• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.6
• /
• pp.104-113
• /
• 2011

While converging USN Services, a single physical infrastructure can be used in several services and in several physical infrastructures can make up a single service. Therefore the physical infrastructure and service have to manage separately for effective convergence of USN Services. However, established Identification Scheme is not suitable to distinguish various services that USN provides. This paper suggests USN Service Identification Scheme that can be separated and managed. Through USN Service Identification Scheme suggested, firstly, it is possible to obtain Service Identification Scheme utilizing various technology such as RFID TAG, QR Code, radio broadcasting, etc. because it is possible to process USN Service Identification Scheme. Secondly, it is easy to mange the service, develope the user application program and interlock with established USN Standard technique as view from service provider. Thirdly, it is possible to manage systematically USN Service. Fourthly, users can search USN Service easily, so it can contribute actively for invigoration of USN service. This thesis, firstly, has analyzed about standard related USN Service and USN Identification Scheme. Secondly, this has suggested brand-new USN Service Identification Scheme based on established USN Identification Scheme.

• Journal of Internet Computing and Services
• /
• v.12 no.1
• /
• pp.55-70
• /
• 2011

In this paper, we propose a policy-driven RFID data management event definition language, which is possibly applicable as a partial standard for SSI (Software System Infrastructure) Part 4 (Application Interface, 24791-4) defined by ISO/IEC JTC 1/SC 31/WG 4 (RFID for Item Management). The SSI's RFID application interface part is originally defined for providing a unified interface of the RFID middleware functionality―data management, device management, device interface and security functions. However, the current specifications are too circumstantial to be understood by the application developers who used to lack the professional and technological backgrounds of the RFID middleware functionality. As an impeccable solution, we use the concept of event-constraint policy that is not only representing semantic contents of RFID domains but also providing transparencies with higher level abstractions to RFID applications, and that is able to provide a means of specifying event-constraints for filtering a huge number of raw data caught from the associated RF readers. Conclusively, we try to embody the proposed concept by newly defining an XML-based RFID event policy definition language, which is abbreviated to rXPDL. Additionally, we expect that the specification of rXPDL proposed in the paper becomes a technological basis for the domestic as well as the international standards that are able to be extensively applied to RFID and ubiquitous sensor networks.

• Journal of Intelligence and Information Systems
• /
• v.17 no.4
• /
• pp.157-173
• /
• 2011

As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. This means the fatal damage can be caused by these intrusions in the government agency, public office, and company operating various systems. For such reasons, there are growing interests and demand about the intrusion detection systems (IDS)-the security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. The intrusion detection models that have been applied in conventional IDS are generally designed by modeling the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. These kinds of intrusion detection models perform well under the normal situations. However, they show poor performance when they meet a new or unknown pattern of the network attacks. For this reason, several recent studies try to adopt various artificial intelligence techniques, which can proactively respond to the unknown threats. Especially, artificial neural networks (ANNs) have popularly been applied in the prior studies because of its superior prediction accuracy. However, ANNs have some intrinsic limitations such as the risk of overfitting, the requirement of the large sample size, and the lack of understanding the prediction process (i.e. black box theory). As a result, the most recent studies on IDS have started to adopt support vector machine (SVM), the classification technique that is more stable and powerful compared to ANNs. SVM is known as a relatively high predictive power and generalization capability. Under this background, this study proposes a novel intelligent intrusion detection model that uses SVM as the classification model in order to improve the predictive ability of IDS. Also, our model is designed to consider the asymmetric error cost by optimizing the classification threshold. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, when considering total cost of misclassification in IDS, it is more reasonable to assign heavier weights on FNE rather than FPE. Therefore, we designed our proposed intrusion detection model to optimize the classification threshold in order to minimize the total misclassification cost. In this case, conventional SVM cannot be applied because it is designed to generate discrete output (i.e. a class). To resolve this problem, we used the revised SVM technique proposed by Platt(2000), which is able to generate the probability estimate. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 1,000 samples from them by using random sampling method. In addition, the SVM model was compared with the logistic regression (LOGIT), decision trees (DT), and ANN to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell 4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on SVM outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that our model reduced the total misclassification cost compared to the ANN-based intrusion detection model. As a result, it is expected that the intrusion detection model proposed in this paper would not only enhance the performance of IDS, but also lead to better management of FNE.