• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.11
• /
• pp.449-456
• /
• 2021

An intrusion detection system is a technology that detects abnormal behaviors that violate security, and detects abnormal operations and prevents system attacks. Existing intrusion detection systems have been designed using statistical analysis or anomaly detection techniques for traffic patterns, but modern systems generate a variety of traffic different from existing systems due to rapidly growing technologies, so the existing methods have limitations. In order to overcome this limitation, study on intrusion detection methods applying various machine learning techniques is being actively conducted. In this study, a comparative study was conducted on data preprocessing techniques that can improve the accuracy of anomaly detection using NGIDS-DS (Next Generation IDS Database) generated by simulation equipment for traffic in various network environments. Padding and sliding window were used as data preprocessing, and an oversampling technique with Adversarial Auto-Encoder (AAE) was applied to solve the problem of imbalance between the normal data rate and the abnormal data rate. In addition, the performance improvement of detection accuracy was confirmed by using Skip-gram among the Word2Vec techniques that can extract feature vectors of preprocessed sequence data. PCA-SVM and GRU were used as models for comparative experiments, and the experimental results showed better performance when sliding window, skip-gram, AAE, and GRU were applied.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.411-418
• /
• 2020

In the field of information security, IDS(Intrusion Detection System) is normally classified in two different categories: signature-based IDS and anomaly-based IDS. Many studies in anomaly-based IDS have been conducted that analyze network traffic data generated in cyberspace by machine learning algorithms. In this paper, we studied pre-processing methods to overcome performance degradation problems cashed by rare classes. We experimented classification performance of a Machine Learning algorithm by reconstructing data set based on rare classes and semi rare classes. After reconstructing data into three different sets, wrapper and filter feature selection methods are applied continuously. Each data set is regularized by a quantile scaler. Depp neural network model is used for learning and validation. The evaluation results are compared by true positive values and false negative values. We acquired improved classification performances on all of three data sets.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.279-286
• /
• 2013

The recent power shortages due to surge in demand for electricity highlights the importance of smart grid technologies for efficient use of power. The experimental content for vulnerability against availability of smart meter, an essential component in smart grid networks, has been reported. Designing availability protection mechanism to boost the realization possibilities of the secure smart grid is essential. In this paper, we propose a mechanism to detect the availability infringement attack for smart meter and also to find anomaly nodes through analyzing smart grid structure and traffic patterns. The proposed detection mechanism uses approximate entropy technique to decrease the detection load and increase the detection rate with few samples and utilizes the signal information(CIR or RSSI, etc.) that the anomaly node can not be changed to find the anomaly nodes. Finally simulation results of proposed method show that the detection performance and the feasibility.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.27-35
• /
• 2008

With the proliferation of wireless devices, mobile ad-hoc networking (MANETS) has become a very exciting and important technology. However, MANET is more vulnerable than wired networking. Existing security mechanisms designed for wired networks have to be redesigned in this new environment. In this paper, we discuss the problem of anomaly detection in MANET. The focus of our research is on techniques for automatically constructing anomaly detection models that are capable of detecting new or unseen attacks. We propose a new anomaly detection method for MANETs. The proposed method performs cross-feature analysis on the basis of Rough sets to capture the inter-feature correlation patterns in normal traffic. The performance of the proposed method is evaluated through a simulation. The results show that the performance of the proposed method is superior to the performance of Huang method that uses cross-feature based on the probability of feature attribute value. Accordingly, we know that the proposed method effectively detects anomalies.

• International Journal of Computer Science & Network Security
• /
• v.23 no.1
• /
• pp.46-52
• /
• 2023

With billions of IoT (Internet of Things) devices populating various emerging applications across the world, detecting anomalies on these devices has become incredibly important. Advanced Intrusion Detection Systems (IDS) are trained to detect abnormal network traffic, and Machine Learning (ML) algorithms are used to create detection models. In this paper, the NSL-KDD dataset was adopted to comparatively study the performance and efficiency of IoT anomaly detection models. The dataset was developed for various research purposes and is especially useful for anomaly detection. This data was used with typical machine learning algorithms including eXtreme Gradient Boosting (XGBoost), Support Vector Machines (SVM), and Deep Convolutional Neural Networks (DCNN) to identify and classify any anomalies present within the IoT applications. Our research results show that the XGBoost algorithm outperformed both the SVM and DCNN algorithms achieving the highest accuracy. In our research, each algorithm was assessed based on accuracy, precision, recall, and F1 score. Furthermore, we obtained interesting results on the execution time taken for each algorithm when running the anomaly detection. Precisely, the XGBoost algorithm was 425.53% faster when compared to the SVM algorithm and 2,075.49% faster than the DCNN algorithm. According to our experimental testing, XGBoost is the most accurate and efficient method.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.6
• /
• pp.2781-2800
• /
• 2016

