• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.622-627
• /
• 2022

This paper proposes an intrusion detection system for in-vehicle network to improve detection performance considering attack counts and attack types. In intrusion detection system, both FNR (False Negative Rate), where intrusion frame is misjudged as normal frame, and FPR (False Positive Rate), where normal frame is misjudged as intrusion frame, seriously affect vechicle safety. This paper proposes a novel intrusion detection algorithm to improve both FNR and FPR, where data frame previously detected as intrusion above certain attack counts is automatically detected as intrusion and the automatic intrusion detection method is adaptively applied according to attack types. From the simulation results, the propsoed method effectively improve both FNR and FPR in DoS(Denial of Service) attack and spoofing attack.

• Journal of Chest Surgery
• /
• v.29 no.1
• /
• pp.52-58
• /
• 1996

Sixty six patients who were operated as lung cancer during the period from Mar. 1991 to Sep. 1993 at the department of Thoracic and cardiovascular surgery, were reviewed retrospectively and the accuracy of regional lymph node in preoperative CT were compared with histopathologlc report obtained from operation. The age ranged from 30 to 72 years old (mean age : 56.5), and 51 patients were male and 15 patients were female. The author analysed the true positive, true negative, false positive and false negative and sensitivity, specificity, positive predictive index, negative predictive index and accuracy of each nodes. The result is that there were differences between seven nodal groups in specificity, sensitivity, positive predictive Index, negative predictive index and accuracy. The range of each nodal group is from 81.7 to 98.3% The nodes of the most poor accuracy are aortopulmonary area and hilar area.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.7
• /
• pp.1721-1736
• /
• 2013

Black and gray hole attack is one kind of routing disturbing attacks and can bring great damage to the network. As a result, an efficient algorithm to detect black and gray attack is important. This paper demonstrate an adaptive approach to detecting black and gray hole attacks in ad hoc network based on a cross layer design. In network layer, we proposed a path-based method to overhear the next hop's action. This scheme does not send out extra control packets and saves the system resources of the detecting node. In MAC layer, a collision rate reporting system is established to estimate dynamic detecting threshold so as to lower the false positive rate under high network overload. We choose DSR protocol to test our algorithm and ns-2 as our simulation tool. Our experiment result verifies our theory: the average detection rate is above 90% and the false positive rate is below 10%. Moreover, the adaptive threshold strategy contributes to decrease the false positive rate.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2013.06a
• /
• pp.52-55
• /
• 2013

본 논문은 Boosted Random Ferns 기반의 회전 불변 얼굴 검출 방법을 제안한다. 기존 Random Ferns 의 경우 특징값을 추출할 때 임의로 선택한 두 픽셀의 밝기값 비교를 통하여 이진 특징값을 추출한다. 이 경우 해당 픽셀의 밝기값에 잡음이 포함되면 특징값이 부정확하게 추출되는 문제가 있다. 본 논문에서는 이러한 문제를 해결하기 위하여 임의로 두 블록을 선택하고 해당 블록내 밝기값의 평균을 비교하여 이진 특징값을 추출하였다. 또한 픽셀 위치를 임의로 선택하여 ferns 를 구성하였던 기존의 방법 대신 최고의 분류 성능을 가지는 fern 들을 이용하여 분류기를 구성하기 위해, AdaBoost 의 방법을 Random Ferns 에 맞게 변경하였다. Boosted Random Ferns 를 트리 구조의 cascade 노드에 방향과 각도에 따라 배치하여 연산 속도를 향상시키고 false-positive를 줄이는 효과를 보았다. CMU Rotated Face Database 를 사용하여 평가하였을 때, 기존 Random Ferns 는 false-positive 의 수가 57 개 일 때 66%의 검출률을 보인 반면, Boosted Random Ferns 는 false-positive 의 수가 45 개 일 때 88%의 검출률을 보였다.

