http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
A Network Packet Analysis Method to Discover Malicious Activities
권태웅,명준우,이준,김규일,송중석 한국과학기술정보연구원 2022 Journal of Information Science Theory and Practice Vol.10 No.-
With the development of networks and the increase in the number of network devices, the number of cyber attacks targeting themis also increasing. Since these cyber-attacks aim to steal important information and destroy systems, it is necessary to minimizesocial and economic damage through early detection and rapid response. Many studies using machine learning (ML) and artificialintelligence (AI) have been conducted, among which payload learning is one of the most intuitive and effective methods to detectmalicious behavior. In this study, we propose a preprocessing method to maximize the performance of the model when learningthe payload in term units. The proposed method constructs a high-quality learning data set by eliminating unnecessary noise(stopwords) and preserving important features in consideration of the machine language and natural language characteristics ofthe packet payload. Our method consists of three steps: Preserving significant special characters, Generating a stopword list, andClass label refinement. By processing packets of various and complex structures based on these three processes, it is possible tomake high-quality training data that can be helpful to build high-performance ML/AI models for security monitoring. We prove theeffectiveness of the proposed method by comparing the performance of the AI model to which the proposed method is appliedand not. Forthermore, by evaluating the performance of the AI model applied proposed method in the real-world Security OperatingCenter (SOC) environment with live network traffic, we demonstrate the applicability of the our method to the real environment.
이식(Lee, Seek),김동훈(Kim, DongHoon),조영훈(Cho, YoungHun),명준우(Myung, JoonWoo),문다민(Moon, DaMin),이재구(Lee, JaeKoo),윤명근(Yoon, MyungKeun) 한국정보보호학회 2019 情報保護學會誌 Vol.29 No.3
최근 머신러닝 기술이 비약적으로 발전하고 있다. 하드웨어 성능이 향상되고 머신러닝 활용 도구가 오픈소스로 사용 편리하게 개발되어 대중화됨으로써 보안데이터 분석 분야에서도 머신러닝을 이용한 기술 개발이 활발히 진행되고 있다. 본 논문에서는 보안 분야의 악성코드 데이터와 보안관제 로그 데이터를 주요 대상으로 머신러닝 기술을 적용할 때 고려되어야 할 기술적 사항들과 최신 연구 동향, 데이터 셋 특징, 그리고 머신러닝 기반의 보안데이터 분석 기술의 기대 효과 및 현재 기술의 한계점 등을 다루도록 한다.