• Title/Summary/Keyword: anomaly detection

Search Result 668, Processing Time 0.023 seconds

Threat Classification Schemes for Effective Management based on W-TMS(Wireless-Threat Management System) (W-TMS(Wireless-Threat Management System)에서의 효율적 관리를 위한 위협 분류기법)

  • Seo, Jong-Won;Jo, Je-Gyeong;Lee, Hyung-Woo
    • The Journal of the Korea Contents Association
    • /
    • v.7 no.3
    • /
    • pp.93-100
    • /
    • 2007
  • Internet had spread in all fields with the fast speed during the last 10 years. Lately, wireless network is also spreading rapidly. Also, number of times that succeed attack attempt and invasion for wireless network is increasing rapidly TMS system was developed to overcome these threat on wireless network. Existing TMS system supplies active confrontation mechanism on these threats. However, existent TMS has limitation that new form of attack do not filtered efficiently. Therefor this paper proposes a new method that it automatically compute the threat from the imput packets with vector space model and detect anomaly detection of wireless network. Proposed mechanism in this research analyzes similarity degree between packets, and detect something wrong symptom of wireless network and then classify these threats automatically.

Association Analysis for Detecting Abnormal in Graph Database Environment (그래프 데이터베이스 환경에서 이상징후 탐지를 위한 연관 관계 분석 기법)

  • Jeong, Woo-Cheol;Jun, Moon-Seog;Choi, Do-Hyeon
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.8
    • /
    • pp.15-22
    • /
    • 2020
  • The 4th industrial revolution and the rapid change in the data environment revealed technical limitations in the existing relational database(RDB). As a new analysis method for unstructured data in all fields such as IDC/finance/insurance, interest in graph database(GDB) technology is increasing. The graph database is an efficient technique for expressing interlocked data and analyzing associations in a wide range of networks. This study extended the existing RDB to the GDB model and applied machine learning algorithms (pattern recognition, clustering, path distance, core extraction) to detect new abnormal signs. As a result of the performance analysis, it was confirmed that the performance of abnormal behavior(about 180 times or more) was greatly improved, and that it was possible to extract an abnormal symptom pattern after 5 steps that could not be analyzed by RDB.

Application of Highland Kimchi Cabbage Status Map for Growth Monitoring based on Unmanned Aerial Vehicle

  • Na, Sang-Il;Park, Chan-Won;Lee, Kyung-Do
    • Korean Journal of Soil Science and Fertilizer
    • /
    • v.49 no.5
    • /
    • pp.469-479
    • /
    • 2016
  • Kimchi cabbage is one of the most important vegetables in Korea and a target crop for market stabilization as well. In particular Kimchi cabbages in a highland area are very sensitive to the fluctuations in supply and demand. Yield variability due to growth conditions dictates the market fluctuations of Kimchi cabbage price. This study was carried out to understand the distribution of the highland Kimchi cabbage growth status in Anbandeok. Anbandeok area in Gangneung, Gangwon-do, Korea is one of the main producing districts of highland Kimchi cabbage. The highland Kimchi cabbage status map of each growth factor was obtained from unmanned aerial vehicle (UAV) imagery and field survey data. Six status maps include UAVRGB image map, normalized difference vegetation index (NDVI) distribution/anomaly map, Crop distribution map, Planting/Harvest distribution map, Growth parameter map and Growth disorder map. As a result, the highland Kimchi cabbage status maps from May 31 to Sep. 6 in 2016 were presented to show spatial variability in the field. The benefits of the highland Kimchi cabbage status map can be summarized as follows: crop growth monitoring, reference for field observations and survey, the relative comparison of the growth condition in field scale, evaluation of growth in comparison of average year, change detection of annual crops or planting areas, abandoned fields monitoring, prediction of harvest season etc.

