ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술대회 Anomaly Detection Method using Network Pattern Analysis of Process
Cited 2 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
저자
한민호, 김익균
발행일
201510
출처
World Congress on Internet Security (WorldCIS) 2015, pp.159-163
DOI
https://dx.doi.org/10.1109/WorldCIS.2015.7359435
협약과제
15MS9700, 다중소스 데이터의 Long-term History 분석기반 사이버 표적공격 인지 및 추적기술 개발, 김익균
초록
The only solution against zero day attack is the anomaly based detection independent of specific signatures. The basic mechanism in the anomaly detection approach is establishing a profile to describe the "normal" situation of a network or machine. If this profile was accurate enough, all attacks should be detected because they are "abnormal" to the profile. Until now, there has no effective method to construct such a perfect profile. Also, the biggest problem is the dilemma between detection rate and false positive. Therefore, in this paper, we present a new solution to reduce false positive by network pattern analysis of process.
키워드
anonaly based detection, clustering, network pattern alanysis of process
KSP 제안 키워드
Detection Method, False positive, Zero-day attack, anomaly based detection, anomaly detection, anonaly based detection, detection rate(DR), network pattern alanysis of process, pattern analysis