• Title/Summary/Keyword: Normal Behavior Profiling

Search Result 10, Processing Time 0.034 seconds

Normal Behavior Profiling based on Bayesian Network for Anomaly Intrusion Detection (이상 침입 탐지를 위한 베이지안 네트워크 기반의 정상행위 프로파일링)

  • 차병래;박경우;서재현
    • Journal of the Korea Society of Computer and Information
    • /
    • v.8 no.1
    • /
    • pp.103-113
    • /
    • 2003
  • Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles. and detectes anomaly intrusions effectively. Anomaly detections using system calls are detected only anomaly processes. But this has a Problem that doesn't detect affected various Part by anomaly processes. To improve this problem, the relation among system calls of processes is represented by bayesian probability values. Application behavior profiling by Bayesian Network supports anomaly intrusion informations . This paper overcomes the Problems of various intrusion detection models we Propose effective intrusion detection technique using Bayesian Networks. we have profiled concisely normal behaviors using behavior context. And this method be able to detect new intrusions or modificated intrusions we had simulation by proposed normal behavior profiling technique using UNM data.

  • PDF

Anomaly Detection for IEC 61850 Substation Network (IEC 61850 변전소 네트워크에서의 이상 징후 탐지 연구)

  • Lim, Yong-Hun;Yoo, Hyunguk;Shon, Taeshik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.5
    • /
    • pp.939-946
    • /
    • 2013
  • This paper proposes normal behavior profiling methods for anomaly detection in IEC 61850 based substation network. Signature based security solutions, currently used primarily, are inadequate for APT attack using zero-day vulnerabilities. Recently, some researches about anomaly detection in control network are ongoing. However, there are no published result for IEC 61850 substation network. Our proposed methods includes 3-phase preprocessing for MMS/GOOSE packets and normal behavior profiling using one-class SVM algorithm. These approaches are beneficial to detect APT attacks on IEC 61850 substation network.

A Normal Network Behavior Profiling Method Based on Big Data Analysis Techniques (Hadoop/Hive) (빅데이터 분석 기술(Hadoop/Hive) 기반 네트워크 정상행위 규정 방법)

  • Kim, SungJin;Kim, Kangseok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.5
    • /
    • pp.1117-1127
    • /
    • 2017
  • With the advent of Internet of Things (IoT), the number of devices connected to Internet has rapidly increased, but the security for IoT is still vulnerable. It is difficult to integrate existing security technologies due to generating a large amount of traffic by using different protocols to use various IoT devices according to purposes and to operate in a low power environment. Therefore, in this paper, we propose a normal network behavior profiling method based on big data analysis techniques. The proposed method utilizes a Hadoop/Hive for Big Data analytics and an R for statistical computing. Also we verify the effectiveness of the proposed method through a simulation.

Modificated Intrusion Pattern Classification Technique based on Bayesian Network (베이지안 네트워크 기반의 변형된 침입 패턴 분류 기법)

  • Cha Byung-Rae;Park Kyoung-Woo;Seo Jae-Hyeon
    • Journal of Internet Computing and Services
    • /
    • v.4 no.2
    • /
    • pp.69-80
    • /
    • 2003
  • Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles, and detectes modificated anomaly intrusions effectively. In this paper, the relation among system calls of processes is represented by bayesian network and Multiple Sequence Alignment. Program behavior profiling by Bayesian Network classifies modified anomaly intrusion behaviors, and detects anomaly behaviors. we had simulation by proposed normal behavior profiling technique using UNM data.

  • PDF

Efficient QRS Detection and PVC(Premature Ventricular Contraction) Classification based on Profiling Method (효율적인 QRS 검출과 프로파일링 기법을 통한 심실조기수축(PVC) 분류)

  • Cho, Ik-Sung;Kwon, Hyeog-Soong
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.3
    • /
    • pp.705-711
    • /
    • 2013
  • QRS detection of ECG is the most popular and easy way to detect cardiac-disease. But it is difficult to analyze the ECG signal because of various noise types. Also in the healthcare system that must continuously monitor people's situation, it is necessary to process ECG signal in realtime. In other words, the design of algorithm that exactly detects QRS wave using minimal computation and classifies PVC by analyzing the persons's physical condition and/or environment is needed. Thus, efficient QRS detection and PVC classification based on profiling method is presented in this paper. For this purpose, we detected QRS through the preprocessing method using morphological filter, adaptive threshold, and window. Also, we applied profiling method to classify each patient's normal cardiac behavior through hash function. The performance of R wave detection, normal beat and PVC classification is evaluated by using MIT-BIH arrhythmia database. The achieved scores indicate the average of 99.77% in R wave detection and the rate of 0.65% in normal beat classification error and 93.29% in PVC classification.

