• Proceedings of the KSRS Conference
• /
• 2004.10a
• /
• pp.716-718
• /
• 2004

The false alarm data in intrusion detection systems are divided into false positive and false negative. The false positive makes bad effects on the performance of intrusion detection system. And the false negative makes bad effects on the efficiency of intrusion detection system. Recently, the most of works have been studied the data mining technique for analysis of alert data. However, the false alarm data not only increase data volume but also change patterns of alert data along the time line. Therefore, we need a tool that can analyze patterns that change characteristics when we look for new patterns. In this paper, we focus on the false positives and present a framework for analysis of false alarm pattern from the alert data. In this work, we also apply incremental data mining techniques to analyze patterns of false alarms among alert data that are incremental over the time. Finally, we achieved flexibility by using dynamic support threshold, because the volume of alert data as well as included false alarms increases irregular.

• Convergence Security Journal
• /
• v.15 no.1
• /
• pp.27-36
• /
• 2015

A discussion on false alarm is a series of problems about a waste of police resources. The the false alarm primarily increase machine the cost of security firm but ultimately increase the costs of national and social management. Verified Report System has been in operation since July 1, 2013, We could analyze the actual operation of 112 report on false alarm rate was 82.4% before this system launched, but after implementation of the Verified Report System, this rate level downs below 69.7% records. So 12.7% is declined at the rate of false alarm. However, the actual alarm rate of Electronic Security itself is just only 0.3 % in the total number of cases responding in contrast to Police is considerable. It is more urgent to evolve the Verified Report System, so penalty system against the false alarm, Police registration system of sensors, and strengthening of the task of the company for installation and management of detection equipment are urgently needed.

• Journal of Satellite, Information and Communications
• /
• v.8 no.4
• /
• pp.1-5
• /
• 2013

CR(Cognitive Radio) technology is maximized frequency reuse using unused frequency band. Conventional cooperative spectrum sensing has fixed false alarms. so all cooperative user has equal threshold. This problem is caused degradation of detection probability. so we propose and analysis the system model that false alarm differential setting through CSI(channel state information) for resonable threshold. Simulation results show improvement of detection probability.

• Korean Security Journal
• /
• no.30
• /
• pp.33-60
• /
• 2012

False alarm of Electronic security causes various serious side effects such as decrease of electronic security guard's morale caused by unnecessary mobilization, increase of fatigue caused by workload increase, increase of electronic security company owner's management burden and decrease of electronic security service utilization rate caused by customer's distrust. Therefore, the study considered the Korean regulation related with false alarm of electronic security and proposed actual status of false alarm and measure for it. The study proposed systematic resolution assignments and political assignments in relation with the measure for false alarm. Systematic resolution assignments are as follows. First, electronic security company should construct electronic security system accurately from the initial step of security consulting and security planning related with target facility. Second, it is necessary to encourage installation and operation of video monitoring system. Third, sensor wiring should be separated. Fourth, the measures for false alarm depending on main system causes should be prepared. It is necessary to encourage the installation of 'arming disarming alarm sound' generator. In addition, the measures for false arm depending on the characteristics of sensor should be prepared and standardized. Fifth, system maintenance should be reinforced. Political assignments related with the measures for false alarm are as follows. First, it is necessary to reinforce education & training. Individual nurturing & education process should be run by electronic security company or the education focusing on the measure for false alarm should be performed in job training defined in "Security Industry Act". Second, it is necessary to establish and reinforce legal regulation and establish device. If police authority standardizes the documents related with false alarm, provides their forms and requires them for periodical reports or documents, it is expected that good measures for false alarm will be prepared on the basis of actual data in the future. Third, cooperation organization to discuss the measures for false alarm like 'Conference for False Alarm of Electronic Security' should be organized and operated. Fourth, interest and role of electronic security company and electronic security supervisor should be enlarged.

• Journal of KIISE:Databases
• /
• v.34 no.6
• /
• pp.473-482
• /
• 2007

Network-based IDS(Intrusion Detection System) gathers network packet data and analyzes them into attack or normal. They raise alarm when possible intrusion happens. But they often output a large amount of low-level of incomplete alert information. Consequently, a large amount of incomplete alert information that can be unmanageable and also be mixed with false alerts can prevent intrusion response systems and security administrator from adequately understanding and analyzing the state of network security, and initiating appropriate response in a timely fashion. So it is important for the security administrator to reduce the redundancy of alerts, integrate and correlate security alerts, construct attack scenarios and present high-level aggregated information. False alarm rate is the ratio between the number of normal connections that are incorrectly misclassified as attacks and the total number of normal connections. In this paper we propose a false alarm classification model to reduce the false alarm rate using classification analysis of data mining techniques. The proposed model can classify the alarms from the intrusion detection systems into false alert or true attack. Our approach is useful to reduce false alerts and to improve the detection rate of network-based intrusion detection systems.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.1
• /
• pp.100-105
• /
• 2011

