• Journal of Intelligence and Information Systems
• /
• v.17 no.4
• /
• pp.157-173
• /
• 2011

As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. This means the fatal damage can be caused by these intrusions in the government agency, public office, and company operating various systems. For such reasons, there are growing interests and demand about the intrusion detection systems (IDS)-the security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. The intrusion detection models that have been applied in conventional IDS are generally designed by modeling the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. These kinds of intrusion detection models perform well under the normal situations. However, they show poor performance when they meet a new or unknown pattern of the network attacks. For this reason, several recent studies try to adopt various artificial intelligence techniques, which can proactively respond to the unknown threats. Especially, artificial neural networks (ANNs) have popularly been applied in the prior studies because of its superior prediction accuracy. However, ANNs have some intrinsic limitations such as the risk of overfitting, the requirement of the large sample size, and the lack of understanding the prediction process (i.e. black box theory). As a result, the most recent studies on IDS have started to adopt support vector machine (SVM), the classification technique that is more stable and powerful compared to ANNs. SVM is known as a relatively high predictive power and generalization capability. Under this background, this study proposes a novel intelligent intrusion detection model that uses SVM as the classification model in order to improve the predictive ability of IDS. Also, our model is designed to consider the asymmetric error cost by optimizing the classification threshold. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, when considering total cost of misclassification in IDS, it is more reasonable to assign heavier weights on FNE rather than FPE. Therefore, we designed our proposed intrusion detection model to optimize the classification threshold in order to minimize the total misclassification cost. In this case, conventional SVM cannot be applied because it is designed to generate discrete output (i.e. a class). To resolve this problem, we used the revised SVM technique proposed by Platt(2000), which is able to generate the probability estimate. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 1,000 samples from them by using random sampling method. In addition, the SVM model was compared with the logistic regression (LOGIT), decision trees (DT), and ANN to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell 4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on SVM outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that our model reduced the total misclassification cost compared to the ANN-based intrusion detection model. As a result, it is expected that the intrusion detection model proposed in this paper would not only enhance the performance of IDS, but also lead to better management of FNE.

• Korean Journal of Construction Engineering and Management
• /
• v.17 no.3
• /
• pp.32-42
• /
• 2016

In Korea, the absence of BIM use in existing civil structures and buildings is driving a demand for as-built BIM. As-built BIMs are often created using laser scanners that provide dense 3D point cloud data. Conventional static laser scanning approaches often suffer from limitations in their operability due to the difficulties in moving the equipment, the selection of scanning location, and the requirement of placing targets or extracting tie points for registration of each scanned point cloud. This paper aims at reducing the manual effort using a kinematic 3D laser scanning system based on graph-based simultaneous localization and mapping (SLAM) for continuous indoor mapping. The robotic platform carries three 2D laser scanners: the front scanner is mounted horizontally to compute the robot's trajectory and to build the SLAM graph; the other two scanners are mounted vertically to scan the profiles of surrounding environments. To reduce the accumulated error in the trajectory of the platform through loop closures, the graph-based SLAM system incorporates AdaBoost loop closure approach, which is particularly suitable for the developed multi-scanner system providing more features than the single-scanner system for training. We implemented the proposed method and evaluated it in two indoor test sites. Our experimental results show that the false positive rate was reduced by 13.6% and 7.9% for the two dataset. Finally, the 2D and 3D mapping results of the two test sites confirmed the effectiveness of the proposed graph-based SLAM.

• Journal of Biomedical Engineering Research
• /
• v.25 no.6
• /
• pp.479-487
• /
• 2004

Biopotential signals have been used as command in systems using electrical stimulation of motor nerves to restore movement after an injury to the central nervous system (CNS). In order to use the voluntary EMG (electromyography) among the biopotentials as a control signal for the electrical stimulation of the same muscle for CNS injury patients, it is necessary to remove M-wave of having high magnitude from raw data. We designed an optimal filter for removing the M-wave and preserving the voluntary EMG and showed that the optimal filter is eigen filter. We also proved that the previous method using the prediction error filter(PEF) is a suboptimal filtering in the sense of preserving the voluntary EMG. On basis of the data obtained from a model for M-wave and voluntary EMG and from actual CNS injury patients, with false-positive rate analysis, the proposed adaptive filter showed a very promising performance in comparison with previous method.

