BROWSE
Detail
Conference Paper
호스트 기반 비정상행위 탐지를 위한 특징정보 추출
Cited - time in 
Share 
Share
- Issue Date
- 2014-06
- Citation
- 대한전자공학회 종합 학술 대회 (하계) 2014, pp.591-594
- Publisher
- 대한전자공학회
- Language
- Korean
- Type
- Conference Paper
- Abstract
- As the social and financial damages caused by APT attack are increased, the technical solution against APT attack is required. In this paper, we defined 39 features to identify between normal and abnormal behavior, and then collected 8.7 million feature data that are occurred during running both malware and normal executable file in the virtual machine environment. In the experimental results which is applying C4.5 decision tree algorithm, we have confirmed 2.0% and 5.8% for the false positive and the false negative rate, respectively.
- KSP Keywords
- Abnormal behavior, C4.5 Decision Tree(C4.5 DT), C4.5 Decision Tree Algorithm, Decision Tree(DT), Executable file, False Positive(FP), False negative rate, Feature data, Virtual Machine(VM), positive and