• Journal of Intelligence and Information Systems
• /
• v.18 no.1
• /
• pp.125-141
• /
• 2012

These days, the malicious attacks and hacks on the networked systems are dramatically increasing, and the patterns of them are changing rapidly. Consequently, it becomes more important to appropriately handle these malicious attacks and hacks, and there exist sufficient interests and demand in effective network security systems just like intrusion detection systems. Intrusion detection systems are the network security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. Conventional intrusion detection systems have generally been designed using the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. However, they cannot handle new or unknown patterns of the network attacks, although they perform very well under the normal situation. As a result, recent studies on intrusion detection systems use artificial intelligence techniques, which can proactively respond to the unknown threats. For a long time, researchers have adopted and tested various kinds of artificial intelligence techniques such as artificial neural networks, decision trees, and support vector machines to detect intrusions on the network. However, most of them have just applied these techniques singularly, even though combining the techniques may lead to better detection. With this reason, we propose a new integrated model for intrusion detection. Our model is designed to combine prediction results of four different binary classification models-logistic regression (LOGIT), decision trees (DT), artificial neural networks (ANN), and support vector machines (SVM), which may be complementary to each other. As a tool for finding optimal combining weights, genetic algorithms (GA) are used. Our proposed model is designed to be built in two steps. At the first step, the optimal integration model whose prediction error (i.e. erroneous classification rate) is the least is generated. After that, in the second step, it explores the optimal classification threshold for determining intrusions, which minimizes the total misclassification cost. To calculate the total misclassification cost of intrusion detection system, we need to understand its asymmetric error cost scheme. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, total misclassification cost is more affected by FNE rather than FPE. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 10,000 samples from them by using random sampling method. Also, we compared the results from our model with the results from single techniques to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell R4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on GA outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that the proposed model outperformed all the other comparative models in the total misclassification cost perspective. Consequently, it is expected that our study may contribute to build cost-effective intelligent intrusion detection systems.

• Journal of Digital Convergence
• /
• v.15 no.4
• /
• pp.285-293
• /
• 2017

They are rapidly evolving malicious attacks on smart devices, and to timely protect the smart devices from these attacks has become a very important issue. In particular, smishing attack has emerged as one of the most important threats on the smartphone. In this paper, we propose the cloud service that can fundamentally protect the user from the risk of smishing attack. The proposed scheme provides cloud messaging service that can filter text messages including URLs in the user's smart device, view and manage them through a virtual machine provided by a cloud server. The existing techniques for preventing smshing attacks protect only malicious code of a known pattern and there is the possibility of error such as FP(False Positive) or FN(False Negative). However, since the proposed method automatically filters all text messages including URLs, storing, viewing, and managing them in their own storage space on the cloud server, it can completely block the installation of malwares(malicious codes) on the user's smart device through smishing attacks.

• Atmosphere
• /
• v.25 no.2
• /
• pp.271-281
• /
• 2015

The objectives of this study are to develop a hydrological drought outlook system using GloSea5 (Global Seasonal forecasting system 5) which has recently been used by KMA (Korea Meteorological Association) and to evaluate the forecasting capability. For drought analysis, the bilinear interpolation method was applied to spatially downscale the low-resolution outputs of GloSea5 and PR (Predicted Runoff) was produced for different lead times (i.e., 1-, 2-, 3-month) running LSM (Land Surface Model). The behavior of PR anomaly was similar to that of HR (Historical Runoff) and the estimated values were negative up to lead times of 1- and 2-month. For the evaluation of drought outlook, SRI (Standardized Runoff Index) was selected and PR_SRI estimated using PR. ROC score was 0.83, 0.71, 0.60 for 1-, 2- and 3-month lead times, respectively. It also showed the hit rate is high and false alarm rate is low as shorter lead time. The temporal Correlation Coefficient (CC) was 0.82, 0.60, 0.31 and Root Mean Square Error (RMSE) was 0.52, 0.86, 1.20 for 1-, 2-, 3-month lead time, respectively. The accuracy of PR_SRI was high up to 1- and 2-month lead time on local regions except the Gyeonggi and Gangwon province. It can be concluded that GloSea5 has high applicability for hydrological drought outlook.

