• Title/Summary/Keyword: multi-class classification model

Search Result 108, Processing Time 0.019 seconds

Intrusion Detection System based on Packet Payload Analysis using Transformer

  • Woo-Seung Park;Gun-Nam Kim;Soo-Jin Lee
    • Journal of the Korea Society of Computer and Information
    • /
    • v.28 no.11
    • /
    • pp.81-87
    • /
    • 2023
  • Intrusion detection systems that learn metadata of network packets have been proposed recently. However these approaches require time to analyze packets to generate metadata for model learning, and time to pre-process metadata before learning. In addition, models that have learned specific metadata cannot detect intrusion by using original packets flowing into the network as they are. To address the problem, this paper propose a natural language processing-based intrusion detection system that detects intrusions by learning the packet payload as a single sentence without an additional conversion process. To verify the performance of our approach, we utilized the UNSW-NB15 and Transformer models. First, the PCAP files of the dataset were labeled, and then two Transformer (BERT, DistilBERT) models were trained directly in the form of sentences to analyze the detection performance. The experimental results showed that the binary classification accuracy was 99.03% and 99.05%, respectively, which is similar or superior to the detection performance of the techniques proposed in previous studies. Multi-class classification showed better performance with 86.63% and 86.36%, respectively.

Analysis of Features and Discriminability of Transient Signals for a Shallow Water Ambient Noise Environment (천해 배경잡음 환경에 적합한 과도신호의 특징 및 변별력 분석)

  • Lee, Jaeil;Kang, Youn Joung;Lee, Chong Hyun;Lee, Seung Woo;Bae, Jinho
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.51 no.7
    • /
    • pp.209-220
    • /
    • 2014
  • In this paper, we analyze the discriminability of features for the classification of transient signals with an ambient noise in a shallow water. For the classification of the transient signals, robust features for the variance of a noise are required due to a low SNR under a marine environment. In the modelling the ambient noise in shallow water, theoretical noise model, Wenz's observation data from the shallow water, and Yule-walker filter are used. Discrimination of each feature of the transient signals with an additive ambient noise is analyzed by utilizing a Fisher score. As the analysis of a classification accuracy about the transient signals of 24 classes using the selected features with a high discriminability, the features selected in the environment without a noise relatively have a good classification accuracy. From the analyzed results, we finally select a total 16 features out of 28 features. The recognition using the selected features results in the classification accuracy of 92% in SNR 20dB using Multi-class SVM.

Research on Mining Technology for Explainable Decision Making (설명가능한 의사결정을 위한 마이닝 기술)

  • Kyungyong Chung
    • Journal of the Institute of Convergence Signal Processing
    • /
    • v.24 no.4
    • /
    • pp.186-191
    • /
    • 2023
  • Data processing techniques play a critical role in decision-making, including handling missing and outlier data, prediction, and recommendation models. This requires a clear explanation of the validity, reliability, and accuracy of all processes and results. In addition, it is necessary to solve data problems through explainable models using decision trees, inference, etc., and proceed with model lightweight by considering various types of learning. The multi-layer mining classification method that applies the sixth principle is a method that discovers multidimensional relationships between variables and attributes that occur frequently in transactions after data preprocessing. This explains how to discover significant relationships using mining on transactions and model the data through regression analysis. It develops scalable models and logistic regression models and proposes mining techniques to generate class labels through data cleansing, relevance analysis, data transformation, and data augmentation to make explanatory decisions.

Detection of Abnormal CAN Messages Using Periodicity and Time Series Analysis (CAN 메시지의 주기성과 시계열 분석을 활용한 비정상 탐지 방법)

  • Se-Rin Kim;Ji-Hyun Sung;Beom-Heon Youn;Harksu Cho
    • The Transactions of the Korea Information Processing Society
    • /
    • v.13 no.9
    • /
    • pp.395-403
    • /
    • 2024
  • Recently, with the advancement of technology, the automotive industry has seen an increase in network connectivity. CAN (Controller Area Network) bus technology enables fast and efficient data communication between various electronic devices and systems within a vehicle, providing a platform that integrates and manages a wide range of functions, from core systems to auxiliary features. However, this increased connectivity raises concerns about network security, as external attackers could potentially gain access to the automotive network, taking control of the vehicle or stealing personal information. This paper analyzed abnormal messages occurring in CAN and confirmed that message occurrence periodicity, frequency, and data changes are important factors in the detection of abnormal messages. Through DBC decoding, the specific meanings of CAN messages were interpreted. Based on this, a model for classifying abnormalities was proposed using the GRU model to analyze the periodicity and trend of message occurrences by measuring the difference (residual) between the predicted and actual messages occurring within a certain period as an abnormality metric. Additionally, for multi-class classification of attack techniques on abnormal messages, a Random Forest model was introduced as a multi-classifier using message occurrence frequency, periodicity, and residuals, achieving improved performance. This model achieved a high accuracy of over 99% in detecting abnormal messages and demonstrated superior performance compared to other existing models.

