• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

• Journal of Korea Technical Association of The Pulp and Paper Industry
• /
• v.46 no.1
• /
• pp.29-38
• /
• 2014

Guar gum is added to the pulp suspension at the suction side of the fan pump just before the sheet is formed on either a fourdrinier or cylinder machine. Guar gum replaced and supplements these hemicelluloses in paper bonding with many advantages, which include improved sheet formation with a more random distribution of pulp fibers. But, guar gum has serious storage problem. This material has easily decayed after High-temperature conditions such as summer. In this study, various properties of cotton handsheet were measured to solve the problem of deformation while storing guar gum and to improve the durability. After aging, which is one of the durability tests, cotton handsheet with 0.2% and 0.3% of A-PAM showed improved mechanical properties and bursting index and folding endurance of cotton handsheet with 0.3% of A-PAM were similar to those with guar gum. The yellowness loss of cotton handsheet with synthetic polymers was lower than those with guar gum.

• Journal of Biomedical Engineering Research
• /
• v.14 no.4
• /
• pp.327-332
• /
• 1993

Automatic transmission of data from the blood analyzer to the request site is one of the most important part in hospital computerization. We have developed a system that transmits data from the arterial blood gas analyzer to the request site automatically In this system HOST computer, FILE server,'LAN(Local Area Network) , 3270 Emulator and bfulti-port card are integrated with 3 blood gas analyzers(NOVA Inc., USA) which are connected to a single multi-port card in a personal computer. When specimen are collected from tramp)inly sites, they are transferee to the laboratory In the Yonsei Cardiovascular Center After analysis, the result is transmitted to the personal computer via serial commnunication between machine and multi-port card using interrupt method. Then, the patient's information (Name, Patient ID No., etc.) is obtained from the HOST computer througth the emulator. The combined data (patient information & lab data) is transmitted to each request site via LAN automatically These results are stored in the File Server for one year and they can be reviewed anytime. Also, it could be used for the various statistics and the flow chart for clinical research. Additionally, we found thal this system reduces the personal labor.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.12
• /
• pp.1775-1784
• /
• 2002

Fingerprint recognition technology is used in many biometrics field accordingly essential feature of fingerprint image and the study is progressing. However development is not perfect in performance of the fingerprint recognition and application of the usual life. In the paper, we study various necessity of preprocessing according to algorithm and circumstances of authentication system in automatic information machine. We prove that system circumstance and optation of fingerprints image effectively is the important factor by using optical fingerprint input device and scanning the fingerprint in ID card. And then we present correct and fast computation method for improving image and feature extraction of fingerprint. Also we study effective algorithm implementation of total system.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.181-188
• /
• 2019

Recently, attempts to apply artificial intelligence technology to create the normal profile in Anomaly-based intrusion detection systems have been made actively. But existing studies that proposed the application of artificial intelligence technology mostly focus on improving the structure of artificial neural networks and finding optimal hyper-parameter values, and fail to address various problems that may arise from the misconfiguration of learning data. In this paper, we identify the main problems that may arise due to the misconfiguration of learning data through experiment. And we also propose a novel approach that can address such problems and improve the detection performance through reconstruction of learning data.

• Journal of Korean Institute of Industrial Engineers
• /
• v.41 no.6
• /
• pp.540-550
• /
• 2015

There have been many attempts to find knowledge from data using conventional statistics, data mining, artificial intelligence, machine learning and pattern recognition. In those research areas, knowledge is approached in two ways. Firstly, researchers discover knowledge represented in general features for universal recognition, and secondly, they discover exceptional and distinctive features. In process mining, an instance is sequential information bounded by case ID, known as process instance. Here, an exceptional process instance can cause a problem in the analysis and discovery algorithm. Hence, in this paper we develop a method to detect the knowledge of exceptional and distinctive features when performing process mining. We propose a method for anomaly detection named Distance-based Anomaly Process Instance Detection (DAPID) which utilizes distance between process instances. DAPID contributes to a discovery of distinctive characteristic of process instance. For verifying the suggested methodology, we discovered characteristics of exceptional situations from log data. Additionally, we experiment on real data from a domestic port terminal to demonstrate our proposed methodology.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.10
• /
• pp.11-21
• /
• 2018

In this paper we propose a novel log template discovery algorithm which achieves high quality of discovered log templates through iterative log filtering technique. Log templates are the static string pattern of logs that are used to produce actual logs by inserting variable values during runtime. Identifying individual logs into their template category correctly enables us to conduct automated analysis using state-of-the-art machine learning techniques. Our technique looks at the group of logs column-wise and filters the logs that have the value of the highest proportion. We repeat this process per each column until we are left with highly homogeneous set of logs that most likely belong to the same log template category. Then, we determine which column is the static part and which is the variable part by vertically comparing all the logs in the group. This process repeats until we have discovered all the templates from given logs. Also, during this process we discover the custom patterns such as ID formats that are unique to the application. This information helps us quickly identify such strings in the logs as variable parts thereby further increasing the accuracy of the discovered log templates. Existing solutions suffer from log templates being too general or too specific because of the inability to detect custom patterns. Through extensive evaluations we have learned that our proposed method achieves 2 to 20 times better accuracy.

