• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.3
• /
• pp.428-451
• /
• 2010

Traffic matrix-based anomaly detection and DDoS attacks detection in networks are research focus in the network security and traffic measurement community. In this paper, firstly, a new type of unidirectional flow called IF flow is proposed. Merits and features of IF flows are analyzed in detail and then two efficient methods are introduced in our DDoS attacks detection and evaluation scheme. The first method uses residual variance ratio to detect DDoS attacks after Recursive Least Square (RLS) filter is applied to predict IF flows. The second method uses generalized likelihood ratio (GLR) statistical test to detect DDoS attacks after a Kalman filter is applied to estimate IF flows. Based on the two complementary methods, an evaluation formula is proposed to assess the seriousness of current DDoS attacks on router ports. Furthermore, the sensitivity of three types of traffic (IF flow, input link and output link) to DDoS attacks is analyzed and compared. Experiments show that IF flow has more power to expose anomaly than the other two types of traffic. Finally, two proposed methods are compared in terms of detection rate, processing speed, etc., and also compared in detail with Principal Component Analysis (PCA) and Cumulative Sum (CUSUM) methods. The results demonstrate that adaptive filter methods have higher detection rate, lower false alarm rate and smaller detection lag time.

• Annals of Clinical Neurophysiology
• /
• v.10 no.2
• /
• pp.104-108
• /
• 2008

Background: The compression of 7th cranial nerve by arteries is one of the various causes of hemifacial spasm (HFS). A few previous studies were revealed the relation between the compression of 7th cranial nerve and common trunk anomaly. We evaluated the common trunk anomalies in patients with HFS using MRI and MRA. Methods: From January 2001 to December 2005, 41 consecutive patients (9 men, mean age $54.5{\pm}12.6$) with HFS underwent MRI and MRA. T2 axial images and time-of-flight angiographies were reviewed for identification of the compression at root exit zone by two neuroradiologists and one neurologist. Results: Thirty-seven patients showed neurovascular compression on the lesion side. Twenty patients of them were shown the compression of 7th cranial nerve by anterior inferior cerebellar artery (AICA), and seventeen patients of them were shown the compression by posterior inferior cerebellar artery (PICA). Twenty-four patients of the thirty-seven patients had common trunk anomaly. In control, twelve of twenty-one subjects had common trunk anomaly, that the frequencies of common trunk anomaly of two groups were 58.8% in HFS and 57.1% in controls. In the twenty-four patients with common trunk anomaly, eighteen patients had dominant-AICA, and six patients had dominant-PICA. The rate of nerve compression by common trunk anomaly in the HFS with unilateral common trunk, dominant-AICA was 76.5% and dominant-PICA was 100%. Conclusions: This study also revealed that AICA was most common compressive artery. There was no difference between the HFS groups and control groups in frequency of common trunk anomaly. Thus, we could not demonstrate the relationship between common trunk anomaly and HFS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.279-286
• /
• 2013

The recent power shortages due to surge in demand for electricity highlights the importance of smart grid technologies for efficient use of power. The experimental content for vulnerability against availability of smart meter, an essential component in smart grid networks, has been reported. Designing availability protection mechanism to boost the realization possibilities of the secure smart grid is essential. In this paper, we propose a mechanism to detect the availability infringement attack for smart meter and also to find anomaly nodes through analyzing smart grid structure and traffic patterns. The proposed detection mechanism uses approximate entropy technique to decrease the detection load and increase the detection rate with few samples and utilizes the signal information(CIR or RSSI, etc.) that the anomaly node can not be changed to find the anomaly nodes. Finally simulation results of proposed method show that the detection performance and the feasibility.

• The Journal of Society for e-Business Studies
• /
• v.27 no.1
• /
• pp.1-13
• /
• 2022

With the development of network technologies, the security to protect organizational resources from internal and external intrusions and threats becomes more important. Therefore in recent years, the anomaly detection algorithm that detects and prevents security threats with respect to various security log events has been actively studied. Security anomaly detection algorithms that have been developed based on rule-based or statistical learning in the past are gradually evolving into modeling based on machine learning and deep learning. In this study, we propose a deep-autoencoder model that transforms LSTM-autoencoder as an optimal algorithm to detect insider threats in advance using various machine learning analysis methodologies. This study has academic significance in that it improved the possibility of adaptive security through the development of an anomaly detection algorithm based on unsupervised learning, and reduced the false positive rate compared to the existing algorithm through supervised true positive labeling.

• Clinical and Experimental Reproductive Medicine
• /
• v.13 no.1
• /
• pp.59-65
• /
• 1986

This study was undertaken to demonstrate the relationship between oligomenorrhea/amenorrhea and minor mullerian anomalies. Hysterosalpingograms were taken in total 139 patients including 62 infertile patients with normal menstrual intrerval, 47 infertile patients with oligomenorrhea or amenorrhea and 30 tubal reanastomosis candidates with normal menstrual interval. The results were summarized as follows: 1. In unselected infertile patients, the occurrence rate of minor mullerian anomalies was 38%. 2. The occurrence rate of oligomenorrhea/amenorrhea in infertile patients with minor mullerian anomaly was significantly higher than that of infertile patients with normal uterus and the reverse was the ( ) result. 3. There was no significant difference in the occurrence rate of minor mullerian anomalies between infertile patients and tubal reanastomosis candidates with normal menstrual interval. 4. There was no immediate relationship between the degree of fundal anomaly and the duration of the menstrual intervals and/or the duration of the oligomenorrhea or amenorrhea.