• The Korean Journal of Nuclear Medicine
• /
• v.37 no.6
• /
• pp.374-381
• /
• 2003

Purpose: Determining an appropriate thresholding is crucial for PDG PET analysis since strong control of Type I error could fail to find pathological differences between eariy Alzheimer' disease (AD) patients and healthy normal controls. We compared the SPM results on FDG PET imaging of early AD using uncorrected p-value, random-field based corrected p-value and false discovery rate (FDR) control. Materials and Methods: Twenty-eight patients ($66{\pm}7$ years old) with early AD and 18 age-matched normal controls ($68{\pm}6$ years old) underwent FDG brain PET. To identify brain regions with hypo-metabolism in group or individual patient compared to normal controls, group images or each patient's image was compared with normal controls usingthe same fixed p-value of 0.001 on uncorrected thresholding, random-field based corrected thresholding and FDR control. Results: The number of hypo-metabolic voxels was smallest in corrected p-value method, largest in uncorrected p-value method and intermediate in FDG thresholding in group analysis. Three types of result pattern were found. The first was that corrected p-value did not yield any voxel positive but FDR gave a few significantly hypometabolic voxels (8/28, 29%). The second was that both corrected p-value and FDR did not yield any positive region but numerous positive voxels were found with the threshold of uncorrected p-values (6/28, 21%). The last was that FDR was detected as many positive voxels as uncorrected p-value method (14/28, 50%). Conclusions FDR control could identify hypo-metaboiic areas in group or individual patients with early AD. We recommend FDR control instead of uncorrected or random-field corrected thresholding method to find the areas showing hypometabolism especially in small group or individual analysis of FDG PET.

• Journal of Intelligence and Information Systems
• /
• v.18 no.1
• /
• pp.125-141
• /
• 2012

These days, the malicious attacks and hacks on the networked systems are dramatically increasing, and the patterns of them are changing rapidly. Consequently, it becomes more important to appropriately handle these malicious attacks and hacks, and there exist sufficient interests and demand in effective network security systems just like intrusion detection systems. Intrusion detection systems are the network security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. Conventional intrusion detection systems have generally been designed using the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. However, they cannot handle new or unknown patterns of the network attacks, although they perform very well under the normal situation. As a result, recent studies on intrusion detection systems use artificial intelligence techniques, which can proactively respond to the unknown threats. For a long time, researchers have adopted and tested various kinds of artificial intelligence techniques such as artificial neural networks, decision trees, and support vector machines to detect intrusions on the network. However, most of them have just applied these techniques singularly, even though combining the techniques may lead to better detection. With this reason, we propose a new integrated model for intrusion detection. Our model is designed to combine prediction results of four different binary classification models-logistic regression (LOGIT), decision trees (DT), artificial neural networks (ANN), and support vector machines (SVM), which may be complementary to each other. As a tool for finding optimal combining weights, genetic algorithms (GA) are used. Our proposed model is designed to be built in two steps. At the first step, the optimal integration model whose prediction error (i.e. erroneous classification rate) is the least is generated. After that, in the second step, it explores the optimal classification threshold for determining intrusions, which minimizes the total misclassification cost. To calculate the total misclassification cost of intrusion detection system, we need to understand its asymmetric error cost scheme. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, total misclassification cost is more affected by FNE rather than FPE. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 10,000 samples from them by using random sampling method. Also, we compared the results from our model with the results from single techniques to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell R4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on GA outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that the proposed model outperformed all the other comparative models in the total misclassification cost perspective. Consequently, it is expected that our study may contribute to build cost-effective intelligent intrusion detection systems.

• Journal of Digital Convergence
• /
• v.15 no.4
• /
• pp.285-293
• /
• 2017

They are rapidly evolving malicious attacks on smart devices, and to timely protect the smart devices from these attacks has become a very important issue. In particular, smishing attack has emerged as one of the most important threats on the smartphone. In this paper, we propose the cloud service that can fundamentally protect the user from the risk of smishing attack. The proposed scheme provides cloud messaging service that can filter text messages including URLs in the user's smart device, view and manage them through a virtual machine provided by a cloud server. The existing techniques for preventing smshing attacks protect only malicious code of a known pattern and there is the possibility of error such as FP(False Positive) or FN(False Negative). However, since the proposed method automatically filters all text messages including URLs, storing, viewing, and managing them in their own storage space on the cloud server, it can completely block the installation of malwares(malicious codes) on the user's smart device through smishing attacks.

• Journal of the Korean Academy of Child and Adolescent Psychiatry
• /
• v.27 no.3
• /
• pp.207-215
• /
• 2016

Objectives: This study aimed to investigate the differences in the facial emotion recognition and discrimination ability between children with attention-deficit hyperactivity disorder (ADHD) and autism spectrum disorder (ASD). Methods: Fifty-three children aged 7 to 11 years participated in this study. Among them, 43 were diagnosed with ADHD and 10 with ASD. The parents of the participants completed the Korean version of the Child Behavior Checklist, ADHD Rating Scale and Conner's scale. The participants completed the Korean Wechsler Intelligence Scale for Children-fourth edition and Advanced Test of Attention (ATA), Penn Emotion Recognition Task and Penn Emotion Discrimination Task. The group differences in the facial emotion recognition and discrimination ability were analyzed by using analysis of covariance for the purpose of controlling the visual omission error index of ATA. Results: The children with ADHD showed better recognition of happy and sad faces and less false positive neutral responses than those with ASD. Also, the children with ADHD recognized emotions better than those with ASD on female faces and in extreme facial expressions, but not on male faces or in mild facial expressions. We found no differences in the facial emotion discrimination between the children with ADHD and ASD. Conclusion: Our results suggest that children with ADHD recognize facial emotions better than children with ASD, but they still have deficits. Interventions which consider their different emotion recognition and discrimination abilities are needed.

