• Journal of Korean Society of Transportation
• /
• v.22 no.6
• /
• pp.175-196
• /
• 2004

This study focuses on improving the performance of freeway incident detection by introducing some new measures to reduce false alarms in developing a new incident detection model. The model consists of the 5 major components through which a series of decision makings in determining the given traffic flow condition are made. The decision making process was designed such that the causes of traffic congestions can be accurately classified into several types including incidents and bottlenecks according to their unique characteristics. The model performance was tested and found to be compatible with that of the existing well-recognized models in terms of the detection rate and detection time. It should noted that the model produced much less false alarms than most of the existing models. The study results prove that the initial objective of the study was satisfied as it was an experimental trial to improve the false alarm rate for the incident detection model to be more pactically usable for traffic management purposes.

• 한국정보통신설비학회:학술대회논문집
• /
• 2009.08a
• /
• pp.127-130
• /
• 2009

We propose a method for detecting DDoS (Distributed Denial of Service) traffic in real-time inside the backbone network. For this purpose, we borrow the concepts of MACD (Moving Average Convergence Divergence) and RoC (Rate of Change), which are used for technical analysis in the stock market Due to the fact that the method is based on a quantitative, rather than a heuristic, detection level, DDoS traffic can be detected with greater accuracy (by reducing the false alarm ratio). Through simulation results, we show how the detection level is determined and demonstrate how much the accuracy of detection is enhanced.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2007.11a
• /
• pp.357-361
• /
• 2007

비정상 트래픽 제어 프레임워크에 적용된 비정상 트래픽 제어 기술은 침입, 분산서비스거부 공격, 포트스캔 공격과 같은 비정상 행위의 트래픽을 제어하는 공격 대응 방법이다. 이 대응 방법은 비정상 행위에 대한 true-false 방식의 공격 대응 방법이 가지는 높은 오탐율(false-positive rate)을 낮출 수 있다는 장점이 있지만, 공격 지속시간에만 의존하여 비정상 트래픽을 판단하기 때문에, 공격에 대한 신속한 대응을 하지 못한다는 한계를 가지고 있다. 이에 본 논문에서는 비정상 트래픽 제어 프레임워크에 퍼지 로직을 적용하여 신속한 공격 대응이 가능한 포트스캔 공격 탐지 기법을 제안한다.

• Journal of Korean Society of Transportation
• /
• v.26 no.4
• /
• pp.229-239
• /
• 2008

Most algorithms for detecting incidents have been developed under the premise that congestion must happen whenever an incident occurs. For that reason, the performance of these algorithms could not be guaranteed in cases where congestion did not happen due to traffic operations with low flows despite the occurrence of an incident. The objective of this paper is to develop an automatic incident detection algorithm using a new diagram that can reliably detect the incident under various conditions of traffic operations including a low volume state. Compared with the McMaster Algorithm, the proposed algorithm in this paper was evaluated with three different cases in which the incidents occur in traffic operations with a low volume state, a relatively high volume state, and a recurrent congestion state. It is shown that the new algorithm has a capability to identify the flow characteristics of incidents for all the three cases and is much better than McMaster algorithm in terms of detection rate and false alarm rate.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.31 no.5D
• /
• pp.623-631
• /
• 2011

In this study, a new method which can detect incidents in interrupted traffic flow was suggested. The applied method of detecting the incident is the Latin Square Analysis Method by using traffic traits. In the Latin Square Analysis, unlike other previously tried methods, the traffic situation was analyzed, this time considering the changes in traffic traits for each lane and for each time period. The data used in this study were the data observed in the actual field with fine weather. The traffic volumes, the vehicle speed and the occupancy rate were collected on the interrupted flow road. The data were collected in normal and incident situations. The incidents occurred on the second lane, the time of persistent incidents was set to 10 minutes. The Latin Square Analyses were performed using the collected data with the traffic volume, with the vehicle speed or with the occupancy rate. As a result in this study, in case of detecting the traffic situations with Latin Square Analysis, it will be more successful to apply traffic volume to detect the traffic situations than to apply other factors.