Generally, because received signals from radar are very bulky, the data are divided into manageable size called section, and sections are distributed into several digital signal processors. And then, target detection algorithms are applied simultaneously in each processor. CFAR(Constant False Alarm Rate) algorithm, which is the most popular target detection algorithm, can estimate accurate threshold values to determine which signals are targets or noises within center-cut of section allocated to each processor. However, its estimation precision is diminished in section edge data because of insufficient surrounding data to be referred. Especially this edge problem of CFAR is too serious if we have many sections to be processed, because it causes many false alarms in most every section edges. This paper describes false alarm issues on MCA(Minimum Cell Average)-CFAR, and proposes a false alarm elimination method by changing section size alternatively. Real received data from multi-function radar were used to evaluate a proposed method, and we show that our method drastically decreases false alarms without missing real targets, and improves detection performance.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.17 no.7
• /
• pp.719-729
• /
• 1992

An improved MXTM (maximum trimmed mean) -CFAR (constant false alarm rate) processor is proposed to reduce false alarm rates In detecting radar targets and Its performance character is ticsare analyzed to be compared with those of other CFAR processors. The proposed MXTM-CFAR processor is obtained by combining the GO (greatest of ) -CFAR processor reducing excessive falsealarm rate at riutter edges with the TM-CFAR processor showing good performances In homo-geneous Jnonhornog eneous background. Performance analyses have been done by computing detection probability, constant false alarm rate and detection thresholds under the homogeneous or multiple target environments and at the clutter edges. Analysis results how that the proposed CFAR processor maintains its performance as good as those of,05(order statistics) and TM-CFAR inhomogeneous and multiple target environments and Can reduce the false alarm rate at clutter edges. Overall computing time hfs been also reduced.

• The Journal of the Acoustical Society of Korea
• /
• v.30 no.2
• /
• pp.73-79
• /
• 2011

This paper presents a new impulsive noise detection algorithm in speech signal. The proposed method employs the frequency domain characteristic of the impulsive noise to improve the detection accuracy while avoiding the false-alarm problem by the pitch of the speech signal. Furthermore, we proposed time-frequency domain impulsive noise detector that utilizes both the time and frequency domain parameters which minimizes the false-alarm problem by mutually complementing each other. As the result, the proposed time-frequency domain detector shows the best performance with 99.33 % of detection accuracy and 1.49 % of false-alarm rate.

• Nuclear Engineering and Technology
• /
• v.50 no.5
• /
• pp.690-697
• /
• 2018

Criticality alarm systems (CASs) are mandatory in nuclear plants for prompt alarm in the event of any criticality incident. False criticality alarms are not desirable as they create a panic environment for radiation workers. The present article describes the design enhancement of the CAS at each stage and provides maximum availability, preventing false criticality alarms. The failure mode and effect analysis are carried out on each element of a CAS. Based on the analysis, additional hardware circuits are developed for early fault detection. Two different methods are developed, one method for channel loop functionality test and another method for dose alarm test using electronic transient pulse. The design enhancement made for the external systems that are integrated with a CAS includes the power supply, criticality evacuation hooter circuit, radiation data acquisition system along with selection of different soft alarm set points, and centralized electronic test facility. The CAS incorporating all improvements are assembled, installed, tested, and validated along with rigorous surveillance procedures in a nuclear plant for a period of 18,000 h.

• The Korean Journal of Applied Statistics
• /
• v.33 no.2
• /
• pp.161-170
• /
• 2020

The combined ${\bar{X}}-S^2$ chart is a traditional control chart for simultaneously detecting mean and variance. Control limits for the combined ${\bar{X}}-S^2$ chart are determined so that each chart has the same individual false alarm rate while maintaining the required false alarm rate for the combined chart. In this paper, we provide flexibility to allow the two charts to have different individual false alarm rates as well as evaluate the effect of flexibility. The individual false alarm rate of the ${\bar{X}}$ chart is taken to be γ times the individual false alarm rate of the S² chart. To evaluate the effect of selecting the value of γ, we use the out-of-control average run length and relative mean index as the performance measure for the combined ${\bar{X}}-S^2$ chart.