상세정보
학술대회
Anomaly Detection Method using Network Pattern Analysis of Process
- 발행일
- 201510
- 출처
- World Congress on Internet Security (WorldCIS) 2015, pp.159-163
- 협약과제
- 15MS9700, 다중소스 데이터의 Long-term History 분석기반 사이버 표적공격 인지 및 추적기술 개발, 김익균
- 초록
- The only solution against zero day attack is the anomaly based detection independent of specific signatures. The basic mechanism in the anomaly detection approach is establishing a profile to describe the "normal" situation of a network or machine. If this profile was accurate enough, all attacks should be detected because they are "abnormal" to the profile. Until now, there has no effective method to construct such a perfect profile. Also, the biggest problem is the dilemma between detection rate and false positive. Therefore, in this paper, we present a new solution to reduce false positive by network pattern analysis of process.
- KSP 제안 키워드
- Detection Method, False positive, Network pattern, Zero-day attack, anomaly based detection, anomaly detection, detection rate(DR), pattern analysis