A Study on the Improvement of Bayesian networks in e-Trade (전자무역의 베이지안 네트워크 개선방안에 관한 연구)

  • Jeong, Boon-Do
    • International Commerce and Information Review
    • /
    • v.9 no.3
    • /
    • pp.305-320
    • /
    • 2007
  • With expanded use of B2B(between enterprises), B2G(between enterprises and government) and EDI(Electronic Data Interchange), and increased amount of available network information and information protection threat, as it was judged that security can not be perfectly assured only with security technology such as electronic signature/authorization and access control, Bayesian networks have been developed for protection of information. Therefore, this study speculates Bayesian networks system, centering on ERP(Enterprise Resource Planning). The Bayesian networks system is one of the methods to resolve uncertainty in electronic data interchange and is applied to overcome uncertainty of abnormal invasion detection in ERP. Bayesian networks are applied to construct profiling for system call and network data, and simulate against abnormal invasion detection. The host-based abnormal invasion detection system in electronic trade analyses system call, applies Bayesian probability values, and constructs normal behavior profile to detect abnormal behaviors. This study assumes before and after of delivery behavior of the electronic document through Bayesian probability value and expresses before and after of the delivery behavior or events based on Bayesian networks. Therefore, profiling process using Bayesian networks can be applied for abnormal invasion detection based on host and network. In respect to transmission and reception of electronic documents, we need further studies on standards that classify abnormal invasion of various patterns in ERP and evaluate them by Bayesian probability values, and on classification of B2B invasion pattern genealogy to effectively detect deformed abnormal invasion patterns.

  • PDF

The Comparisons of Eating-Related Index and Pre- and Post-Prandial Gut Hormone Patterns between Normal-Overweight and Obese Subjects of Taeemin (태음인 정상-과체중군과 비만군의 식이관련지표 및 식사 전후 Gut Hormone 비교연구)

  • Lee, Ji-Won;Park, Byung-Joo;Lee, Jun-Hee
    • Journal of Korean Medicine for Obesity Research
    • /
    • v.14 no.1
    • /
    • pp.36-45
    • /
    • 2014
  • Objectives: The purpose of this studay was to compare the eating-related index and the patterns of pre- and post-prandial gut hormone level in normal-overweight and obese subjects of Taeemin population. Methods: We enrolled healthy male participants who were diagnosed with Taeeumin by Sasang Constitutional diagnosis and who were normal-overweight ($18.5kg/m^2{\leq}$body mass index [BMI)< $25kg/m^2$) or obese ($25.0kg/m^2{\leq}$BMI< $30kg/m^2$). Eating behavior and gastrointestinal problems were assessed by using standardized scale. Subjective appetite ratings using visual analogue scales and the profiling of serum levels of ghrelin and peptide YY (PYY) were assessed before and after a standard meal (6 time points: 30 minutes pre-prandial, immediately before meal, 15, 30, 60, and 120 minutes post-prandial). Results: Tewnty two healthy Taeeumin people classified as normal-overweight group or obese group are the final subjects. External eating score of Dutch eating behavior questionaire scores is higher in normal-overweight group than in obese group. The variations of subjective appetite ratings in obese group are smaller than in normal-overweight group. The pattern of ghrelin in normal-overweight group shows a high peak at 30 minutes post-prandial point, which is contrary to existing studies. The pattern of PYY in obese group decreases from 15 minutes post-prandial point and shows lower peak level, whereas in normal-overweight group shows increasing tendency from pre-prandial point until 30 minutes post-prandial point. Conclusions: There are differences in the eating-related index and the gut hormone patterns related to obesity.