A Deep Learning Approach with Stacking Architecture to Identify Botnet Traffic

  • Kang, Koohong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.26 no.12
    • /
    • pp.123-132
    • /
    • 2021
  • Malicious activities of Botnets are responsible for huge financial losses to Internet Service Providers, companies, governments and even home users. In this paper, we try to confirm the possibility of detecting botnet traffic by applying the deep learning model Convolutional Neural Network (CNN) using the CTU-13 botnet traffic dataset. In particular, we classify three classes, such as the C&C traffic between bots and C&C servers to detect C&C servers, traffic generated by bots other than C&C communication to detect bots, and normal traffic. Performance metrics were presented by accuracy, precision, recall, and F1 score on classifying both known and unknown botnet traffic. Moreover, we propose a stackable botnet detection system that can load modules for each botnet type considering scalability and operability on the real field.

Ensemble of Nested Dichotomies for Activity Recognition Using Accelerometer Data on Smartphone (Ensemble of Nested Dichotomies 기법을 이용한 스마트폰 가속도 센서 데이터 기반의 동작 인지)

  • Ha, Eu Tteum;Kim, Jeongmin;Ryu, Kwang Ryel
    • Journal of Intelligence and Information Systems
    • /
    • v.19 no.4
    • /
    • pp.123-132
    • /
    • 2013
  • As the smartphones are equipped with various sensors such as the accelerometer, GPS, gravity sensor, gyros, ambient light sensor, proximity sensor, and so on, there have been many research works on making use of these sensors to create valuable applications. Human activity recognition is one such application that is motivated by various welfare applications such as the support for the elderly, measurement of calorie consumption, analysis of lifestyles, analysis of exercise patterns, and so on. One of the challenges faced when using the smartphone sensors for activity recognition is that the number of sensors used should be minimized to save the battery power. When the number of sensors used are restricted, it is difficult to realize a highly accurate activity recognizer or a classifier because it is hard to distinguish between subtly different activities relying on only limited information. The difficulty gets especially severe when the number of different activity classes to be distinguished is very large. In this paper, we show that a fairly accurate classifier can be built that can distinguish ten different activities by using only a single sensor data, i.e., the smartphone accelerometer data. The approach that we take to dealing with this ten-class problem is to use the ensemble of nested dichotomy (END) method that transforms a multi-class problem into multiple two-class problems. END builds a committee of binary classifiers in a nested fashion using a binary tree. At the root of the binary tree, the set of all the classes are split into two subsets of classes by using a binary classifier. At a child node of the tree, a subset of classes is again split into two smaller subsets by using another binary classifier. Continuing in this way, we can obtain a binary tree where each leaf node contains a single class. This binary tree can be viewed as a nested dichotomy that can make multi-class predictions. Depending on how a set of classes are split into two subsets at each node, the final tree that we obtain can be different. Since there can be some classes that are correlated, a particular tree may perform better than the others. However, we can hardly identify the best tree without deep domain knowledge. The END method copes with this problem by building multiple dichotomy trees randomly during learning, and then combining the predictions made by each tree during classification. The END method is generally known to perform well even when the base learner is unable to model complex decision boundaries As the base classifier at each node of the dichotomy, we have used another ensemble classifier called the random forest. A random forest is built by repeatedly generating a decision tree each time with a different random subset of features using a bootstrap sample. By combining bagging with random feature subset selection, a random forest enjoys the advantage of having more diverse ensemble members than a simple bagging. As an overall result, our ensemble of nested dichotomy can actually be seen as a committee of committees of decision trees that can deal with a multi-class problem with high accuracy. The ten classes of activities that we distinguish in this paper are 'Sitting', 'Standing', 'Walking', 'Running', 'Walking Uphill', 'Walking Downhill', 'Running Uphill', 'Running Downhill', 'Falling', and 'Hobbling'. The features used for classifying these activities include not only the magnitude of acceleration vector at each time point but also the maximum, the minimum, and the standard deviation of vector magnitude within a time window of the last 2 seconds, etc. For experiments to compare the performance of END with those of other methods, the accelerometer data has been collected at every 0.1 second for 2 minutes for each activity from 5 volunteers. Among these 5,900 ($=5{\times}(60{\times}2-2)/0.1$) data collected for each activity (the data for the first 2 seconds are trashed because they do not have time window data), 4,700 have been used for training and the rest for testing. Although 'Walking Uphill' is often confused with some other similar activities, END has been found to classify all of the ten activities with a fairly high accuracy of 98.4%. On the other hand, the accuracies achieved by a decision tree, a k-nearest neighbor, and a one-versus-rest support vector machine have been observed as 97.6%, 96.5%, and 97.6%, respectively.