• Journal of information and communication convergence engineering
• /
• v.7 no.1
• /
• pp.7-12
• /
• 2009

The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

• Korean Journal of Veterinary Pathology
• /
• v.7 no.1
• /
• pp.11-15
• /
• 2003

Antigen retrieval (AR) techniques were widely used to recover the antigenicity from the fixed tissues, which were guided by the philosophy of rendering immunohistochemistry (IHC) applicable to routine formalin-fixed, paraffin-embedded tissues for wide application of IHC in research and clinical filed for morphological observation like as anatomy, histology and pathology. Protease antigen recovery (PAR) is an AR technique, which is obtained the antigen retrieve by using enzyme digestion, and commonly used in IHC field. However, during the IHC for the detection of ovine herpesvirus 2 (OvHV-2) antigen, we noted lymphocyte-like cells-specific staining in the infiltrated cells into various organs like as liver and kidney, which was also shown in the IHC tissues with isotype control. However, those signals were not observed in the tissues conducted with in situ hybridization. Therefore, we analyzed the specificity of the IHC detection results. We found that PAR may induce false-positive result during IHC in lymphocyte-like cells, which were infiltrated mainly around vessels and in interstitial tissues. Through the Phenotyping, we realized that those false-positive cells were B-cell-related cells. These results suggest that PAR, a AR using protease, may induce non-specific false-positive reactions during IHC.

• Journal of Internet Computing and Services
• /
• v.8 no.2
• /
• pp.89-94
• /
• 2007

Even though lots of research have been doing about spam mail blocking technologies and their systems, the emergence of spam mails of new types causes the spam mail filtering rate to decrease and the occurrences of false-positive mails to increase. Therefore, existing spam mail filtering algorithms suffer from increasing load to be processed and decreasing reliability in spam mail blocking systems due to the shortage of newly developed algorithms and their research. This paper presents the Fit-FA Finder which is able to select appropriate algorithms to be applied and their procedures, and the development of the SMBC platform. The Fit-FA Finder is developed and implemented in the SMBC platform in which recovering process based on privacy information is employed for false-positive mails

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2651-2673
• /
• 2019

In order to detect Denial of Service (DoS) attacks, victim-side detection methods are used popularly such as static threshold-based method and machine learning-based method. However, as DoS attacking methods become more sophisticated, these methods reveal some natural disadvantages such as the late detection and the difficulty of tracing back attackers. Recently, in order to mitigate these drawbacks, source-side DoS detection methods have been researched. But, the source-side DoS detection methods have limitations if the volume of attack traffic is relatively very small and it is blended into legitimate traffic. Especially, with the subtle attack traffic, DoS detection methods may suffer from high false positive, considering legitimate traffic as attack traffic. In this paper, we propose an effective source-side DoS detection method with traffic seasonality aware adaptive threshold. The threshold of detecting DoS attack is adjusted adaptively to the fluctuated legitimate traffic in order to detect subtle attack traffic. Moreover, by understanding the seasonality of legitimate traffic, the threshold can be updated more carefully even though subtle attack happens and it helps to achieve low false positive. The extensive evaluation with the real traffic logs presents that the proposed method achieves very high detection rate over 90% with low false positive rate down to 5%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1284-1297
• /
• 2019

The network environment is presently becoming very increased. Accordingly, the study of traffic classification for network management is becoming difficult. Automatic signature extraction system is a hot topic in the field of traffic classification research. However, existing automatic payload signature generation systems suffer problems such as semi-automatic system, generating of disposable signatures, generating of false-positive signatures and signatures are not kept up to date. Therefore, we provide a fully automatic signature update system that automatically performs all the processes, such as traffic collection, signature generation, signature management and signature verification. The step of traffic collection automatically collects ground-truth traffic through the traffic measurement agent (TMA) and traffic management server (TMS). The step of signature management removes unnecessary signatures. The step of signature generation generates new signatures. Finally, the step of signature verification removes the false-positive signatures. The proposed system can solve the problems of existing systems. The result of this system to a campus network showed that, in the case of four applications, high recall values and low false-positive rates can be maintained.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.65-76
• /
• 2006

This paper deals with an effective algerian aimed at improving the port scan detection in an intrusion detection system (IDS). In particular, a detection correlation algerian is proposed to maximize the detection capability in the network-based IDS whereby the 'misuse' is flagged for analysis to establish intrusion profile in relation to the overall port scan detection process. In addition, we establish an appropriate system maintenance policy for port scan detection as preprocessor for improved port scan in IDS, thereby achieving minimum false positive in the misuse detection engine while enhancing the system performance.