• Journal of Korea Multimedia Society
• /
• v.20 no.11
• /
• pp.1759-1767
• /
• 2017

Although Open API has been invigorated by advancements in the software industry, diverse types of malicious code have also increased. Thus, many studies have been carried out to discriminate the behaviors of malicious code based on API data, and to determine whether malicious code is included in a specific executable file. Existing methods detect malicious code by analyzing signature data, which requires a long time to detect mutated malicious code and has a high false detection rate. Accordingly, in this paper, we propose a method that analyzes and detects malicious code using association rule mining and an Naive Bayes classification. The proposed method reduces the false detection rate by mining the rules of malicious and normal code APIs in the PE file and grouping patterns using the DHP(Direct Hashing and Pruning) algorithm, and classifies malicious and normal files using the Naive Bayes.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.17 no.2
• /
• pp.160-166
• /
• 2007

When a mail was given to users, each user's response could be different according to his or her preference. This paper presents a solution for this situation by constructing a user preferred ontology for anti-spam systems. To define an ontology for describing user behaviors, we applied associative classification mining to study preference information of users and their responses to emails. Generated classification rules can be represented in a formal ontology language. A user preferred ontology can explain why mail is decided to be spam or ron-spam in a meaningful way. We also suggest a new rule optimization procedure inspired from logic synthesis to improve comprehensibility and exclude redundant rules.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.17 no.3
• /
• pp.310-315
• /
• 2007

When a mail was given to users, each user's response could be different according to his or her preference. This paper presents a solution for this situation by constructing a u!;or preferred ontology for anti-spam systems. To define an ontology for describing user behaviors, we applied associative classification mining to study preference information of users and their responses to emails. Generated classification rules can be represented in a formal ontology language. A user preferred ontology can explain why mail is decided to be spam or non-spam in a meaningful way. We also suggest a nor rule optimization procedure inspired from logic synthesis to improve comprehensibility and exclude redundant rules.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 1999.10a
• /
• pp.131-137
• /
• 1999

전문가시스템 개발에 있어서 지식획득 병목현상(knowledge acquisition bottleneck)은 해결해야 할 큰 걸림돌중 하나이다. 지식획득을 위한 여러 과정을 단순화하고 자동화함으로 지식공학자의 작업을 최소화하면서 전문지식을 쉽고 빠르게 획득할 수 있도록 지식획득시스템을 설계·구현한다면 전문가시스템의 대중화는 지금보다 쉽게 이루어질 것이다. 본 연구는 지식 획득시스템 설계와 구현을 위한 연구의 일환으로 기계학습의 한 방법인 PIPPER(Repeated Incremental Pruning to Produce Error Reduction)를 이용하여 규칙을 생성하고 생성된 규칙을 JESS(Justification based Expert System Shell)에서 처리하도록 하였다. 규칙을 생성하기 위한 데이터는 Bohanec이 1997년도에 만든 자동차 평가 데이터베이스(Car Evaluation Database)를 사용하여 실험하였으며, 1700여 개의 레코드에서 약 40개의 규칙이 생성되었고, 생성된 규칙은 지식베이스의 정당성을 위반하지 않으면서 실행되었다.

• Proceedings of the Korean Society for Cognitive Science Conference
• /
• 2000.06a
• /
• pp.103-109
• /
• 2000

본 논문은 효율적인 한국어 구문분석을 위해 먼저 구묶음 분석(Chunking) 과정을 적용할 것을 제안한다. 한국어는 어순이 자유롭지만 명사구와 동사구에서는 규칙적인 어순을 발견할 수 있으므로, 규칙을 이용한 구묶음(Chunking) 과정의 적용이 가능하다. 하지만, 규칙만으로는 명사구와 동사구의 묶음에 한계가 있으므로 실험 말뭉치에서 어휘 정보를 찾아내어 구묶음 과정(Chunking)에 적용한다. 기존의 구문분석 방법은 구구조문법과 의존문법에 기반한 것이 대부분인데, 이러한 구문분석은 다양한 결과들이 분석되는 동안 많은 시간이 소요되며 이 중 잘못된 분석 결과를 가려서 삭제하기(pruning)도 어렵다. 따라서 본 논문에서 제시한 구묶음(Chunking) 과정을 적용함으로써, 잘못된 구문분석 결과를 미연에 방지하고 의존문법을 적용한 구문분석에 있어서 의존관계의 설정 범위(scope)도 제한할 수 있다.

