• 한국통신학회논문지
• /
• 제33권5B호
• /
• pp.304-309
• /
• 2008

본 논문에서는 시계열 예측 모델을 이용하여 웡 또는 바이러스 등과 같은 공격 트래픽에 의해 네트워크상에 발생할 수 있는 트래픽 이상 징후를 탐지할 수 있는 예측 모델 기반 트래픽 이상 징후 탐지 기법을 제안한다. 제안 기법은 비교적 정확한 예측모델로 알려져 있는 ARIMA 모델을 이용하였고 이상 징후 여부를 확률값으로 변화하여 확률 임계값에 따라 이상 징후를 탐지하도록 하여 그 성능을 극대화할 수 있도록 하였다. 이를 위해 제안 기법을 네트워크상에 발생시킨 웜과 같은 비정상 공격 트래픽을 포함한 전체 트래픽과 웹 트래픽에 적용하여 트래픽의 이상 징후를 신뢰성 있는 수준에서 탐지함을 보여주었다. 이 기법을 네트워크 기반의 침입탐지시스템에 적용할 강제 큰 효과 가져올 수 있을 것이다.

• 반도체디스플레이기술학회지
• /
• 제15권2호
• /
• pp.43-48
• /
• 2016

In this paper, we propose a traffic light detection and recognition (TLDR) algorithm in the daytime. The proposed algorithm utilizes the color and shape information for the TLDR. At first, a traffic light is detected and recognized based on its shape information. Then, the color range of the detected traffic light is investigated in HSV color space. The input data of the proposed TLDR algorithm is the color image captured using the black box camera during driving. Our simulations demonstrate that the proposed algorithm can achieve a high detection and recognition performance for the images including traffic lights.

• 한국정보통신학회논문지
• /
• 제25권3호
• /
• pp.449-455
• /
• 2021

본 논문에서는 기존의 웹애플리케이션 모니터링 시스템을 기반으로 한 암호화 웹트랜잭션 공격탐지 시스템을 제안한다. 기존의 웹트래픽 보안 시스템들은 클라이언트와 서버간의 암호화 구간인 네트워크 영역에서 암호화된 패킷을 기반으로 공격을 탐지하고 방어하기 때문에 암호화된 웹트래픽에 대한 공격 탐지가 어려웠지만, 웹애플리케이션 모니터링 시스템의 기술을 활용하게 되면 웹애플리케이션 서버의 메모리 내에서 이미 복호화 되어 있는 정보를 바탕으로 다양한 지능적 사이버 공격에 대한 탐지가 가능해 진다. 또한, 애플리케이션 세션 아이디를 통한 사용자 식별이 가능해지기 때문에 IP 변조 공격, 대량의 웹트랜잭션 호출 사용자, DDoS 공격 등 사용자별 통계기반의 탐지도 가능해 진다. 이와 같이 암호화 웹트래픽에 대한 비 암호화 구간에서의 정보 수집 및 탐지를 통하여 암호화 트래픽에 숨어 있는 다양한 지능적 사이버공격에 대한 대응이 가능할 것으로 사료된다.

• 대한임베디드공학회논문지
• /
• 제18권3호
• /
• pp.125-132
• /
• 2023

Roundabouts have strengths in traffic flow and safety but can present difficulties for inexperienced drivers. Demand to acquire and analyze drone images has increased to enhance a traffic environment allowing drivers to deal with roundabouts easily. In this paper, we propose a roundabout traffic analysis system that detects, tracks, and analyzes vehicles using a deep learning-based object detection model (YOLOv7) in drone images. About 3600 images for object detection model learning and testing were extracted and labeled from 1 hour of drone video. Through training diverse conditions and evaluating the performance of object detection models, we achieved an average precision (AP) of up to 97.2%. In addition, we utilized SORT (Simple Online and Realtime Tracking) and OC-SORT (Observation-Centric SORT), a real-time object tracking algorithm, which resulted in an average MOTA (Multiple Object Tracking Accuracy) of up to 89.2%. By implementing a method for measuring roundabout entry speed, we achieved an accuracy of 94.5%.

• Journal of Communications and Networks
• /
• 제14권3호
• /
• pp.310-318
• /
• 2012

Detecting intrusion attacks accurately and rapidly in wireless networks is one of the most challenging security problems. Intrusion attacks of various types can be detected by the change in traffic flow that they induce. Wireless industrial networks based on the wireless networks for industrial automation-process automation (WIA-PA) standard use a superframe to schedule network communications. We propose an intrusion detection system for WIA-PA networks. After modeling and analyzing traffic flow data by time-sequence techniques, we propose a data traffic prediction model based on autoregressive moving average (ARMA) using the time series data. The model can quickly and precisely predict network traffic. We initialized the model with data traffic measurements taken by a 16-channel analyzer. Test results show that our scheme can effectively detect intrusion attacks, improve the overall network performance, and prolong the network lifetime.

