Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.5.1027

Detection of System Abnormal State by Cyber Attack  

Yoon, Yeo-jeong (Agency for Defense Development)
Jung, You-jin (Agency for Defense Development)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.5, 2019 , pp. 1027-1037 More about this Journal
Abstract
Conventional cyber-attack detection solutions are generally based on signature-based or malicious behavior analysis so that have had difficulty in detecting unknown method-based attacks. Since the various information occurring all the time reflects the state of the system, by modeling it in a steady state and detecting an abnormal state, an unknown attack can be detected. Since a variety of system information occurs in a string form, word embedding, ie, techniques for converting strings into vectors preserving their order and semantics, can be used for modeling and detection. Novelty Detection, which is a technique for detecting a small number of abnormal data in a plurality of normal data, can be performed in order to detect an abnormal condition. This paper proposes a method to detect system anomaly by cyber attack using embedding and novelty detection.
Keywords
Cyber Attack; Unknown Attack; Word Embedding; Novelty Detection; Anomaly Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 T. Mikolov, I. Sutskever, K. Chen, G. Corrado, & J. Dean, "Distributed representations of words and phrases and their compositionality," Advances in neural information processing systems, pp. 3111-3119, 2013.
2 T. Mikolov, K. Chen, G. Corrado, & J. Dean, "Efficient estimation of word representations in vector space," International Conference on Learning Representations, Jan. 2013.
3 Q. Le, & T. Mikolov, "Distributed representations of sentences and documents," International Conference on Machine Learning, May. 2014.
4 I. Sutskever, O. Vinyals, & Q. V. Le, "Sequence to sequence learning with neural networks," Advances in Neural Information Processing Systems, pp. 3104-3112, 2014.
5 MARKOU, M. AND SINGH, S., "Novelty detection: A review-part 1: Statistical approaches. Sig. Proc. 83, 12," pp. 2481-2497, 2003.   DOI
6 V. Chandola, A. Banerjee, and V. Kumar, "Anomaly detection: A survey," ACM Computing Surveys (CSUR), 41(3):15, 2009.
7 CHEN, Y., ZHOU, X., AND HUANG, T. S., "One-class SVM for learning in image retrieval," Proceedings of the IEEE International Conference on Image Processing (ICIP), 2002.
8 F. T. Liu, K. M. Ting, and Z.-H. Zhou, "Isolation forest," Proceedings of the 8th IEEE International Conference on Data Mining, pp. 413-422, 2008.
9 B. E. Strom, J. A. Battaglia, M. S. Kemmerer, W. Kupersanin, D. P. Miller, C. Wampler, S. M. Whitley, and R. D. Wolf, "Finding cyber threats with ATT&CK-based analytics," 2017.