• Annual Conference on Human and Language Technology
• /
• 2000.10d
• /
• pp.103-109
• /
• 2000

본 논문은 효율적인 한국어 구문분석을 위해 먼저 구묶음 분석(Chunking) 과정을 적용할 것을 제안한다. 한국어는 어순이 자유롭지만 명사구와 동사구에서는 규칙적인 어순을 발견할 수 있으므로, 규칙을 이용한 구묶음(Chunking) 과정의 적용이 가능하다 하지만, 규칙만으로는 명사구와 동사구의 묶음에 한계가 있으므로 실험 말뭉치에서 어휘 정보를 찾아내어 구묶음 과정(Chunking)에 적용한다. 기존의 구문분석 방법은 구구조문법과 의존문법에 기반한 것이 대부분인데, 이러한 구문분석은 다양한 결과들이 분석되는 동안 많은 시간이 소요되며 이 중 잘못된 분석 결과를 가려서 삭제하기(pruning)도 어렵다. 따라서 본 논문에서 제시한 구묶음(Chunking) 과정을 적용함으로써, 잘못된 구문분석 결과를 미연에 방지하고 의존문법을 적용한 구문분석에 있어서 의존관계의 설정 범위(scope)도 제한할 수 있다.

• Journal of KIBIM
• /
• v.6 no.2
• /
• pp.29-38
• /
• 2016

Road bridges are deteriorating gradually, and it is forecasted that the number of road bridges aging over 30 years will increase by more than 3 times of the current number. To maintain road bridges in a safe condition, current safety conditions of the bridges must be estimated for repair or reinforcement. However, budget and professional manpower required to perform in-depth inspections of road bridges are limited. This study proposes an estimation model for safety rating of road bridges by analyzing the data from Facility Management System (FMS) and Yearbook of Road Bridges and Tunnel. These data include basic specifications, year of completion, traffic, safety rating, and others. The distribution of safety rating was imbalanced, indicating 91% of road bridges have safety ratings of A or B. To improve classification performance, five safety ratings were integrated into two classes of G (good, A and B) and P (poor ratings under C). This rearrangement was set because facilities with ratings under C are required to be repaired or reinforced to recover their original functionality. 70% of the original data were used as training data, while the other 30% were used for validation. Data of class P in the training data were oversampled by 3 times, and Repeated Incremental Pruning to Produce Error Reduction (RIPPER) algorithm was used to develop the estimation model. The results of estimation model showed overall accuracy of 84.8%, true positive rate of 67.3%, and 29 classification rule. Year of completion was identified as the most critical factor on affecting lower safety ratings of bridges.

• Journal of the Korean Data and Information Science Society
• /
• v.24 no.2
• /
• pp.267-275
• /
• 2013

Among data mining techniques, the association rule is the most recently developed technique, and it finds the relevance between two items in a large database. And it is directly applied in the field because it clearly quantifies the relationship between two or more items. When we determine whether an association rule is meaningful, we utilize interestingness measures such as support, confidence, and lift. Interestingness measures are meaningful in that it shows the causes for pruning uninteresting rules statistically or logically. But the criteria of these measures are chosen by experiences, and the number of useful rules is hard to estimate. If too many rules are generated, we cannot effectively extract the useful rules.In this paper, we designed a variety of non-linear regression equations considering all association thresholds between the number of rules and three interestingness measures. And then we diagnosed multi-collinearity and autocorrelation problems, and used analysis of variance results and adjusted coefficients of determination for the best model through numerical experiments.

• Journal of KIISE:Databases
• /
• v.35 no.3
• /
• pp.199-207
• /
• 2008

The FP-tree(Frequency Pattern Tree) mining association rules algorithm was proposed to improve mining performance by reducing DB scan overhead dramatically, and it is recognized that the performance of it is better than that of any other algorithms based on different approaches. But the FP-tree algorithm needs a few more memory because it has to store all transactions including frequent itemsets of the DB. This paper implements a FP-tree algorithm on a general purpose UNK system and compares it with the DHP(Direct Hashing and Pruning) algorithm which uses hash tree and direct hash table from the point of memory usage and execution time. The results show surprisingly that the FP-tree algorithm is poor than the DHP algorithm in some cases even if the system memory is sufficient for the FP-tree. The characteristics of the test data are as follows. The site of DB is look, the number of total items is $1K{\sim}7K$, avenrage length of transactions is $5{\sim}10$, avergage size of maximal frequent itemsets is $2{\sim}12$(these are typical attributes of data for large-scale convenience stores).

• Journal of KIISE:Software and Applications
• /
• v.34 no.6
• /
• pp.519-529
• /
• 2007

In this paper, we investigate the use of fuzzy rules for efficient intrusion detection. We use evolutionary algorithm to optimize the set of fuzzy rules for intrusion detection by constructing fuzzy decision trees. For efficient execution of evolutionary algorithm we use supervised clustering to generate an initial set of membership functions for fuzzy rules. In our method both performance and complexity of fuzzy rules (or fuzzy decision trees) are taken into account in fitness evaluation. We also use evaluation with data partition, membership degree caching and zero-pruning to reduce time for construction and evaluation of fuzzy decision trees. For performance evaluation, we experimented with our method over the intrusion detection data of KDD'99 Cup, and confirmed that our method outperformed the existing methods. Compared with the KDD'99 Cup winner, the accuracy was increased by 1.54% while the cost was reduced by 20.8%.