieved the word recognition rate of 94. 68% and the sentence recognition rate of 82.42% after the speech recognition tests. On Korean-to-Japanese translation tests, we achieved translation success rate of 100%. We had an international joint experiment in which our system was connected with another system developed by KDD in Japan using the leased line.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.79-85
• /
• 2022

Anomaly detection is a method to detect and block abnormal data flows in general users' data sets. The previously known method is a method of detecting and defending an attack based on a signature using the signature of an already known attack. This has the advantage of a low false positive rate, but the problem is that it is very vulnerable to a zero-day vulnerability attack or a modified attack. However, in the case of anomaly detection, there is a disadvantage that the false positive rate is high, but it has the advantage of being able to identify, detect, and block zero-day vulnerability attacks or modified attacks, so related studies are being actively conducted. In this study, we want to deal with these anomaly detection mechanisms, and we propose a new mechanism that performs both anomaly detection and classification while supplementing the high false positive rate mentioned above. In this study, the experiment was conducted with five configurations considering the characteristics of various algorithms. As a result, the model showing the best accuracy was proposed as the result of this study. After detecting an attack by applying the Extra Tree and Three-layer ANN at the same time, the attack type is classified using the Extra Tree for the classified attack data. In this study, verification was performed on the NSL-KDD data set, and the accuracy was 99.8%, 99.1%, 98.9%, 98.7%, and 97.9% for Normal, Dos, Probe, U2R, and R2L, respectively. This configuration showed superior performance compared to other models.