• Journal of Environmental Health Sciences
• /
• v.40 no.2
• /
• pp.105-113
• /
• 2014

Objectives: It is necessary to apply quantitative structure activity relationship (QSAR) for the various chemicals with insufficient toxicity data that are used in the workplace, based on the precautionary principle. This study aims to find application plan of QSAR software tool for predicting health hazards such as genetic toxicity, and carcinogenicity for some chemicals used in the electronics industries. Methods: Toxicity prediction of 21 chemicals such as 5-aminotetrazole, ethyl lactate, digallium trioxide, etc. used in electronics industries was assessed by Toxicity Prediction by Komputer Assisted Technology (TOPKAT). In order to identify the suitability and reliability of carcinogenicity prediction, 25 chemicals such as 4-aminobiphenyl, ethylene oxide, etc. which are classified as Group 1 carcinogens by the International Agency for Research on Cancer (IARC) were selected. Results: Among 21 chemicals, we obtained prediction results for 5 carcinogens, 8 non-carcinogens and 8 unpredictability chemicals. On the other hand, the carcinogenic potential of 5 carcinogens was found to be low by relevant research testing data and Oncologic TM tool. Seven of the 25 carcinogens (IARC Group 1) were wrongly predicted as non-carcinogens (false negative rate: 36.8%). We confirmed that the prediction error could be improved by combining genetic toxicity information such as mutagenicity. Conclusions: Some compounds, including inorganic chemicals and polymers, were still limited for applying toxicity prediction program. Carcinogenicity prediction may be further improved by conducting cross-validation of various toxicity prediction programs, or application of the theoretical molecular descriptors.

• IEIE Transactions on Smart Processing and Computing
• /
• v.4 no.4
• /
• pp.195-201
• /
• 2015

For median filtering (MF) detection in altered digital images, this paper presents a new feature vector that is formed from autoregressive (AR) coefficients via an AR model of the gradients between the neighboring row and column lines in an image. Subsequently, the defined 10-D feature vector is trained in a support vector machine (SVM) for MF detection among forged images. The MF classification is compared to the median filter residual (MFR) scheme that had the same 10-D feature vector. In the experiment, three kinds of test items are area under receiver operating characteristic (ROC) curve (AUC), classification ratio, and minimal average decision error. The performance is excellent for unaltered (ORI) or once-altered images, such as $3{\times}3$ average filtering (AVE3), QF=90 JPEG (JPG90), 90% down, and 110% up to scale (DN0.9 and Up1.1) images, versus $3{\times}3$ and $5{\times}5$ median filtering (MF3 and MF5, respectively) and MF3 and MF5 composite images (MF35). When the forged image was post-altered with AVE3, DN0.9, UP1.1 and JPG70 after MF3, MF5 and MF35, the performance of the proposed scheme is lower than the MFR scheme. In particular, the feature vector in this paper has a superior classification ratio compared to AVE3. However, in the measured performances with unaltered, once-altered and post-altered images versus MF3, MF5 and MF35, the resultant AUC by 'sensitivity' (TP: true positive rate) and '1-specificity' (FN: false negative rate) is achieved closer to 1. Thus, it is confirmed that the grade evaluation of the proposed scheme can be rated as 'Excellent (A)'.

• The Korean Journal of Nuclear Medicine
• /
• v.30 no.4
• /
• pp.476-483
• /
• 1996

Following radiation therapy for brain tumors, patients often have clinical deterioration due to either radiation necrosis or recurrent tumor progression in the treatment field. The distinction between these entities is important but difficult clinically or even with CT or MRI. T1-201 has been known to accumulate in various tumors and be useful to grade, predict prognosis or detect recurrence of glioma. The aim of this study was to evaluate the usefulness of T1-201 SPECT in the differentiation of recurrent tumor from radiation necrosis. Of 67 patients who did T1-201 brain SPECT imaging with clinically suspected recurrent tumor or radiation necrosis, 20 patients underwent histopathological examination and constituted the study population. T1-201 uptake indices on T1-201 brain SPECT imaging rrere calculated and correlated with histopathological diagnosis. Of 20 patients, 15 were histopathologically confirmed as recurrent original tumor or malignant transformation of benign tumor and 5 were diagnosed as radiation necrosis. On T1-201 SPECT, 18 of 20 had T1-201 index above 2.5 which was regarded as positive indicator for the presence of tumor. Seventeen cases showed concordance, which consisted of 15 true positive and 2 true negative. Discordant 3 cases were all false positive. There was no case of false negative. The sensitivity, specificity, positive and negative predictive value of T1-201 SPECT were 100%, 40%, 83% and 100%. In conclusion, T1-201 brain SPECT is a sensitive diagnostic test in the detection of recurrent tumor following radiation therapy and is useful in the differentiation of recurrent tumor from radiation necrosis. Relatively low specificity should be evaluated further in larger number of patients in consideration of sampling error and referral bias for pathologic examination.