• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.391-394
• /
• 2004

Change of paradigm of network attack technique was begun by fast extension of the latest Internet and new attack form is appearing. But, Most intrusion detection systems detect informed attack type because is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, visibilitys to apply human immunity mechanism are appearing. In this paper, we create self-file from normal behavior profile about network packet and embody self recognition algorithm to use self-nonself discrimination in the human immune system to detect anomaly behavior. Sense change because monitors self-file creating anomaly detector based on Negative Selection Algorithm that is self recognition algorithm's one and detects anomaly behavior. And we achieve simulation to use DARPA Network Dataset and verify effectiveness of algorithm through the anomaly detection rate.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.16 no.6
• /
• pp.277-283
• /
• 2021

This paper addresses the problem of vision-based mask filter inspection for mask production systems. Machine learning-based approaches can be considered to solve the problem, but they may not be applicable to mask filter inspection if normal and anomaly mask filter data are not sufficient. In such cases, handcrafted image processing methods have to be considered to solve the problem. In this paper, we propose a hierarchical correlation-based approach that combines handcrafted image processing methods to detect anomaly mask filters. The proposed approach combines image rotation, cropping and resizing, edge detection of mask filter parts, average blurring, and correlation-based decision. The proposed approach was tested and analyzed with real mask filters. The results showed that the proposed approach was able to successfully detect anomalies in mask filters.

• Journal of Korea Multimedia Society
• /
• v.10 no.12
• /
• pp.1726-1732
• /
• 2007

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. Anomaly detection is a pattern recognition task whose goal is to report the occurrence of abnormal or unknown behavior in a given system being monitored. This paper presents an efficient rough set based anomaly detection method that can effectively identify a group of especially harmful internal attackers - masqueraders in cellular mobile networks. Our scheme uses the trace data of wireless application layer by a user as feature value. Based on this, the used pattern of a mobile's user can be captured by rough sets, and the abnormal behavior of the mobile can be also detected effectively by applying a roughness membership function with the age of the user profile. The performance of the proposed scheme is evaluated by using a simulation. Simulation results demonstrate that the anomalies are well detected by the proposed scheme that considers the age of user profiles.

• Nuclear Engineering and Technology
• /
• v.55 no.2
• /
• pp.475-483
• /
• 2023

The high-flux advanced neutron application reactor (HANARO) is a multi-purpose research reactor at the Korea Atomic Energy Research Institute (KAERI). HANARO has been used in scientific and industrial research and developments. Therefore, stable operation is necessary for national science and industrial prospects. This study proposed an anomaly detection system based on deep learning, that supports the stable operation of HANARO. The proposed system collects multiple sensor data, displays system information, analyzes status, and performs anomaly detection using deep autoencoder. The system comprises communication, visualization, and anomaly-detection modules, and the prototype system is implemented on site in 2021. Finally, an analysis of the historical data and synthetic anomalies was conducted to verify the overall system; simulation results based on the historical data show that 12 cases out of 19 abnormal events can be detected in advance or on time by the deep learning AD model.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.13-23
• /
• 2021

The attacker's techniques and tools are becoming intelligent and sophisticated. Existing Anti-Virus cannot prevent security accident. So the security threats on the endpoint should also be considered. Recently, EDR security solutions to protect endpoints have emerged, but they focus on visibility. There is still a lack of detection and responsiveness. In this paper, we use real-world EDR event logs to aggregate knowledge-based MITRE ATT&CK and autoencoder-based anomaly detection techniques to detect anomalies in order to screen effective analysis and analysis targets from a security manager perspective. After that, detected anomaly attack signs show the security manager an alarm along with log information and can be connected to legacy systems. The experiment detected EDR event logs for 5 days, and verified them with hybrid analysis search. Therefore, it is expected to produce results on when, which IPs and processes is suspected based on the EDR event log and create a secure endpoint environment through measures on the suspicious IP/Process.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.3B
• /
• pp.311-317
• /
• 2009

The traditional network anomaly detection systems execute the threshold-based detection without considering dynamic network environments, which causes false positive and limits an effective resource utilization. To overcome the drawbacks, we present the adaptive network anomaly detection model based on artificial immune system (AIS) in centralized network. AIS is inspired from human immune system that has learning, adaptation and memory. In our proposed model, the interaction between dendritic cell and T-cell of human immune system is adopted. We design the main components, such as central node and router node, and define functions of them. The central node analyzes the anomaly information received from the related router nodes, decides response policy and sends the policy to corresponding nodes. The router node consists of detector module and responder module. The detector module perceives the anomaly depending on learning data and the responder module settles the anomaly according to the policy received from central node. Finally we evaluate the possibility of the proposed detection model through simulation.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.89-101
• /
• 2023

In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched. Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates. To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.94-102
• /
• 2023

Anomaly detection in human movements can improve safety in indoor workplaces. In this paper, we design a framework for detecting anomalous trajectories of humans in indoor spaces based on a variational autoencoder (VAE) with Bi-LSTM layers. First, the VAE is trained to capture the latent representation of normal trajectories. Then the abnormality of a new trajectory is checked using the trained VAE. In this step, the anomaly score of the trajectory is determined using the trajectory reconstruction error through the VAE. If the anomaly score exceeds a threshold, the trajectory is detected as an anomaly. To select the anomaly threshold, a new metric called D-score is proposed, which measures the difference between recall and precision. The anomaly threshold is selected according to the minimum value of the D-score on the validation set. The MIT Badge dataset, which is a real trajectory dataset of workers in indoor space, is used to evaluate the proposed framework. The experiment results show that our framework effectively identifies abnormal trajectories with 81.22% in terms of the F1-score.

• International Journal of Contents
• /
• v.18 no.2
• /
• pp.68-80
• /
• 2022

The health of the human heart is commonly measured using ECG (Electrocardiography) signals. To identify any anomaly in the human heart, the time-sequence of ECG signals is examined manually by a cardiologist or cardiac electrophysiologist. Lightweight anomaly detection on ECG signals in an embedded system is expected to be popular in the near future, because of the increasing number of heart disease symptoms. Some previous research uses deep learning networks such as LSTM and BiLSTM to detect anomaly signals without any handcrafted feature. Unfortunately, lightweight LSTMs show low precision and heavy LSTMs require heavy computing powers and volumes of labeled dataset for symptom classification. This paper proposes an ECG anomaly detection system based on two level BiLSTM for acceptable precision with lightweight networks, which is lightweight and usable at home. Also, this paper presents a new threshold technique which considers statistics of the current ECG pattern. This paper's proposed model with BiLSTM detects ECG signal anomaly in 0.467 ~ 1.0 F₁ score, compared to 0.426 ~ 0.978 F₁ score of the similar model with LSTM except one highly noisy dataset.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.69-78
• /
• 2004

The change of attack techniques paradigm was begun by fast extension of the latest Internet and new attack form appearing. But, Most intrusion detection systems detect only known attack type as IDS is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, the experiments to apply various techniques of anomaly detection are appearing. In this paper, we propose an behavior profiling method using Bayesian framework based on graphics from audit data and visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate host/network audit data into BF-XML which is behavior profile of semi-structured data type for anomaly detection and to visualize BF-XML as SVG.