Emerging attacks aim to access proprietary assets and steal data for business or political motives, such as Operation Aurora and Operation Shady RAT. Skilled Intruders would likely remove their traces on targeted hosts, but their network movements, which are continuously recorded by network devices, cannot be easily eliminated by themselves. However, without complete knowledge about both inbound/outbound and internal traffic, it is difficult for security team to unveil hidden traces of intruders. In this paper, we propose an autonomous anomaly detection system based on behavior profiling and relation mining. The single-hop access profiling model employ a novel linear grouping algorithm PSOLGA to create behavior profiles for each individual server application discovered automatically in historical flow analysis. Besides that, the double-hop access relation model utilizes in-memory graph to mine time-sequenced access relations between different server applications. Using the behavior profiles and relation rules, this approach is able to detect possible anomalies and violations in real-time detection. Finally, the experimental results demonstrate that the designed models are promising in terms of accuracy and computational efficiency.

• Smart Structures and Systems
• /
• v.11 no.1
• /
• pp.1-17
• /
• 2013

This paper intended to investigate the feasibility of bridge health monitoring using a linear system parameter of a time series model identified from traffic-induced vibrations of bridges through a laboratory moving vehicle experiment on scaled model bridges. This study considered the system parameter of the bridge-vehicle interactive system rather than modal ones because signals obtained under a moving vehicle are not the responses of the bridge itself but those of the interactive system. To overcome the shortcomings of modal parameter-based bridge diagnosis using a time series model, this study considered coefficients of Autoregressive model (AR coefficients) as an early indicator of anomaly of bridges. This study also investigated sensitivity of AR coefficients in detecting anomaly of bridges. Observations demonstrated effectiveness of using AR coefficients as an early indicator for anomaly of bridges.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.111-118
• /
• 2024

In general network-based intrusion detection system is designed to detect malicious behavior directed at a network or its resources. The key goal of this paper is to look at network data and identify whether it is normal traffic data or anomaly traffic data specifically for accounting information systems. In today's world, there are a variety of principles for detecting various forms of network-based intrusion. In this paper, we are using supervised machine learning techniques. Classification models are used to train and validate data. Using these algorithms we are training the system using a training dataset then we use this trained system to detect intrusion from the testing dataset. In our proposed method, we will detect whether the network data is normal or an anomaly. Using this method we can avoid unauthorized activity on the network and systems under that network. The Decision Tree and K-Nearest Neighbor are applied to the proposed model to classify abnormal to normal behaviors of network traffic data. In addition to that, Logistic Regression Classifier and Support Vector Classification algorithms are used in our model to support proposed concepts. Furthermore, a feature selection method is used to collect valuable information from the dataset to enhance the efficiency of the proposed approach. Random Forest machine learning algorithm is used, which assists the system to identify crucial aspects and focus on them rather than all the features them. The experimental findings revealed that the suggested method for network intrusion detection has a neglected false alarm rate, with the accuracy of the result expected to be between 95% and 100%. As a result of the high precision rate, this concept can be used to detect network data intrusion and prevent vulnerabilities on the network.

• Journal of Chest Surgery
• /
• v.27 no.12
• /
• pp.1027-1030
• /
• 1994

We reviewed 10 cases of traumatic diaphragmatic injuries at Soonchunhyang University Gumi Hospital from January 1990 through April 1993. Seven patients were male and three patients were female. The age distribution was ranged from 25 to 79 years, predominant 4th decades occurred in male. The traumatic diaphragmatic injuries were due to blunt trauma in 9 cases[traffic accident 7 and crash injury 2] and penetrating wound in 1 case[stab wound]. The common symptoms were dyspnea[60%], chest pain and abdominal pain in order frequency. In the blunt trauma and crash injury, the rupture site was all located in the left[ 9 cases ]. In the penetrating wound, the rupture site was located in the right[1 case]. The surgical repair of 10 cases were performed with transthoracic approach in 9 cases and thoracoabdominal approach in 1 case. The postoperative mortality was 10%[1/10]. The cause of death was multiple organ failure with pulmonary edema.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.207-208
• /
• 2006

Intrusion detection technology is highlighted in order to establish a safe information-oriented environment. Intrusion detection system can be categorized into anomaly detection and misuse detection according to intrusion detection pattern. In this paper, we propose an architecture to make up for the defect of conventional anomaly intrusion detection. This architecture reduces additional resource consumption and cost by placing the agent in the strategic location in Internet.