Detecting Jamming Attacks in MANET (MANET에서의 전파방해 공격 탐지)

  • Shrestha, Rakesh;Lee, Sang-Duk;Choi, Dong-You;Han, Seung-Jo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.13 no.3
    • /
    • pp.482-488
    • /
    • 2009
  • Mobile Ad-hoc Networks provide communication without a centralized infrastructure, which makes them suitable for communication in disaster areas or when quick deployment is needed. On the other hand, they are susceptible to malicious exploitation and have to face different challenges at different layers due to its open Ad-hoc network structure which lacks previous security measures. Denial of service (DoS) attack is one that interferes with the radio transmission channel causing a jamming attack. In this kind of attack, an attacker emits a signal that interrupts the energy of the packets causing many errors in the packet currently being transmitted. In harsh environments where there is constant traffic, a jamming attack causes serious problems; therefore measures to prevent these types of attacks are required. The objective of this paper is to carry out the simulation of the jamming attack on the nodes and determine the DoS attacks in OPNET so as to obtain better results. We have used effective anomaly detection system to detect the malicious behaviour of the jammer node and analyzed the results that deny channel access by jamming in the mobile Ad-hoc networks.

Method for Inferring Format Information of Data Field from CAN Trace (CAN 트레이스 분석을 통한 데이터 필드 형식 추론 방법 연구)

  • Ji, Cheongmin;Kim, Jimin;Hong, Manpyo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.1
    • /
    • pp.167-177
    • /
    • 2018
  • As the number of attacks on vehicles has increased, studies on CAN-based security technologies are actively being carried out. However, since the upper layer protocol of CAN differs for each vehicle manufacturer and model, there is a great difficulty in researches such as developing anomaly detection for CAN or finding vulnerabilities of ECUs. In this paper, we propose a method to infer the detailed structure of the data field of CAN frame by analyzing CAN trace to mitigate this problem. In the existing Internet environment, many researches for reverse engineering proprietary protocols have already been carried out. However, CAN bus has a structure difficult to apply the existing protocol reverse engineering technology as it is. In this paper, we propose new field classification methods with low computation-cost based on the characteristics of data in CAN frame and existing field classification method. The proposed methods are verified through implementation that analyze CAN traces generated by simulations of CAN communication and actual vehicles. They show higher accuracy of field classification with lower computational cost compared to the existing method.

An Improved Signature Hashing-based Pattern Matching for High Performance IPS (고성능 침입방지 시스템을 위해 개선한 시그니처 해싱 기반 패턴 매칭 기법)

  • Lee, Young-Sil;Kim, Nack-Hyun;Lee, Hoon-Jae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2010.10a
    • /
    • pp.434-437
    • /
    • 2010
  • NIPS(Network Intrusion Prevention System) is in line at the end of the external and internal networks which performed two kinds of action: Signature-based filtering and anomaly detection and prevention-based on self-learning. Among them, a signature-based filtering is well known to defend against attacks. By using signature-based filtering, intrusion prevention system passing a payload of packets is compared with attack patterns which are signature. If match, the packet is discard. However, when there is packet delay, it will increase the required pattern matching time as the number of signature is increasing whenever there is delay occur. Therefore, to ensure the performance of IPS, we needed more efficient pattern matching algorithm for high-performance ISP. To improve the performance of pattern matching the most important part is to reduce the number of comparisons signature rules and the packet whenever the packets arrive. In this paper, we propose an improve signature hashing-based pattern matching method. We use tuple pruning algorithm with Bloom filters, which effectively remove unnecessary tuples. Unlike other existing signature hashing-based IPS, our proposed method to improve the performance of IPS.

  • PDF

Combining Radar and Rain Gauge Observations Utilizing Gaussian-Process-Based Regression and Support Vector Learning (가우시안 프로세스 기반 함수근사와 서포트 벡터 학습을 이용한 레이더 및 강우계 관측 데이터의 융합)

  • Yoo, Chul-Sang;Park, Joo-Young
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.18 no.3
    • /
    • pp.297-305
    • /
    • 2008
  • Recently, kernel methods have attracted great interests in the areas of pattern classification, function approximation, and anomaly detection. The role of the kernel is particularly important in the methods such as SVM(support vector machine) and KPCA(kernel principal component analysis), for it can generalize the conventional linear machines to be capable of efficiently handling nonlinearities. This paper considers the problem of combining radar and rain gauge observations utilizing the regression approach based on the kernel-based gaussian process and support vector learning. The data-assimilation results of the considered methods are reported for the radar and rain gauge observations collected over the region covering parts of Gangwon, Kyungbuk, and Chungbuk provinces of Korea, along with performance comparison.