• Journal of IKEEE
• /
• v.10 no.1 s.18
• /
• pp.49-54
• /
• 2006

Recently, e-mail has become an important way of communications in IT societies, but it creates various social problems due to increase of spam mails. Even though many organizations and cooperation have been trying researches to develop spam mail blocking technologies, a lot of cost and system complexities are required because of varieties of spam blocking technologies. In this paper, we designed of the SMBC(Spam Mail Blocking Center) using the Fit FA(Filtering Algorithm) Finder. Fit-FA Finder that search and applises spam mail filtering algorithm of the most suitable confrontation according to type of spam mail. The system of spam mail filtering is decided performance of the system by procedure that spam filter is used. Go through designed Fit-FA Finder and reduced unnecessary filtering process and processing time and load than appointment order filter application way of existent spam mail interception system.

• IEIE Transactions on Smart Processing and Computing
• /
• v.4 no.4
• /
• pp.195-201
• /
• 2015

For median filtering (MF) detection in altered digital images, this paper presents a new feature vector that is formed from autoregressive (AR) coefficients via an AR model of the gradients between the neighboring row and column lines in an image. Subsequently, the defined 10-D feature vector is trained in a support vector machine (SVM) for MF detection among forged images. The MF classification is compared to the median filter residual (MFR) scheme that had the same 10-D feature vector. In the experiment, three kinds of test items are area under receiver operating characteristic (ROC) curve (AUC), classification ratio, and minimal average decision error. The performance is excellent for unaltered (ORI) or once-altered images, such as $3{\times}3$ average filtering (AVE3), QF=90 JPEG (JPG90), 90% down, and 110% up to scale (DN0.9 and Up1.1) images, versus $3{\times}3$ and $5{\times}5$ median filtering (MF3 and MF5, respectively) and MF3 and MF5 composite images (MF35). When the forged image was post-altered with AVE3, DN0.9, UP1.1 and JPG70 after MF3, MF5 and MF35, the performance of the proposed scheme is lower than the MFR scheme. In particular, the feature vector in this paper has a superior classification ratio compared to AVE3. However, in the measured performances with unaltered, once-altered and post-altered images versus MF3, MF5 and MF35, the resultant AUC by 'sensitivity' (TP: true positive rate) and '1-specificity' (FN: false negative rate) is achieved closer to 1. Thus, it is confirmed that the grade evaluation of the proposed scheme can be rated as 'Excellent (A)'.

• The Korean Journal of Nuclear Medicine
• /
• v.30 no.4
• /
• pp.476-483
• /
• 1996

Following radiation therapy for brain tumors, patients often have clinical deterioration due to either radiation necrosis or recurrent tumor progression in the treatment field. The distinction between these entities is important but difficult clinically or even with CT or MRI. T1-201 has been known to accumulate in various tumors and be useful to grade, predict prognosis or detect recurrence of glioma. The aim of this study was to evaluate the usefulness of T1-201 SPECT in the differentiation of recurrent tumor from radiation necrosis. Of 67 patients who did T1-201 brain SPECT imaging with clinically suspected recurrent tumor or radiation necrosis, 20 patients underwent histopathological examination and constituted the study population. T1-201 uptake indices on T1-201 brain SPECT imaging rrere calculated and correlated with histopathological diagnosis. Of 20 patients, 15 were histopathologically confirmed as recurrent original tumor or malignant transformation of benign tumor and 5 were diagnosed as radiation necrosis. On T1-201 SPECT, 18 of 20 had T1-201 index above 2.5 which was regarded as positive indicator for the presence of tumor. Seventeen cases showed concordance, which consisted of 15 true positive and 2 true negative. Discordant 3 cases were all false positive. There was no case of false negative. The sensitivity, specificity, positive and negative predictive value of T1-201 SPECT were 100%, 40%, 83% and 100%. In conclusion, T1-201 brain SPECT is a sensitive diagnostic test in the detection of recurrent tumor following radiation therapy and is useful in the differentiation of recurrent tumor from radiation necrosis. Relatively low specificity should be evaluated further in larger number of patients in consideration of sampling error and referral bias for pathologic examination.