• Journal of the Korea Society for Simulation
• /
• v.11 no.4
• /
• pp.91-105
• /
• 2002

The attackers on Internet-connected systems we are seeing today are more serious and technically complex than those in the past. So it is beyond the scope of amy one system to deal with the intrusions. That the multiple IDSes (Intrusion Detection System) coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (BlackBoard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (BlackBoard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete EVent system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses these detection information.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.42-49
• /
• 2021

As cyber attacks become more intelligent, there is difficulty in detecting advanced attacks in various fields such as industry, defense, and medical care. IPS (Intrusion Prevention System), etc., but the need for centralized integrated management of each security system is increasing. In this paper, we collect big data for intrusion detection and build an intrusion detection platform using deep learning and CNN (Convolutional Neural Networks). In this paper, we design an intelligent big data platform that collects data by observing and analyzing user visit logs and linking with big data. We want to collect big data for intrusion detection and build an intrusion detection platform based on CNN model. In this study, we evaluated the performance of the Intrusion Detection System (IDS) using the KDD99 dataset developed by DARPA in 1998, and the actual attack categories were tested with KDD99's DoS, U2R, and R2L using four probing methods.

• Journal of Information Processing Systems
• /
• v.8 no.2
• /
• pp.213-240
• /
• 2012

Safety critical systems, real time systems, and event-based systems have a complex set of events and their own interdependency, which makes them difficult to test ma Safety critic Safety critical systems, real time systems, and event-based systems have a complex set of events and their own interdependency, which makes them difficult to test manually. In order to cut down on costs, save time, and increase reliability, the model based testing approach is the best solution. Such an approach does not require applications or codes prior to generating test cases, so it leads to the early detection of faults, which helps in reducing the development time. Several model-based testing approaches have used different UML models but very few works have been reported to show the generation of test cases that use events. Test cases that use events are an apt choice for these types of systems. However, these works have considered events that happen at a user interface level in a system while other events that happen in a system are not considered. Such works have limited applications in testing the GUI of a system. In this paper, a novel model-based testing approach is presented using business events, state events, and control events that have been captured directly from requirement specifications. The proposed approach documents events in event templates and then builds an event-flow model and a fault model for a system. Test coverage criterion and an algorithm are designed using these models to generate event sequence based test scenarios and test cases. Unlike other event based approaches, our approach is able to detect the proposed faults in a system. A prototype tool is developed to automate and evaluate the applicability of the entire process. Results have shown that the proposed approach and supportive tool is able to successfully derive test scenarios and test cases from the requirement specifications of safety critical systems, real time systems, and event based systems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.9
• /
• pp.1120-1131
• /
• 2016

In this paper, we propose a smoker recognition algorithm, detecting smokers in a video sequence in order to prevent fire accidents. We use description-based method in hierarchical approaches to recognize smoker's activity, the algorithm consists of background subtraction, object detection, event search, event judgement. Background subtraction generates slow-motion and fast-motion foreground image from input image using Gaussian mixture model with two different learning-rate. Then, it extracts object locations in the slow-motion image using chain-rule based contour detection. For each object, face is detected by using Haar-like feature and smoke is detected by reflecting frequency and direction of smoke in fast-motion foreground. Hand movements are detected by motion estimation. The algorithm examines the features in a certain interval and infers that whether the object is a smoker. It robustly can detect a smoker among different objects while achieving real-time performance.

• Journal of Microbiology and Biotechnology
• /
• v.16 no.11
• /
• pp.1778-1783
• /
• 2006

Event-specific PCR detection methods are the primary trend in genetically modified (GM) plant detection owing to their high specificity based on the flanking sequence of the exogenous integrant. Therefore, this study describes a real-time PCR system for event-specific GM canola GT73, consisting of a set of primers, TaqMan probe, and single target standard plasmid. For the specific detection of GT73 canola, the 3'-integration junction sequence between the host plant DNA and the integrated specific border was targeted. To validate the proposed method, test samples of 0, 1, 3, 5, and 10% GT73 canola were quantified. The method was also assayed with 15 different plants, and no amplification signal was observed in a real-time PCR assay with any of the species tested, other than GT73 canola.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.109-121
• /
• 2002