• 한국콘텐츠학회:학술대회논문집
• /
• 한국콘텐츠학회 2004년도 춘계 종합학술대회 논문집
• /
• pp.273-277
• /
• 2004

본 논문에서는 최근에 빈번하게 발생하는 트래픽 폭주 공격에 대해 대응하기 위하여 기존의 SNMP를 이용하는 트래픽 폭주공격 탐지방법을 향상시키기 위해 임계값 $\varepsilon$와 임계값 $\theta$을 사용하였다. 임계치에 따라서 트래픽 분석을 실행시킴으로써 시스템 자원을 보다 효율적으로 이용하기 위한 방법을 제시하였다.

• 정보보호학회논문지
• /
• 제14권4호
• /
• pp.111-121
• /
• 2004

인터넷의 급속한 발달과 더불어 네트워크 환경에서의 침입은 빠르게 증가하고 있으며, 그 피해 또한 급격히 증가하고 있다. 최근의 인터넷 공격은 특정 호스트나 네트워크에 대한 피해를 초래할 뿐만 아니라, 네트워크 전반의 성능저하를 유발한다. 기존의 침입 탐지 시스템은 각 지역망 및 특정한 대상 시스템을 보호하기 위한 솔루션들로, 기간망 수준의 실시간 공격 탐지에 적용하기 힘든 문제점을 가지고 있다. 본 논문에서는 네트워크 수준의 실시간 공격탐지를 위하여 각 포트별 트래픽을 대상으로 지수평활법을 적용하는 광대역 네트워크 침입 탐지 기법 제안하였다. 8일간의 기간망의 트래픽 데이터를 대상으로 한 실험에서, 제안한 기법은 공격으로 추정되는 급격한 트래픽의 증가를 적절히 탐지함을 보여주었다.

• 해양환경안전학회:학술대회논문집
• /
• 해양환경안전학회 2006년도 춘계학술발표회
• /
• pp.41-45
• /
• 2006

From the 1978 Seasat synthetic aperture radar(SAR) to present systems, spaceborne SAR has demonstrated the capability to image the Earth's ocean and land features over broad areas, day and night, and under most weather conditions. The application of SAR for surveillance of commercial fishing grounds can did in the detection of illegal fishing activities and provides more efficient use cf limited aircraft or patron craft resources. In the area of vessel traffic monitoring for commercial vessels, Vessel Traffic Service (VTS) which uses the ground-based radar system has some difficulties in detecting moving ships due to the limited detection range cf about 10 miles. This paper introduces the field testing results of ship detection by RADARSAT SAR imagery, and proposes a new approach for a Vessel Monitoring System(VMS), including VTS, and SAR combination service.

• 해양환경안전학회:학술대회논문집
• /
• 해양환경안전학회 2007년도 춘계학술발표회
• /
• pp.127-132
• /
• 2007

From the 1978 Seasat synthetic aperture radar(SAR) to present systems, spaceborne SAR has demonstrated the capability to image the Earth's ocean and land features over broad areas, day and night, and under most weather conditions. The application of SAR for surveillance of commercial fishing grounds can aid in the detection of illegal fishing activities and provides more efficient use of limited aircraft or patrol craft resources. In the area of vessel traffic monitoring for commercial vessels, Vessel Traffic Service (VTS) which uses the ground-based radar system has some difficulties in detecting moving ships due to the limited detection range of about 10 miles. This paper introduces the field testing results of ship detection by RADARSAT SAR imagery, and proposes a new approach for a Vessel Monitoring System(VMS), including VTS, and SAR combination service.

• Journal of Communications and Networks
• /
• 제12권1호
• /
• pp.74-85
• /
• 2010

For the purpose of compromising hosts, attackers including infected hosts initially perform a portscan using IP addresses in order to find vulnerable hosts. Considerable research related to portscan detection has been done and many algorithms have been proposed and implemented in the network intrusion detection system (NIDS). In order to distinguish portscanners from remote hosts, most portscan detection algorithms use a fixed threshold that is manually managed by the network manager. Because the threshold is a constant, even though the network environment or the characteristics of traffic can change, many false positives and false negatives are generated by NIDS. This reduces the efficiency of NIDS and imposes a high processing burden on a network management system (NMS). In this paper, in order to address this problem, we propose an automatic portscan detection system using an fast increase slow decrease (FISD) scheme, that will automatically and adaptively set the threshold based on statistical data for traffic during prior time periods. In particular, we focus on reducing false positives rather than false negatives, while the threshold is adaptively set within a range between minimum and maximum values. We also propose a new portscan detection algorithm, rate of increase in the number of failed connection request (RINF), which is much more suitable for our system and shows better performance than other existing algorithms. In terms of the implementation, we compare our scheme with other two simple threshold estimation methods for an adaptive threshold setting scheme. Also, we compare our detection algorithm with other three existing approaches for portscan detection using a real traffic trace. In summary, we show that FISD results in less false positives than other schemes and RINF can fast and accurately detect portscanners. We also show that the proposed system, including our scheme and algorithm, provides good performance in terms of the rate of false positives.