• Proceedings of the KSRS Conference
• /
• 2005.10a
• /
• pp.301-304
• /
• 2005

For detecting an intrusion based on the anomaly of a user's activities, previous works are concentrated on statistical techniques or frequent episode mining in order to analyze an audit data. But, since they mainly analyze the average behaviour of user's activities, some anomalies can be detected inaccurately. Therefore, we propose an anomaly detection method that utilizes an associative classification for modelling intrusion detection. Finally, we proof that a prediction model built from associative classification method yields better accuracy than a prediction model built from a traditional methods by experimental results.

• Journal of Korea Multimedia Society
• /
• v.10 no.12
• /
• pp.1726-1732
• /
• 2007

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. Anomaly detection is a pattern recognition task whose goal is to report the occurrence of abnormal or unknown behavior in a given system being monitored. This paper presents an efficient rough set based anomaly detection method that can effectively identify a group of especially harmful internal attackers - masqueraders in cellular mobile networks. Our scheme uses the trace data of wireless application layer by a user as feature value. Based on this, the used pattern of a mobile's user can be captured by rough sets, and the abnormal behavior of the mobile can be also detected effectively by applying a roughness membership function with the age of the user profile. The performance of the proposed scheme is evaluated by using a simulation. Simulation results demonstrate that the anomalies are well detected by the proposed scheme that considers the age of user profiles.

• Journal of the Korean Data and Information Science Society
• /
• v.18 no.2
• /
• pp.315-326
• /
• 2007

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. Anomaly detection is a pattern recognition task whose goal is to report the occurrence of abnormal or unknown behavior in a given system being monitored. This paper presents a dynamic anomaly detection scheme that can effectively identify a group of especially harmful internal masqueraders in cellular mobile networks. Our scheme uses the trace data of wireless application layer by a user as feature value. Based on the feature values, the use pattern of a mobile's user can be captured by rough sets, and the abnormal behavior of the mobile can be also detected effectively by applying a roughness membership function with both the age of the user profile and weighted feature values. The performance of our scheme is evaluated by a simulation. Simulation results demonstrate that the anomalies are well detected by the proposed dynamic scheme that considers the age of user profiles.

• Journal of Communications and Networks
• /
• v.10 no.1
• /
• pp.89-97
• /
• 2008

Anomaly detection systems playa significant role in protection mechanism against attacks launched on a network. The greatest challenge in designing systems detecting anomalous exploits is defining what to measure. Effective yet simple, Shannon entropy metrics have been successfully used to detect specific types of malicious traffic in a number of commercially available IDS's. We believe that Renyi entropy measures can also adequately describe the characteristics of a network as a whole as well as detect abnormal traces in the observed traffic. In addition, Renyi entropy metrics might boost sensitivity of the methods when disambiguating certain anomalous patterns. In this paper we describe our efforts to understand how Renyi mutual information can be applied to anomaly detection as an offline computation. An initial analysis has been performed to determine how well fast spreading worms (Slammer, Code Red, and Welchia) can be detected using our technique. We use both synthetic and real data audits to illustrate the potentials of our method and provide a tentative explanation of the results.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2022.11a
• /
• pp.171-174
• /
• 2022

Weakly-supervised learning is a widely adopted approach in video anomaly detection whereby only video labels are utilized instead of expensive frame-level annotations. Since the success of multi-instance learning (MIL), almost all recent approaches are based on maximizing the margin between the set of abnormal video snippets and those of normal video snippets. In this work, we present a simple contrastive approach for weakly supervised video anomaly detection (WS-VAD) with aims to enhance the performance of existing models. The method is generic in nature and introduces a loss function to encourage attraction of output features from the same video class and repel those from different video classes. Experimental results demonstrate our method can be applied to existing algorithms to improve detection accuracy in public video anomaly dataset.

• ETRI Journal
• /
• v.46 no.3
• /
• pp.513-525
• /
• 2024

Deep neural networks trained on labeled medical data face major challenges owing to the economic costs of data acquisition through expensive medical imaging devices, expert labor for data annotation, and large datasets to achieve optimal model performance. The heterogeneity of diseases, such as Alzheimer's disease, further complicates deep learning because the test cases may substantially differ from the training data, possibly increasing the rate of false positives. We propose a reconstruction-based self-supervised anomaly detection model to overcome these challenges. It has a dual-subnetwork encoder that enhances feature encoding augmented by skip connections to the decoder for improving the gradient flow. The novel encoder captures local and global features to improve image reconstruction. In addition, we introduce an entropy-based image conversion method. Extensive evaluations show that the proposed model outperforms benchmark models in anomaly detection and classification using an encoder. The supervised and unsupervised models show improved performances when trained with data preprocessed using the proposed image conversion method.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.94-102
• /
• 2023

Anomaly detection in human movements can improve safety in indoor workplaces. In this paper, we design a framework for detecting anomalous trajectories of humans in indoor spaces based on a variational autoencoder (VAE) with Bi-LSTM layers. First, the VAE is trained to capture the latent representation of normal trajectories. Then the abnormality of a new trajectory is checked using the trained VAE. In this step, the anomaly score of the trajectory is determined using the trajectory reconstruction error through the VAE. If the anomaly score exceeds a threshold, the trajectory is detected as an anomaly. To select the anomaly threshold, a new metric called D-score is proposed, which measures the difference between recall and precision. The anomaly threshold is selected according to the minimum value of the D-score on the validation set. The MIT Badge dataset, which is a real trajectory dataset of workers in indoor space, is used to evaluate the proposed framework. The experiment results show that our framework effectively identifies abnormal trajectories with 81.22% in terms of the F1-score.

• Journal of Internet Computing and Services
• /
• v.22 no.1
• /
• pp.13-22
• /
• 2021

Recently network based attack technologies are rapidly advanced and intelligent, the limitations of existing signature-based intrusion detection systems are becoming clear. The reason is that signature-based detection methods lack generalization capabilities for new attacks such as APT attacks. To solve these problems, research on machine learning-based intrusion detection systems is being actively conducted. However, in the actual network environment, attack samples are collected very little compared to normal samples, resulting in class imbalance problems. When a supervised learning-based anomaly detection model is trained with such data, the result is biased to the normal sample. In this paper, we propose to overcome this imbalance problem through One-Class Anomaly Detection using an auto encoder. The experiment was conducted through the NSL-KDD data set and compares the performance with the supervised learning models for the performance evaluation of the proposed method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.1-12
• /
• 2023

It is very time-intensive to obtain data with labels on anomaly detection tasks for multivariate time series. Therefore, several studies have been conducted on unsupervised learning that does not require any labels. However, a well-done integrative survey has not been conducted on in-depth discussion of learning architecture and property for multivariate time series anomaly detection. This study aims to explore the characteristic of well-known architectures in anomaly detection of multivariate time series. Additionally, architecture was categorized by using top-down and bottom-up approaches. In order toconsider real-world anomaly detection situation, we trained models with dataset such as power grids or Cyber Physical Systems that contains realistic anomalies. From experimental results, we compared and analyzed the comprehensive performance of each architecture. Quantitative performance were measured using precision, recall, and F1 scores.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.27 no.3
• /
• pp.338-345
• /
• 2024

Magnetic anomaly signals from the ferromagnetic targets such as ships in the sea are measured by drone-based magnetic anomaly detection. A quantum magnetometer is suspended from the drone by 4 strings. Flight altitude and speed of drone are 100 m and 5 m/s, respectively. We obtain magnetic anomaly signals of few nT from the ships clearly. We analyze the signal characteristics by the ferromagnetic target through simulation using COMSOL multiphysics.