Multi-classification of Osteoporosis Grading Stages Using Abdominal Computed Tomography with Clinical Variables : Application of Deep Learning with a Convolutional Neural Network (멀티 모달리티 데이터 활용을 통한 골다공증 단계 다중 분류 시스템 개발: 합성곱 신경망 기반의 딥러닝 적용)

  • Tae Jun Ha;Hee Sang Kim;Seong Uk Kang;DooHee Lee;Woo Jin Kim;Ki Won Moon;Hyun-Soo Choi;Jeong Hyun Kim;Yoon Kim;So Hyeon Bak;Sang Won Park
    • Journal of the Korean Society of Radiology
    • /
    • v.18 no.3
    • /
    • pp.187-201
    • /
    • 2024
  • Osteoporosis is a major health issue globally, often remaining undetected until a fracture occurs. To facilitate early detection, deep learning (DL) models were developed to classify osteoporosis using abdominal computed tomography (CT) scans. This study was conducted using retrospectively collected data from 3,012 contrast-enhanced abdominal CT scans. The DL models developed in this study were constructed for using image data, demographic/clinical information, and multi-modality data, respectively. Patients were categorized into the normal, osteopenia, and osteoporosis groups based on their T-scores, obtained from dual-energy X-ray absorptiometry, into normal, osteopenia, and osteoporosis groups. The models showed high accuracy and effectiveness, with the combined data model performing the best, achieving an area under the receiver operating characteristic curve of 0.94 and an accuracy of 0.80. The image-based model also performed well, while the demographic data model had lower accuracy and effectiveness. In addition, the DL model was interpreted by gradient-weighted class activation mapping (Grad-CAM) to highlight clinically relevant features in the images, revealing the femoral neck as a common site for fractures. The study shows that DL can accurately identify osteoporosis stages from clinical data, indicating the potential of abdominal CT scans in early osteoporosis detection and reducing fracture risks with prompt treatment.

The Optimization of Hybrid BCI Systems based on Blind Source Separation in Single Channel (단일 채널에서 블라인드 음원분리를 통한 하이브리드 BCI시스템 최적화)

  • Yang, Da-Lin;Nguyen, Trung-Hau;Kim, Jong-Jin;Chung, Wan-Young
    • Journal of the Institute of Convergence Signal Processing
    • /
    • v.19 no.1
    • /
    • pp.7-13
    • /
    • 2018
  • In the current study, we proposed an optimized brain-computer interface (BCI) which employed blind source separation (BBS) approach to remove noises. Thus motor imagery (MI) signal and steady state visual evoked potential (SSVEP) signal were easily to be detected due to enhancement in signal-to-noise ratio (SNR). Moreover, a combination between MI and SSVEP which is typically can increase the number of commands being generated in the current BCI. To reduce the computational time as well as to bring the BCI closer to real-world applications, the current system utilizes a single-channel EEG signal. In addition, a convolutional neural network (CNN) was used as the multi-class classification model. We evaluated the performance in term of accuracy between a non-BBS+BCI and BBS+BCI. Results show that the accuracy of the BBS+BCI is achieved $16.15{\pm}5.12%$ higher than that in the non-BBS+BCI by using BBS than non-used on. Overall, the proposed BCI system demonstrate a feasibility to be applied for multi-dimensional control applications with a comparable accuracy.