• Journal of Korea Society of Digital Industry and Information Management
• /
• 제8권2호
• /
• pp.41-47
• /
• 2012

MANET has vulnerable structure on security owing to structural characteristics as follows. MANET consisted of moving nodes is that every nodes have to perform function of router. Every node has to provide reliable routing service in cooperation each other. These properties are caused by expose to various attacks. But, it is difficult that position of environment intrusion detection system is established, information is collected, and particularly attack is detected because of moving of nodes in MANET environment. It is not easy that important profile is constructed also. In this paper, conformal predictor - support vector machine(CP-SVM) based intrusion detection technique was proposed in order to do more accurate and efficient intrusion detection. In this study, IDS-agents calculate p value from collected packet and transmit to cluster head, and then other all cluster head have same value and detect abnormal behavior using the value. Cluster form of hierarchical structure was used to reduce consumption of nodes also. Effectiveness of proposed method was confirmed through experiment.

• The KIPS Transactions:PartC
• /
• 제10C권5호
• /
• pp.525-532
• /
• 2003

This paper describes intrusion detection rule management using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed approach, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2 (Network Simulator) with respect to time.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• 제22권4호
• /
• pp.157-163
• /
• 2022

Recently, with the development of automation in the industrial field, research on anomaly detection is being actively conducted. An application for anomaly detection used in factory automation is camera-based defect inspection. Vision camera inspection shows high performance and efficiency in factory automation, but it is difficult to overcome the instability of lighting and environmental conditions. Although camera inspection using deep learning can solve the problem of vision camera inspection with much higher performance, it is difficult to apply to actual industrial fields because it requires a huge amount of normal and abnormal data for learning. Therefore, in this study, we propose a network that overcomes the problem of collecting abnormal data with 72 geometric transformation deep learning methods using only normal data and adds an outlier exposure method for performance improvement. By applying and verifying this to the MVTec data set, which is a database for auto-mobile parts data and outlier detection, it is shown that it can be applied in actual industrial sites.

• Proceedings of the Korea Multimedia Society Conference
• /
• 한국멀티미디어학회 2002년도 춘계학술발표논문집(하)
• /
• pp.951-954
• /
• 2002

최근의 침입탐지시스템(IDS: Intrusion Detection System) 기술동향은 Misuse 방식의 규칙 데이터베이스 변경에 대한 한계성 때문에 Anomaly 방식의 NIDS(Network IDS)에 대한 연구가 고려되고 있다. 현재 국내에서 개발된 기존의 제품들은 대부분 Misuse 방식을 채택하고 있으며, 향후 국제 경쟁력을 갖추기 위해서는 Anomaly 방식의 기술 연구가 필요하다. 본 연구에서는 본 연구실에서 개발한 NIDS를 기반으로 연관 마이닝을 이용한 비정상 탐지 문제, 내부 정보 유출 차단 등에 대한 통합된 시스템 설계 방향을 제시하여 국가기관이나 기업이 보다 안전하게 침입을 관리할 수 있는 IPS(Intrusion Prevention System) 시스템을 설계한다.

• KIPS Transactions on Software and Data Engineering
• /
• 제9권12호
• /
• pp.411-418
• /
• 2020

In the field of information security, IDS(Intrusion Detection System) is normally classified in two different categories: signature-based IDS and anomaly-based IDS. Many studies in anomaly-based IDS have been conducted that analyze network traffic data generated in cyberspace by machine learning algorithms. In this paper, we studied pre-processing methods to overcome performance degradation problems cashed by rare classes. We experimented classification performance of a Machine Learning algorithm by reconstructing data set based on rare classes and semi rare classes. After reconstructing data into three different sets, wrapper and filter feature selection methods are applied continuously. Each data set is regularized by a quantile scaler. Depp neural network model is used for learning and validation. The evaluation results are compared by true positive values and false negative values. We acquired improved classification performances on all of three data sets.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• 제16권5호
• /
• pp.953-959
• /
• 2012

There are a number of idle nodes in sensor networks, these can act as detector nodes for anomaly detection in the network. For detecting node selection problem modeled as optimization equation, the conventional method using centralized genetic algorithm was evaluated. In this paper, a method to improve the convergence of the optimal value, while improving energy efficiency as a method of considering the characteristics of the network topology using parallel genetic algorithm is proposed. Through simulation, the proposed method compared with the conventional approaches to the convergence of the optimal value was improved and was found to be energy efficient.

