BROWSE
Detail
Conference Paper
Host Behavior Characteristic Description Method Against APT Attack Detection
Cited - time in 
Share 
Share
- Authors
- Moon Daesung, Ikkyun Kim
- Issue Date
- 2015-02
- Citation
- World Congress on Information Technology Applications and Services (World IT Congress) 2015, pp.1-7
- Language
- English
- Type
- Conference Paper
- Abstract
- As the social and financial damages caused by APT attack such as 3.20 cyber terror are increased, the technical solution against APT attack is required. It is, however, difficult to protect APT attack with existing security solutions because the attack uses a zero-day malware persistently. In this paper, we propose a host behavior characteristic description method which is used as an input of various data mining algorithms. First, we defined 39 features to identify between normal and abnormal behavior, and then collected 8.7 million feature data set that are occurred during running both malware and normal executable file. Further, each process is represented as 83-dimensional vector that profiles the frequency of appearance of features. The vector also includes the frequency of features generated in the child processes of each process. Therefore, it is possible to represent the whole behavior information of the process while the process is running.
- KSP Keywords
- 3-dimensional, Abnormal behavior, Attack Detection, Cyber terror, Data mining(DM), Data sets, Executable file, Feature data, Security solutions, Zero-day malware, data mining algorithms