A Case Study on the Target Sampling Inspection for Improving Outgoing Quality (타겟 샘플링 검사를 통한 출하품질 향상에 관한 사례 연구)

  • Kim, Junse;Lee, Changki;Kim, Kyungnam;Kim, Changwoo;Song, Hyemi;Ahn, Seoungsu;Oh, Jaewon;Jo, Hyunsang;Han, Sangseop
    • Journal of Korean Society for Quality Management
    • /
    • v.49 no.3
    • /
    • pp.421-431
    • /
    • 2021
  • Purpose: For improving outgoing quality, this study presents a novel sampling framework based on predictive analytics. Methods: The proposed framework is composed of three steps. The first step is the variable selection. The knowledge-based and data-driven approaches are employed to select important variables. The second step is the model learning. In this step, we consider the supervised classification methods, the anomaly detection methods, and the rule-based methods. The applying model is the third step. This step includes the all processes to be enabled on real-time prediction. Each prediction model classifies a product as a target sample or random sample. Thereafter intensive quality inspections are executed on the specified target samples. Results: The inspection data of three Samsung products (mobile, TV, refrigerator) are used to check functional defects in the product by utilizing the proposed method. The results demonstrate that using target sampling is more effective and efficient than random sampling. Conclusion: The results of this paper show that the proposed method can efficiently detect products that have the possibilities of user's defect in the lot. Additionally our study can guide practitioners on how to easily detect defective products using stratified sampling

Real-time security Monitroing assessment model for cybersecurity vulnera bilities in network separation situations (망분리 네트워크 상황에서 사이버보안 취약점 실시간 보안관제 평가모델)

  • Lee, DongHwi;Kim, Hong-Ki
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.45-53
    • /
    • 2021
  • When the security monitoring system is performed in a separation network, there is little normal anomaly detection in internal networks or high-risk sections. Therefore, after the establishment of the security network, a model is needed to evaluate state-of-the-art cyber threat anomalies for internal network in separation network to complete the optimized security structure. In this study, We evaluate it by generating datasets of cyber vulnerabilities and malicious code arising from general and separation networks, It prepare for the latest cyber vulnerabilities in internal network cyber attacks to analyze threats, and established a cyber security test evaluation system that fits the characteristics. The study designed an evaluation model that can be applied to actual separation network institutions, and constructed a test data set for each situation and applied a real-time security assessment model.

A Distributed Real-time Self-Diagnosis System for Processing Large Amounts of Log Data (대용량 로그 데이터 처리를 위한 분산 실시간 자가 진단 시스템)

  • Son, Siwoon;Kim, Dasol;Moon, Yang-Sae;Choi, Hyung-Jin
    • Database Research
    • /
    • v.34 no.3
    • /
    • pp.58-68
    • /
    • 2018
  • Distributed computing helps to efficiently store and process large data on a cluster of multiple machines. The performance of distributed computing is greatly influenced depending on the state of the servers constituting the distributed system. In this paper, we propose a self-diagnosis system that collects log data in a distributed system, detects anomalies and visualizes the results in real time. First, we divide the self-diagnosis process into five stages: collecting, delivering, analyzing, storing, and visualizing stages. Next, we design a real-time self-diagnosis system that meets the goals of real-time, scalability, and high availability. The proposed system is based on Apache Flume, Apache Kafka, and Apache Storm, which are representative real-time distributed techniques. In addition, we use simple but effective moving average and 3-sigma based anomaly detection technique to minimize the delay of log data processing during the self-diagnosis process. Through the results of this paper, we can construct a distributed real-time self-diagnosis solution that can diagnose server status in real time in a complicated distributed system.