Browse > Article
http://dx.doi.org/10.17662/ksdim.2017.13.4.125

A Study on the Insider Behavior Analysis Framework for Detecting Information Leakage Using Network Traffic Collection and Restoration  

Kauh, Janghyuk (국방과학연구소)
Lee, Dongho (광운대학교 소프트웨어학부)
Publication Information
Journal of Korea Society of Digital Industry and Information Management / v.13, no.4, 2017 , pp. 125-139 More about this Journal
Abstract
In this paper, we developed a framework to detect and predict insider information leakage by collecting and restoring network traffic. For automated behavior analysis, many meta information and behavior information obtained using network traffic collection are used as machine learning features. By these features, we created and learned behavior model, network model and protocol-specific models. In addition, the ensemble model was developed by digitizing and summing the results of various models. We developed a function to present information leakage candidates and view meta information and behavior information from various perspectives using the visual analysis. This supports to rule-based threat detection and machine learning based threat detection. In the future, we plan to make an ensemble model that applies a regression model to the results of the models, and plan to develop a model with deep learning technology.
Keywords
Cyber; Insider Threat; Behavior Analysis; Machine Learning;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Richard C. Brackney, Robert H. Anderson, "Understanding the Insider Threat," RAND, 2005.
2 Marcus A. Maloof, Gregory D. Stephens, "ELICT: A System for Detecting Insiders Who Violate need-to-know," RAID(Recent Advances in Intrusion Detection), 2007, pp. 146-166.
3 Ted E. Senator 외 26인, "Detecting Insider Threats in a Real Corporate Database of Computer Usage Activity," ACM SIGKDD, 2013, pp. 1393-1401.
4 고장혁,이동호, "GPU를 이용한 정보시스템 성능 향상에 관한 연구," 한국군사과학기술학회, 종합학술대회, 2013, pp.391-392.
5 고장혁, 이동호, "국방정보시스템 성능향상을 위한 효율적인 GPU 적용방안 연구," 디지털산업정보학회, 제11권, 제1호, 2015, pp.27-35.   DOI
6 Kalyan Veeramachaneni 외 2인, "AI2: Training a Big Data Machine to Defend," IEEE BigDataSecurity-HPSC-IDS, 2016, pp.49-54.
7 고장혁, 이동호, "정보 유출 탐지를 위한 머신 러닝 기반 내부자 행위 분석 연구," 디지털산업정보학회, 제13권, 제2호, 2017, pp.1-11.   DOI
8 Richard Bejtlich, "Practice of Network Security Monitoring," 2013.
9 Nutan Farah Haq 외 5인, "Application of Machine Learning Approaches in Intrusion Detection System: A Survey," International Journal of Advanced Research in Artificial Intelligence, Vol.4, No.3, 2015, pp.9-18.
10 고장혁 외 6인, "Indicator-based Behavior Ontology for Detecting insider Threats in Network Systems," KSII Transactions on Internet and Information Systems, Vol. 11, No.10, 2017, pp.5062-5079.
11 Jeffrey Cleveland 외 3인, "Scalable Machine Learning Framework for Behavior-Based Access Control," Resilient Control Systems(ISRCS), 2013 6th International Symposium, pp.181-185.