• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.1
• /
• pp.123-131
• /
• 2011

In this paper, modeling and design of a distributed detection system are considered for an active sonar sensor network. The sensor network has a parallel configuration and it consists of a fusion center and a set of receiver nodes. A system with two receiver nodes is considered to investigate a theoretical aspect of design. To be specific, AND rule and OR rule are considered as the fusion rules of the sensor network. For the fusion rules, it is shown that a threshold rule of each sensor node has uniformly most powerful properties. Optimum threshold for each sensor is obtained that maximizes the probability of detection given probability of false alarm. Numerical experiments were also performed to investigate the detection characteristics of a distributed detection system with multiple sensor nodes. The experimental results show how signal strength, false alarm probability, and the distance between nodes in a sensor field affect the system detection performances.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1707-1721
• /
• 2004

In this paper, we propose a distributed communication model of intrusion detection system(IDS) in which integrated security management at networks level is possible, model it at a security node and distributed system levels, design and implement a simulator. At the node level, we evaluate the transfer capability of alert message based on the analysis of giga-bit security node architecture which performs hardware-based intrusion detection. At the distributed system level, we perform the evaluation of transfer capability of detection and alert informations between components of distributed IDS. In the proposed model, we carry out the performance evaluation considering decision factors of communication mechanism and present the results in order to gain some quantitative understanding of the system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.3
• /
• pp.39-44
• /
• 2018

Communication in real-time distributed system should have high reliability. To develop group communication Protocol with high reliability, potential fault should be known and when fault occurs, it should be detected and a necessary action should be taken. Existing detection method by Ack and Time-out is not proper for real time system due to load to Ack which is not received. Therefore, group communication messages from real-time distributed processing systems should be communicated to all receiving processors or ignored by the message itself. This paper can make be sure of transmission of reliable message and deadline by suggesting and experimenting fault detection technique applicable in the real time distributed system based on ring, and analyzing its results. The experiment showed that the shorter the cycle of the heartbeat signal, the shorter the time to propagate the fault detection, which is the time for other nodes to detect the failure of the node.

• The Transactions of the Korean Institute of Electrical Engineers A
• /
• v.50 no.11
• /
• pp.506-513
• /
• 2001

The islanding detection for distributed resources (DR) becomes an important and emerging issue in power system protection since the distributed generator installations are rapidly increasing and most of the installed systems are interconnected with distribution network. In order to avoid the negative impacts from islanding operations of DR on protection, operation and management of distribution system, it is necessary to effectively detect the islanding operations of DR and rapidly disconnect it from distribution network. Generally, it is difficult to detect islanding operation by monitoring only one system parameter This paper presents a new logic based islanding detection method for distributed resources(DR) which are interconnected with distribution network. The proposed method detects the islanding operation by monitoring four system parameter: voltage variation, phase displacement, frequency variation, and the variation of total harmonic distortion(THD) of current; therefore, it effectively detects island operation of DR unit operating in parallel with the distribution network. We also verified the efficiency of the proposed algorithm using the radial distribution network of IEEE 34 bus model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.49-57
• /
• 2008

In this paper, we propose a novel hierarchical distributed intrusion detection system, named HNHDIDS(Home Network Hierarchical Distributed Intrusion Detection System), which is not only based on the structure of distributed intrusion detection system, but also fully consider the environment of secure home networks service. The proposed system is hierarchically composed of the one-class support vector machine(support vector data description) and local agents, in which it is designed for optimizing for the environment of secure home networks service. We support our findings with computer experiments and analysis.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.2
• /
• pp.659-679
• /
• 2015

Distributed applications are composed of multiple nodes, which exchange information with individual nodes through message passing. Compared with traditional applications, distributed applications have more complex behavior patterns because a large number of interactions and concurrent behaviors exist among their distributed nodes. Thus, it is difficult to detect anomalous behaviors and determine the location and scope of abnormal nodes, and some attacks and misuse cannot be detected. To address this problem, we introduce a method for detecting anomalous behaviors based on process algebra. We specify the architecture of the behavior detection model and the detection algorithm. The anomalous behavior detection and analysis demonstrate that our method is a good discriminator between normal and anomalous behavior characteristics of distributed applications. Performance evaluation shows that the proposed method enhances efficiency without security degradation.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.161-164
• /
• 2005

As the power of influence of the Internet grows steadily, attacks against the Internet can cause enormous monetary damages nowadays. A worm can not only replicate itself like a virus but also propagate itself across the Internet. So it infects vulnerable hosts in the Internet and then downgrades the overall performance of the Internet or makes the Internet not to work. To response this, worm detection and prevention technologies are developed. The worm detection technologies are classified into two categories, host based detection and network based detection. Host based detection methods are a method which checks the files that worms make, a method which checks the integrity of the file systems and so on. Network based detection methods are a misuse detection method which compares traffic payloads with worm signatures and anomaly detection methods which check inbound/outbound scan rates, ICMP host/port unreachable message rates, and TCP RST packet rates. However, single detection methods like the aforementioned can't response worms' attacks effectively because worms attack the Internet in the distributed fashion. In this paper, we propose a design of distributed worm detection system to overcome the inefficiency. Existing distributed network intrusion detection systems cooperate with each other only with their own information. Unlike this, in our proposed system, a worm detection system on a network in which worms select targets and a worm detection system on a network in which worms propagate themselves cooperate with each other with the direction-aware information in terms of worm's lifecycle. The direction-aware information includes the moving direction of worms and the service port attacked by worms. In this way, we can not only reduce false positive rate of the system but also prevent worms from propagating themselves across the Internet through dispersing the confirmed worm signature.

• Proceedings of the Korean Institute of IIIuminating and Electrical Installation Engineers Conference
• /
• 2003.11a
• /
• pp.107-109
• /
• 2003

This paper studies islanding detection distributed of distributed generation(DG). The study of islanding detection has been disconnected DG when power islanding was detected but fault type wasn't distingish. Nearby feeder fault the fault of feeder that not interconnected DG, is a little affect DG and distribution system. Therefore DG not need to disconnect distribution system. We studied islanding detection algorithm considering fault location.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.1
• /
• pp.81-87
• /
• 2012

Intrusion Detection System that protects system safely is necessary as network technology is developed rapidly and application division is wide. Intrusion Detection System among others can construct system without participation of other severs. But it has weakness that big load in system happens and it has low efficient because every traffics are inspected in case that mass traffic happen. In this study, Distributed Intrusion Detection System based on protocol is proposed to reduce traffic of intrusion detection system and provide stabilized intrusion detection technique even though mass traffic happen. It also copes to attack actively by providing automatic update of using rules to detect intrusion in sub Intrusion Detection System.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.5
• /
• pp.1332-1341
• /
• 1999

Rapid expansion of network and increment of computer system access cause computer security to be an important issue. Hence, the researches in intrusion detection system(IDS)are active to reduce the risk from hackers. Considering IDS, we propose a new IDS model(DABIDS : Distributed Agent Based Intelligent intrusion Detection System) based on distributed intrusion detecting agents. The DABIDS dynamically collects intrusion behavior knowledge from each agents when some doubtable behaviors of users are detected and make new agents codes using intrusion scenario data base, and broadcast the detector codes to the distributed intrusion detecting agent of all node. This DABIDS can efficiently solve the problem to reduce the overhead for training detecting agent for intrusion behavior patterns.