The Journal of the Korea Contents Association (한국콘텐츠학회논문지)

The Korea Contents Association (한국콘텐츠학회)
권호 표지
DOI QR코드

DOI QR Code

Ensemble Model using Multiple Profiles for Analytical Classification of Threat Intelligence

보안 인텔리전트 유형 분류를 위한 다중 프로파일링 앙상블 모델

  • 김영수 (배재대학교 사이버보안학과)
  • Received : 2016.11.25
  • Accepted : 2016.12.26
  • Published : 2017.03.28
Download PDF
⟨ Previous Next ⟩

Abstract

Threat intelligences collected from cyber incident sharing system and security events collected from Security Information & Event Management system are analyzed and coped with expanding malicious code rapidly with the advent of big data. Analytical classification of the threat intelligence in cyber incidents requires various features of cyber observable. Therefore it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified as the same features of cyber observables. We propose a multi-profile ensemble model performed similarity analysis on cyber incident of threat intelligence based on both attack types and cyber observables that can enhance the accuracy of the classification. We see a potential improvement of the cyber incident analysis system, which enhance the accuracy of the classification. Implementation of our suggested technique in a computer network offers the ability to classify and detect similar cyber incident of those not detected by other mechanisms.

최근 기업의 보안 시스템으로부터 수집되는 보안 인텔리전스 수는 악성코드의 확산으로 인해 기하급수적으로 증가하고 있다. 빅 데이터 환경이 도래하면서 기업들은 침해사고에 대한 다양한 정보를 이용할 수 있게 되면서 기업이 수집할 수 있는 침해사고 정보가 다양해지고 있다. 이에 따라 보안 인텔리전스를 구성하고 있는 침해사고의 다양한 속성을 사용하여 보다 정확하게 유사침해사고를 그룹별로 분류할 필요성이 요구되고 있다. 본 연구에서는 유사도 비교 분석 이론에 근거하여 침해사고를 공격유형과 침해자원을 고려한 다중 프로파일을 개발하고, 이를 활용하여 보안 인텔리전스를 구성하고 있는 침해사고 유형 분류의 정확성을 개선하는 다중 프로파일 기반 앙상블 모델을 제안한다. 제안 모델은 침입탐지시스템에서 수집된 계층적 침해자원에 대한 유사도 분석을 통해 새로운 침해사고를 효과적으로 분석할 수 있다. 사실적이고 의미 있는 침해사고의 구성을 통한 유형 분류는 새로운 침해사고에 대한 유사 침해사고를 정확하게 분류 제공함으로써 분석의 실용성을 향상시킨다.

Keywords

References

  1. 김영수, 문형진, 조혜선, 김병익, 이진해, 이진우, 이병엽, "계층적침해자원기반의 침해사고 구성 및 유형 분석," 한국콘텐츠학회논문지, 제16권, 제11호, pp.139-153, 2016. https://doi.org/10.5392/JKCA.2016.16.11.139
  2. Y. S. Kim, H. J, Mun, H. S. Cho, B. I. Kim, J. H. Lee, J. W. Lee, and B. Y. Lee, "Analysis Model of Cyber Incident based Threat Intelligence," International Conference on Convergence Content 2016, pp.351-352, Dec. 10, 2016
  3. C. Ten, G. Manimaran, and C. Liu, Cybersecurity for Critical Infrastructures : Attack and Defense Modeling, IEEE TRANSACTIONS ON SYSTEMS, Vol.40, No.4, pp.853-865, 2000.
  4. M. A. Faysel and S. S. Haque, "Towards Cyber Defense: Research in Intrusion Detection and Intrusion Prevention Systems," IJCSNS, Vol.10, No.7, pp.316-325, 2010.
  5. H. D. Nguyen and Q. Cheng, An Efficient Feature Selection Method For Distributed Cyber Attack Detection and Classification, 2011 45th Annual Conference on Information Sciences and Systems (CISS), pp.1-6, 2011.
  6. B. K. Mishra and H. Saini, Cyber Attack Classification using Game Theoretic Weighted Metrics Approach, World Applied Sciences Journal 7(Special Issue of Computer & IT), pp.206-215, 2009.
  7. H. Du, C. Murphy, J. Bean, and S. J. Yang, "Toward Unsupervised Classification of Non-uniform Cyber Attack Tracks," International Conference on Information Fusion, pp.1919-1925, 2009.
  8. A. Jain and A. K. Singh, "Distributed Denial Of Service (Ddos) Attacks - Classification And Implications," Journal of Information and Operations Management, Vol.3, No.1, pp.136-140, 2012.
  9. B. Dharamkar and R. R. Singh, "Cyber-Attack Classification Using Improved Ensemble Technique Based On Support Vector Machine and Neural Network," International Journal of Computer Application, Vol.103, No.11, pp.1-7, 2014. https://doi.org/10.5120/18115-9346
  10. P. Amudha, S. Karthik, and S. Sivakumari, "An Experimental Analysis of Hybrid Classification Approach for Intrusion Detection," Indian Journal of Science and Technology, Vol.9, No.13, April, 2016.
  11. M. Sharma, S. K. Singh, P. Agrawal, and V. Madaan, "Classification of Clinical Dataset of Cervical Cancer using KNN," Indian Journal of Science and Technology, Vol.9, No.28, July, 2016.
  12. S. R. Suganthi and M. Hanumanthappa, "Classification of Event Image Set Using Mining Techniques," Indian Journal of Science and Technology, Vol.9, No.22, June, 2016.
  13. P. E. Jouve and N. Nicoloyannis, A New Method for Combining Partitions, Applications for Distributed Clustering. Proc. of the International Workshop on Parallel and Distributed Machine Learning and Data Mining, pp.69-76, 2003.
  14. A. Verma, I. Kaur, and A. Kaur, "Algorithmic Approach to Data Mining and Classification Techniques," Indian Journal of Science and Technology, Vol.9, No.28, July, 2016.
  15. S. Vega-Pons and J. Ruiz-Shulcloper, "A survey of clustering ensemble algorithms," International Journal of Pattern Recognition and Artificial Intelligence, Vol.25, No.3, pp.337-372, 2011. https://doi.org/10.1142/S0218001411008683
  16. S. Singh and S. Silakari, An Ensemble Approach for Cyber Attack Detection System: A Generic Framework, Proc. 14th ACIS Int. Conf. Softw. Eng. Artif. Intell. Netw. Parallel/Distrib. Comput., pp.79-84, 2013.
  17. D. Rathore and A. Jain, "Design Hybrid method for intrusion detection using Ensemble cluster classification and SOM network," International Journal of Advanced Computer Research, Vol.2, No.5, pp.181-186, 2012.