Clustering Normal User Behavior for Anomaly Intrusion Detection (비정상행위 탐지를 위한 사용자 정상행위 클러스터링 기법)

  • Oh, Sang-Hyun;Lee, Won-Suk
    • The KIPS Transactions:PartC
    • /
    • v.10C no.7
    • /
    • pp.857-866
    • /
    • 2003
  • For detecting an intrusion based on the anomaly of a user's activities, previous works are concentrated on statistical techniques in order to analyze an audit data set. However. since they mainly analyze the average behavior of a user's activities, some anomalies can be detected inaccurately. In this paper, a new clustering algorithm for modeling the normal pattern of a user's activities is proposed. Since clustering can identify an arbitrary number of dense ranges in an analysis domain, it can eliminate the inaccuracy caused by statistical analysis. Also, clustering can be used to model common knowledge occurring frequently in a set of transactions. Consequently, the common activities of a user can be found more accurately. The common knowledge is represented by the occurrence frequency of similar data objects by the unit of a transaction as veil as the common repetitive ratio of similar data objects in each transaction. Furthermore, the proposed method also addresses how to maintain identified common knowledge as a concise profile. As a result, the profile can be used to detect any anomalous behavior In an online transaction.

Generation of Finite Automata for Intrusion Detection (침입탐지를 위한 유한상태기계의 생성 기법)

  • Lim, Young-Hwan;Wee, Kyu-Bum
    • The KIPS Transactions:PartC
    • /
    • v.10C no.2
    • /
    • pp.119-124
    • /
    • 2003
  • Although there have been many studies on using finite automata for intrusion detection, it has been a difficult problem to generate compact finite automata automatically. In a previous research an approach to profile normal behaviors using finite automata was proposed. They divided the system call sequence of each process into three parts prefix, main portion, and suffix, and then substituted macros for frequently occurring substrings. However, the procedure was not automatic. In this paper we present algorithms to automatically generate intrusion detection automata from the sequence of system calls resulting from the normal runs of the programs. We also show the effectiveness of the proposed method through experiments.

microRNA Expression Profile in Patients with Stage II Colorectal Cancer: A Turkish Referral Center Study

  • Tanoglu, Alpaslan;Balta, Ahmet Ziya;Berber, Ufuk;Ozdemir, Yavuz;Emirzeoglu, Levent;Sayilir, Abdurrahim;Sucullu, Ilker
    • Asian Pacific Journal of Cancer Prevention
    • /
    • v.16 no.5
    • /
    • pp.1851-1855
    • /
    • 2015
  • Background: There are increasing data about microRNAs (miRNA) in the literature, providing abundant evidence that they play important roles in pathogenesis and development of colorectal cancer. In this study, we aimed to investigate the miRNA expression profiles in surgically resected specimens of patients with recurrent and non-recurrent colorectal cancer. Materials and Methods: The study population included 40 patients with stage II colorectal cancer (20 patients with recurrent tumors, and 20 sex and age matched patients without recurrence), who underwent curative colectomy between 2004 and 2011 without adjuvant therapy. Expression of 16 miRNAs (miRNA-9, 21, 30d, 31, 106a, 127, 133a, 133b, 135b, 143, 145, 155, 182, 200a, 200c, 362) was verified by quantitative real-time polymerase chain reaction (qRT-PCR) in all resected colon cancer tissue samples and in corresponding normal colonic tissues. Data analyses were carried out using SPSS 15 software. Values were statistically significantly changed in 40 cancer tissues when compared to the corresponding 40 normal colonic tissues (p<0.001). MiR-30d, miR-133a, miR-143, miR-145 and miR-362 expression was statistically significantly downregulated in 40 resected colorectal cancer tissue samples (p<0.001). When we compared subgroups, miRNA expression profiles of 20 recurrent cancer tissues were similar to all 40 cancer tissues. However in 20 non-recurrent cancer tissues, miR-133a expression was not significantly downregulated, moreover miR-133b expression was significantly upregulated (p<0.05). Conclusions: Our study revealed dysregulation of expression of ten miRNAs in Turkish colon cancer patients. These miRNAs may be used as potential biomarkers for early detection, screening and surveillance of colorectal cancer, with functional effects on tumor cell behavior.