As the development of information technology and thus the growth of security incidents, there has been increasing demand on developing a system for centralized security management, also known as Enterprise Security Management(ESM), uniting functions of various security systems such as firewall, intrusion detection system, virtual private network and so on. Unfortunately, however, developers have been suffering with a lack of related standard. Although ISTF recently announced firewall system and intrusion detection system log format, it still needs for truly efficient ESM further development of the related standard including event and control messaging. This paper analyses ISTF standard and further suggests an additional event and control messaging standard for firewall and intrusion detection systems. It is expected that this effort would be helpful for the development of ESM and further related standard.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.77-84
• /
• 2012

The control network has been operated in a closed. But it changes to open to external for business convenience and cooperation with several organizations. As the way of connecting with user extends, the risk of control network gets high. Thus, in this paper, proposed the technique of an anomalous event detection using white-list for control network security and minimizing the cyber threats. The proposed method can be collected and cataloged of only normal data from traffic of internal network, control network and field devices. Through way to check the this situation, we can separate normal and abnormal behavior.

• Food Science and Biotechnology
• /
• v.17 no.4
• /
• pp.829-832
• /
• 2008

A multiplex polymerase chain reaction (PCR) method was developed to simultaneously detect 4 varieties of genetically modified (GM) cotton. The event-specific primers were used to distinguish the 4 varieties of GM cotton (MON1445, MON15985, MON88913, and LLcotton25) using multiplex PCR. The acyl carrier protein 1 (Acp1) gene was used as an endogenous reference gene of cotton in the PCR detection. The primer pair Acp1-AF/AR containing a 99 bp amplicon was used to amplify the Acp1 gene and no amplified product was observed in any of the 13 different plants used as templates. This multiplex PCR method allowed for the detection of event-specific targets in a genomic DNA mixture of up to 1% GM cotton containing MON1445, MON15985, MON88913, and LLcotton25.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.12
• /
• pp.4909-4926
• /
• 2020

Cyberattacks penetrate the server and perform various malicious acts such as stealing confidential information, destroying systems, and exposing personal information. To achieve this, attackers perform various malicious actions by infecting endpoints and accessing the internal network. However, the current countermeasures are only anti-viruses that operate in a signature or pattern manner, allowing initial unknown attacks. Endpoint Detection and Response (EDR) technology is focused on providing visibility, and strong countermeasures are lacking. If you fail to respond to the initial attack, it is difficult to respond additionally because malicious behavior like Advanced Persistent Threat (APT) attack does not occur immediately, but occurs over a long period of time. In this paper, we propose a technique that detects an unknown attack using an event log without prior knowledge, although the initial response failed with anti-virus. The proposed technology uses a combination of AutoEncoder and 1D CNN (1-Dimention Convolutional Neural Network) based on semi-supervised learning. The experiment trained a dataset collected over a month in a real-world commercial endpoint environment, and tested the data collected over the next month. As a result of the experiment, 37 unknown attacks were detected in the event log collected for one month in the actual commercial endpoint environment, and 26 of them were verified as malicious through VirusTotal (VT). In the future, it is expected that the proposed model will be applied to EDR technology to form a secure endpoint environment and reduce time and labor costs to effectively detect unknown attacks.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.8
• /
• pp.301-308
• /
• 2015

SNS is a web-based online platform service supporting the formation of relations between users. SNS users have usually used a desktop or laptop for this purpose so far. However, the number of SNS users is greatly increasing and their access to the web is improving with the spread of smart phones. They share their daily lives with other users through SNSs. We can detect events if we analyze the contents that are left by SNS users, where the individual acts as a sensor. Such analyses have already been attempted by many researchers. In particular, Twitter is used in related spheres in various ways, because it has structural characteristics suitable for detecting events. However, there is a limitation concerning the detection of events and their locations. Thus, we developed a system that can detect the location immediately based on the district mentioned in Twitter. We tested whether the system can function in real time and evaluated its ability to detect events that occurred in reality. We also tried to improve its detection efficiency by removing noise.