상세정보
학술지
DTB-IDS: An Intrusion Detection System Based on Decision Tree using Behavior Analysis for Preventing APT Attacks
- 발행일
- 201707
- 출처
- Journal of Supercomputing, v.73 no.7, pp.2881-2895
- ISSN
- 0920-8542
- 출판사
- Springer
- 협약과제
- 16MH2100, 다중소스 데이터의 Long-term History 분석기반 사이버 표적공격 인지 및 추적기술 개발, 김익균
- 초록
- Due to rapid growth of communications and networks, a cyber-attack with malicious codes has been coming as a new paradigm in information security area since last few years. In particular, an advanced persistent threats (APT) attack is bringing out big social issues. The APT attack uses social engineering methods to target various systems for intrusions. It breaks down the security of the target system to leak information or to destroy the system by giving monetary damages on the target. APT attacks make relatively simple attacks such as spear phishing during initial intrusion but a back door is created by leaking the long-term information after initial intrusion, and it transmits the malicious code by analyzing the internal network. In this paper, we propose an intrusion detection system based on the decision tree using analysis of behavior information to detect APT attacks that intellectually change after intrusion into a system. Furthermore, it can detect the possibility on the initial intrusion and minimize the damage size by quickly responding to APT attacks.
- KSP 제안 키워드
- APT attacks, Behavior analysis, Cyber attacks, Decision Tree(DT), Intrusion detection system(IDS), Malicious code, Security area, Social issues, Spear phishing, advanced persistent threat, breaks down