Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.5.1169

Detection of Abnormal Traffic by Pre-Inflow Agent  

Cho, Young Min (Graduate School of Information Security, Korea University)
Kwon, Hun Yeong (Graduate School of Information Security, Korea University)
Abstract
Modern society is a period of rapid digital transformation. This digital-centric business proliferation offers convenience and efficiency to businesses and individuals, but cyber threats are increasing. In particular, cyber attacks are becoming more and more intelligent and precise, and various attempts have been made to prevent these attacks from being discovered. Therefore, it is increasingly difficult to respond to such attacks. According to the cyber kill chain concept, the attacker penetrates to achieve the goal in several stages. We aim to detect one of these stages and neutralize the attack. In this paper, we propose a method to detect anomalous traffic caused by an agent attacking an external attacker, assuming that an agent executing a malicious action has been introduced in advance due to various reasons such as a system error or a user's mistake.
Keywords
abnormal traffic; agent; pre-inflow; detection;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 IDC, 3rd platform Digital Transformation, https://www.idc.com/promo/thirdplatform/digitaltransformation
2 IDG, Top 5 cybersecurity facts, figures, statistics for 2018, https://www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics.html
3 Boannews, http://www.boannews.com/media/view.asp?idx=69212
4 Lockheedmartin, Cyber Kill Chain, https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
5 AVTEST(The Independent IT-Security Institute), Malware Statistics, https://www.av-test.org/en/statistics/malware/
6 Kirti Mathur and Saroj Hiranwal, "A Survey on Techniques in Detection and Analyzing Malware Executables", International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 3, Issue 4, 2013.
7 PAYLOAD SECURITY, "Hybrid Analys is - Innovative Technology", https://www.payload-security.com/technology/hybrid-analysis
8 Jan Goebel, Thorsten Holz, "Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation", USENIX Hot Bots. pp.4-9, July. 2007.
9 Marina Thottan and Chuanyi Ji, "Anomaly Detection in IP Networks", IEEE Transaction On Signal Processing, Vol. 51, No. 8, Aug. 2003.
10 K. Illgun, R. Kemmerer, Phillip A. Porras, "State Transition Analysis : A rule-based intrusion detection approach," IEEE Transaction On Software Engineering, pp.181-199, Mar. 1995.
11 Shen Maying, Jiang Xinghao, Sun Tanfeng, "Anomaly detection based on Nearest Neighbor search with Locality-Sensitive B-tree," Neurocomputing, Vol. 289, pp.55-67, May. 2018.   DOI
12 Tonejc Jernej, Kobekova Alexandra, "Machine Learning Methods for Anomaly Detection in BACnet Networks," Journal Of Universal Computer Science, Vol. 22, No 9, pp.1203-1224, 2016.
13 Liu, Weixin, Zheng, Kangfengm "Flow-based Anomaly Detection Using Access Behavior Profiling and Time-sequenced Relation Mining," KSII Transactions On Internet And Information Systems, Vol. 10, Issue 6, pp.2781-2800, June. 2016.   DOI
14 Siwoon Son, Myeong-Seon Gil, "Anomaly Detection of Hadoop Log Data Using Moving Average and 3-Sigma," KIPS Tr. Software and Data Eng, Vol. 5, No. 6, pp.283-288, 2016.   DOI