Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.6.1489

A Validation of Effectiveness for Intrusion Detection Events Using TF-IDF  

Kim, Hyoseok (Interdisciplinary Program of Information Security, Chonnam National University)
Kim, Yong-Min (Dept. of Electronic Commerce, Chonnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.6, 2018 , pp. 1489-1497 More about this Journal
Abstract
Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.
Keywords
Intrusion Detection; Web Traffic Analysis; Text Mining; TF-IDF;
Citations & Related Records
Times Cited By KSCI : 7  (Citation Analysis)
연도 인용수 순위
1 "Mid-year 2018 Vulnerability Trends," Risk Based Security, Aug. 2018.
2 Hayong Lee and Hyosik Yang, "Construction of Security Evaluation Criteria for Web Application Firewall," Journal of Digital Convergence, 15(5), pp. 197-205, May. 2017   DOI
3 Zakira Inayat, Abdullah Gani, Nor Badrul Anuar, Muhammad Khurram Khan, and Shahid Anwar, "Intrusion response system: Foundations, design, and challenges." Journal of Network and Computer Applications, vol. 62, pp. 53-74, Feb. 2016.   DOI
4 N.B. Anuar, S.M. Furnell, M.Papadaki, and N,L, Clarke, "Response Mechanisms for Intrusion Response System(IRSs)," University of Plymouth: Plymouth, UK. Nov. 2009.
5 Kyuil Kim, Harksoo Park, Jiyeon Choi, Sangjun Ko and Jungsuk Song, "An Auto-Verification Method of Security Events Based on Empirical Analysis for Advanced Security Monitoring and Response," Journal of The Korea Institute of Information Security & Cryptology, 24(3), pp. 507-522, Jun. 2014.   DOI
6 Byungha Choi, Sungkyo Choi, and Kyungsan Cho, "An Efficient Detecting Scheme of Web-based Attacks through Monitoring HTTP Outbound Traffics," Journal of the Korea Society of Computer and Information, 16(1), pp. 125-132, Jan. 2011.   DOI
7 "Trends and Analysis of Internet Invasion Incident Monthly," KrCERT, Korea Internet & Security Agency, Feb. 2010.
8 Andrey Fedorchenko, Igor Kotenko and Didier El Baz, "Correlation of security events based on the analysis of structures of event types," 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing System: Technology and Applications (IDAACS). vol. 1, pp. 270-276, Sep. 2017.
9 JinGuk Um and HunYeong Kwon, "Model Proposal for Detection Method of Cyber Attack using SIEM," The Journal of The Institute of Internet, Broadcasting and Communication, 16(6), pp. 43-54, Dec. 2016.   DOI
10 HaengGon Lee, SangSoo Choi, Jungsuk Song and GiHwan Cho, "An Effective Security Monitoring Scheme Based on Correlation Analysis of Multiple Security Events," Journal of Knowledge Information Technology and Systems, 7(2), pp. 49-58, Apr. 2012.
11 Inseok Jeon, Keunhee Han, Dongwon Kim and Jinyung Choi, "Using the SIEM Software vulnerability detection model proposed," Journal of The Korea Institute of Information Security & Cryptology, 25(4), pp. 961-974, Aug. 2015.   DOI
12 Seong Hoon Jeong, Hana Kim, Youngsang Shin, Taejin Lee and Huy Kang Kim. "A Survey of Fraud Detection Research based on Transaction Analysis and Data Mining Technique," Journal of The Korea Institute of Information Security & Cryptology, 25(6), pp. 1525-1540, Dec. 2015.   DOI
13 Hayoung Oh, "Coward Analysis based Spam SMS Detection Scheme," Journal of The Korea Institute of Information Security & Cryptology, 26(3), pp. 693-700, Jun. 2016.   DOI
14 Min Song, Text Mining, Cheongram, Aug. 2017.
15 Hyoseok Kim, "A Validation of Intrusion Detection Events Using TF-IDF," M.S.Thesis, Chonnam National University, Aug 2018.
16 DVWA - Damn Vulnerable Web Apllcation, "DVWA", http://www.dvwa.co.uk/, Nov. 2017.
17 Snort - Network Intrusion Detection & Preventions System, "Snort", https://snort.org/downloads#rules, Dec. 2017.
18 OWASP, "OWASP Top 10", https://www.owasp.org/images/b/bd/OWASP_Top_10-2017-ko.pdf, Nov. 2017.
19 Emerging Threats rule, "ET Rule", https://rules.emergingthreats.net/, Dec. 2017.