• Journal of Korea Multimedia Society
• /
• 제9권8호
• /
• pp.1030-1036
• /
• 2006

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. Anomaly detection is a pattern recognition task whose goal is to report the occurrence of abnormal or unknown behavior in a given system being monitored. This paper presents an efficient rough set based anomaly detection method that can effectively identify a group of especially harmful internal masqueraders in cellular mobile networks. Our scheme uses the trace data of wireless application layer by a user as feature value. Based on the feature values, the use pattern of a mobile's user can be captured by rough sets, and the abnormal behavior of the mobile can be also detected effectively by applying a roughness membership function considering weighted feature values. The performance of our scheme is evaluated by a simulation. Simulation results demonstrate that the anomalies are well detected by the method that assigns different weighted values to feature attributes depending on importance.

• Journal of the Korea Society of Computer and Information
• /
• 제28권2호
• /
• pp.9-17
• /
• 2023

In this paper, we propose a one-class vibration anomaly detection system for bearing defect diagnosis. In order to reduce the economic and time loss caused by bearing failure, an accurate defect diagnosis system is essential, and deep learning-based defect diagnosis systems are widely studied to solve the problem. However, it is difficult to obtain abnormal data in the actual data collection environment for deep learning learning, which causes data bias. Therefore, a one-class classification method using only normal data is used. As a general method, the characteristics of vibration data are extracted by learning the compression and restoration process through AutoEncoder. Anomaly detection is performed by learning a one-class classifier with the extracted features. However, this method cannot efficiently extract the characteristics of the vibration data because it does not consider the frequency characteristics of the vibration data. To solve this problem, we propose an AutoEncoder model that considers the frequency characteristics of vibration data. As for classification performance, accuracy 0.910, precision 1.0, recall 0.820, and f1-score 0.901 were obtained. The network design considering the vibration characteristics confirmed better performance than existing methods.

• The Journal of the Convergence on Culture Technology
• /
• 제10권1호
• /
• pp.453-458
• /
• 2024

Due to global issues such as climate crisis and rising energy costs, there is an increasing focus on energy conservation and management. In the case of South Korea, approximately 53.5% of the total energy consumption comes from industrial complexes. In order to address this, we aimed to improve issues through the 'Shared Network Utility Plant' among companies using similar energy utilities to find energy-saving points. For effective energy conservation, various techniques are utilized, and stable data supply is crucial for the reliable operation of factories. Many anomaly detection and alert systems for checking the stability of data supply were dependent on Energy Management Systems (EMS), which had limitations. The construction of an EMS involves large-scale systems, making it difficult to implement in small factories with spatial and energy constraints. In this paper, we aim to overcome these challenges by constructing a data collection system and anomaly detection alert system on embedded devices that consume minimal space and power. We explore the possibilities of utilizing anomaly detection alert systems in typical institutions for data collection and study the construction process.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제4권3호
• /
• pp.428-451
• /
• 2010

Traffic matrix-based anomaly detection and DDoS attacks detection in networks are research focus in the network security and traffic measurement community. In this paper, firstly, a new type of unidirectional flow called IF flow is proposed. Merits and features of IF flows are analyzed in detail and then two efficient methods are introduced in our DDoS attacks detection and evaluation scheme. The first method uses residual variance ratio to detect DDoS attacks after Recursive Least Square (RLS) filter is applied to predict IF flows. The second method uses generalized likelihood ratio (GLR) statistical test to detect DDoS attacks after a Kalman filter is applied to estimate IF flows. Based on the two complementary methods, an evaluation formula is proposed to assess the seriousness of current DDoS attacks on router ports. Furthermore, the sensitivity of three types of traffic (IF flow, input link and output link) to DDoS attacks is analyzed and compared. Experiments show that IF flow has more power to expose anomaly than the other two types of traffic. Finally, two proposed methods are compared in terms of detection rate, processing speed, etc., and also compared in detail with Principal Component Analysis (PCA) and Cumulative Sum (CUSUM) methods. The results demonstrate that adaptive filter methods have higher detection rate, lower false alarm rate and smaller detection lag time.