• Journal of Chest Surgery
• /
• v.11 no.2
• /
• pp.213-226
• /
• 1978

One hundred cases of open heart surgery were done at this Department in 1977. There were 65 congenital anomaly and 35 acquired diseases. Out of 65 cases of congenital malformation 35 acyanotic and 30 cyanotic cases were found. Fifteen cases of ventricular septal defect and 29 tetralogy of Fallot were noted eight patients expired out of 65 congenital anomaly [12.3%] , 4 out of 35 acyanotic [11. 4%] and 4 among 30 cyanotic anomaly[13.3%]. Among 35 cases of acquired heart disease 3 atrial myxoma [2 left and one right] and 32 valvular lesions were noted. In two cases open mitral commissurotomy, and in 30 valve replacement were done. Twenty-two single valve and 8 double valve replacement were done. Seven patients expired out of 30 patients [23.3%]. Among 22 single valve replacement cases 2 and among 8 double valve 5 died. ~ In eighteen mitral valve replacement cases 2 deaths occurred. One mitral insufficiency patient who expired suffered from severe pulmonary` hypertension [PA=120/67mmHg], tricuspid insufficiency and a large ventricular septal defect. The patient underwent mitral valve replacement, tricuspid annuloplasty and patch closure of ventricular septal defect. Over all mortality rate for 100 open heart surgery cases was 15%. Since 1977 open heart surgery cases were done routinely in this institution and cases are increasing rapidly. With present rapid improvement of economical status and introduction of medical insurance system, open heart surgery will be firmly established in Korea in the very near future.

• Advances in pediatric surgery
• /
• v.7 no.1
• /
• pp.7-14
• /
• 2001

Congenital anomalies of the head and neck region such as preauricular sinus and skin tag, thyroglossal duct cyst, branchial anomaly, cystic hygroma and dermoid cyst are common in pediatric population. It is important for pediatricians and pediatric surgeons to be familiar with the embryology and the anatomical characteristic of these lesions in order to diagnose and treat them properly. Three hundred and nineteen patients with congenital head and neck anomalies treated at Hanyang University Hospital between 1980 and 1999 were reviewed to determine the relative frequency of the anomalies and to analyze the method of management. Eight-four (25.1 %) of 335 lesions were preauricular sinus and skin tag, 81 (24.2 %) were thyroglossal duct cyst, 81 (24.2 %) branchial anomaly, 58 (17.3 %) cystic hygroma and 31 were (9.2 %) dermoid cyst. The male-to-female ratio was 1.4:1. Thyroglossal duct cyst most commonly present at 3-5years, however branchial anomalies commonly are diagnosed in children younger than 1 year. Preauricular sinus showed familial tendency in three patients and was bilateral is 33.8 %. Most head and neck anomalies in children have specific clinical and anatomical characterics. A careful history and physical examination is very useful for diagnosis and proper management. Experienced pediatric surgeons should do the initial surgery since the recurrence rate after incomplete surgical excision can be high.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.5
• /
• pp.33-40
• /
• 2012

In this paper we propose an anomaly detection scheme to detect new attack paths or new attack methods without false positives by monitoring HTTP Outbound Traffic after efficient training. Our proposed scheme detects web-based attacks by comparing tags or javascripts of HTTP Outbound Traffic with normal behavioral models which apply HMM(Hidden Markov Model). Through the verification analysis under the real-attacked environment, we show that our scheme has superior detection capability of 0.0001% false positive and 96% detection rate.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.8 no.4
• /
• pp.316-321
• /
• 2008

Advanced computer network technology enables computers to be connected in an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, which makes it vulnerable to previously unidentified attack patterns and variations in attack and increases false negatives. Intrusion detection and analysis technologies are thus required. This paper investigates the asymmetric costs of false errors to enhance the performances the detection systems. The proposed method utilizes the network model to consider the cost ratio of false errors. By comparing false positive errors with false negative errors, this scheme achieved better performance on the view point of both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of anomaly traffic detection is enhanced by considering the costs of false errors.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.4
• /
• pp.811-817
• /
• 2009

The rapid growth of network based IT systems has resulted in continuous research of security issues. Probe intrusion detection is an area of increasing concerns in the internet community. Recently, a number of probe intrusion detection schemes have been proposed based on various technologies. However, the techniques, which have been applied in many systems, are useful only for the existing patterns of probe intrusion. They can not detect new patterns of probe intrusion. Therefore, it is necessary to develop a new Probe Intrusion Detection technology that can find new patterns of probe intrusion. In this paper, we proposed a new network based probe intrusion detector(NePID) using anomaly traffic analysis and fuzzy cognitive maps that can detect intrusion by the denial of services attack detection method utilizing the packet analyses. The probe intrusion detection using fuzzy cognitive maps capture and analyze the packet information to detect syn flooding attack. Using the result of the analysis of decision module, which adopts the fuzzy cognitive maps, the decision module measures the degree of risk of denial of service attack and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.094% and the max-average false negative rate of 2.936%. The true positive error rate of the NePID is similar to that of Bernhard's true positive error rate.