• Journal of Korean Society of Transportation
• /
• v.22 no.6
• /
• pp.77-88
• /
• 2004

This study aims at developing the model that is able to detect the compression wave, which is included as a similar situation in incidents, that causes false applicable to the similar character such as incidents in the incident detection model for expressways. In this study, it has been checked whether the number of false alarms is decreased or not by modularizing this model for being able to applicable to other models such as DES and DELOS, etc. which do not perform the compression wave test based on the compression wave test process of APID model which has been being used in the expressway traffic management system currently. The evaluation in this study focuses on the sensitivity of the model and the results analysis is performed classified by each polling cycle. And how well these models are working is evaluated by each polling cycle. In addition to this, the detection rate, the false alarm rate and the average detection time in both the existing models and the model in this study are calcuated. As a result of appling the model in this study, it is found that the false alarm rate is improved through the reasonable decrease in the number of false alarm frequencies and there are not remarkable changes concerning the detection rate and the average detection time. To sum up, it is expected that a good number of improvement effects will be occurred when this model is applied to the actual expressway traffic management system.

• Journal of Advanced Navigation Technology
• /
• v.17 no.1
• /
• pp.90-97
• /
• 2013

Recently, intelligent transportation system based on image processing has been developed. In this paper, we propose a collision detection algorithm based on the analysis of motion vectors and the staying periods of vehicles in intersections. Objects in the region of interest are extracted from the subtraction image between background images based on Gaussian mixture model and input images. Collisions and traffic jams are detected by analysing measured motion vectors of vehicles and their staying periods in intersections. Experiments are performed on video sequences actually recoded at intersections. Correct detection rate and false alarm rate are 85.7% and 7.7%, respectively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.3
• /
• pp.428-451
• /
• 2010

Traffic matrix-based anomaly detection and DDoS attacks detection in networks are research focus in the network security and traffic measurement community. In this paper, firstly, a new type of unidirectional flow called IF flow is proposed. Merits and features of IF flows are analyzed in detail and then two efficient methods are introduced in our DDoS attacks detection and evaluation scheme. The first method uses residual variance ratio to detect DDoS attacks after Recursive Least Square (RLS) filter is applied to predict IF flows. The second method uses generalized likelihood ratio (GLR) statistical test to detect DDoS attacks after a Kalman filter is applied to estimate IF flows. Based on the two complementary methods, an evaluation formula is proposed to assess the seriousness of current DDoS attacks on router ports. Furthermore, the sensitivity of three types of traffic (IF flow, input link and output link) to DDoS attacks is analyzed and compared. Experiments show that IF flow has more power to expose anomaly than the other two types of traffic. Finally, two proposed methods are compared in terms of detection rate, processing speed, etc., and also compared in detail with Principal Component Analysis (PCA) and Cumulative Sum (CUSUM) methods. The results demonstrate that adaptive filter methods have higher detection rate, lower false alarm rate and smaller detection lag time.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.4
• /
• pp.811-817
• /
• 2009

The rapid growth of network based IT systems has resulted in continuous research of security issues. Probe intrusion detection is an area of increasing concerns in the internet community. Recently, a number of probe intrusion detection schemes have been proposed based on various technologies. However, the techniques, which have been applied in many systems, are useful only for the existing patterns of probe intrusion. They can not detect new patterns of probe intrusion. Therefore, it is necessary to develop a new Probe Intrusion Detection technology that can find new patterns of probe intrusion. In this paper, we proposed a new network based probe intrusion detector(NePID) using anomaly traffic analysis and fuzzy cognitive maps that can detect intrusion by the denial of services attack detection method utilizing the packet analyses. The probe intrusion detection using fuzzy cognitive maps capture and analyze the packet information to detect syn flooding attack. Using the result of the analysis of decision module, which adopts the fuzzy cognitive maps, the decision module measures the degree of risk of denial of service attack and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.094% and the max-average false negative rate of 2.936%. The true positive error rate of the NePID is similar to that of Bernhard's true positive error rate.

• KIPS Transactions on Software and Data Engineering
• /
• v.5 no.11
• /
• pp.511-520
• /
• 2016

Automatic License Plate Detection (ALPD) is a key technology for a efficient traffic control. It is used to improve work efficiency in many applications such as toll payment systems and parking and traffic management. Until recently, the hand-crafted features made for image processing are used to detect license plates in most studies. It has the advantage in speed. but can degrade the detection rate with respect to various environmental changes. In this paper, we propose a way to utilize a Faster Region based Convolutional Neural Networks (Faster R-CNN) and a Conventional Convolutional Neural Networks (CNN), which improves the computational speed and is robust against changed environments. The module based on Faster R-CNN is used to detect license plate candidate regions from images and is followed by the module based on CNN to remove False Positives from the candidates. As a result, we achieved a detection rate of 99.94% from images captured under various environments. In addition, the average operating speed is 80ms/image. We implemented a fast and robust Real-Time License Plate Detection System.