• Industrial Engineering and Management Systems
• /
• v.1 no.1
• /
• pp.87-92
• /
• 2002

A stochastic process {$A_n$, n = 1, 2, ...} is an arithmetic process (AP) if there exists some real number, d, so that {$A_n$ + (n-1)d, n =1, 2, ...} is a renewal process (RP). AP is a stochastically monotonic process and can be used for modeling a point process, i.e. point events occurring in a haphazard way in time (or space), especially with a trend. For example, the vents may be failures arising from a deteriorating machine; and such a series of failures id distributed haphazardly along a time continuum. In this paper, we discuss estimation procedures for an AP, similar to those for a geometric process (GP) proposed by Lam (1992). Two statistics are suggested for testing whether a given process is an AP. If this is so, we can estimate the parameters d, ${\mu}_{A1}$ and ${\sigma}^{2}_{A1}$ of the AP based on the techniques of simple linear regression, where ${\mu}_{A1}$ and ${\sigma}^2_{A1}$ are the mean and variance of the first random variable $A_1$ respectively. In this paper, the procedures are, for the most part, discussed in reliability terminology. Of course, the methods are valid in any area of application, in which case they should be interpreted accordingly.

• Review of KIISC
• /
• v.32 no.4
• /
• pp.7-17
• /
• 2022

운전자 보조 시스템을 통한 차량의 전자적인 제어를 위하여, 최근 차량에 탑재된 전자 제어 장치 (ECU; Electronic Control Unit)의 개수가 급증하고 있다. ECU는 효율적인 통신을 위해서 차량용 내부 네트워크인 CAN(Controller Area Network)을 이용한다. 하지만 CAN은 기밀성, 무결성, 접근 제어, 인증과 같은 보안 메커니즘이 고려되지 않은 상태로 설계되었기 때문에, 공격자가 네트워크에 쉽게 접근하여 메시지를 도청하거나 주입할 수 있다. 악의적인 메시지 주입은 차량 운전자 및 동승자의 안전에 심각한 피해를 안길 수 있기에, 최근에는 주입된 메시지를 식별하기 위한 침입 탐지 시스템(IDS; Intrusion Detection System)에 대한 연구가 발전해왔다. 특히 최근에는 AI(Artificial Intelligence) 기술을 이용한 IDS가 다수 제안되었다. 그러나 제안되는 기법들은 특정 공격 데이터셋에 한하여 평가되며, 각 기법에 대한 탐지 성능이 공정하게 평가되었는지를 확인하기 위한 평가 프레임워크가 부족한 상황이다. 따라서 본 논문에서는 machine learning/deep learning에 기반하여 제안된 차랑용 IDS 5가지를 선정하고, 기존에 공개된 데이터셋을 이용하여 제안된 기법들에 대한 비교 및 평가를 진행한다. 공격 데이터셋에는 CAN의 대표적인 4가지 공격 유형이 포함되어 있으며, 추가적으로 본 논문에서는 메시지 주기 유형을 활용한 공격 유형을 제안하고 해당 공격에 대한 탐지 성능을 평가한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.3
• /
• pp.213-220
• /
• 2023

Face recognition is a very important process in video monitoring and is a type of biometric technology. It is mainly used for identification and security purposes, such as ID cards, licenses, and passports. The recognition process has many variables and is complex, so development has been slow. In this paper, we proposed a face recognition method using CNN, which has been re-examined due to the recent development of computers and algorithms, and compared with the feature comparison method, which is an existing face recognition algorithm, to verify performance. The proposed face search method is divided into a face region extraction step and a learning step. For learning, face images were standardized to 50×50 pixels, and learning was conducted while minimizing unnecessary nodes. In this paper, convolution and polling-based techniques, which are one of the deep learning technologies, were used for learning, and 1,000 face images were randomly selected from among 7,000 images of Caltech, and as a result of inspection, the final recognition rate was 98%.