Browse > Article
http://dx.doi.org/10.7472/jksii.2022.23.6.39

Detection of Signs of Hostile Cyber Activity against External Networks based on Autoencoder  

Park, Hansol (Department of Computer Engineering, Sejong University)
Kim, Kookjin (Department of Computer Engineering, Sejong University)
Jeong, Jaeyeong (Department of Computer Engineering, Sejong University)
Jang, jisu (Department of Computer Engineering, Sejong University)
Youn, Jaepil (Department of Computer Engineering, Sejong University)
Shin, Dongkyoo (Department of Computer Engineering, Sejong University)
Publication Information
Journal of Internet Computing and Services / v.23, no.6, 2022 , pp. 39-48 More about this Journal
Abstract
Cyberattacks around the world continue to increase, and their damage extends beyond government facilities and affects civilians. These issues emphasized the importance of developing a system that can identify and detect cyber anomalies early. As above, in order to effectively identify cyber anomalies, several studies have been conducted to learn BGP (Border Gateway Protocol) data through a machine learning model and identify them as anomalies. However, BGP data is unbalanced data in which abnormal data is less than normal data. This causes the model to have a learning biased result, reducing the reliability of the result. In addition, there is a limit in that security personnel cannot recognize the cyber situation as a typical result of machine learning in an actual cyber situation. Therefore, in this paper, we investigate BGP (Border Gateway Protocol) that keeps network records around the world and solve the problem of unbalanced data by using SMOTE. After that, assuming a cyber range situation, an autoencoder classifies cyber anomalies and visualizes the classified data. By learning the pattern of normal data, the performance of classifying abnormal data with 92.4% accuracy was derived, and the auxiliary index also showed 90% performance, ensuring reliability of the results. In addition, it is expected to be able to effectively defend against cyber attacks because it is possible to effectively recognize the situation by visualizing the congested cyber space.
Keywords
Anomaly Detection; AutoEncoder; BGP Archive Data;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Jakub Przetacznik, Russia's war on Ukraine: Timeline of cyber-attacks, 2022.
2 M. Cheng and Q. XU, "MS-LSTM: A multi-scale LSTM model for BGP anomaly detection," 2016 IEEE 24th International Conference on Network Protocols (ICNP), 2016.
3 B.W. Yap, "An application of oversampling, undersampling, bagging and boosting in handling imbalanced datasets." Proceedings of the first international conference on advanced data and information engineering (DaEng-2013). Springer, Singapore, December 2014. https://doi.org/10.1007/978-981-4585-18-7_2   DOI
4 A. Fernandez, "SMOTE for learning from imbalanced data: progress and challenges, marking the 15-year anniversary," Journal of artificial intelligence research 61, Apr 2018. https://doi.org/10.1613/jair.1.11192   DOI
5 T. Gustafsson and J. Almroth. "Cyber range automation overview with a case study of CRATE." Nordic Conference on Secure IT Systems. Springer, Cham, March 2021.
6 M. Smyrlis, "CYRA: A model-driven CYber Range Assurance platform," Applied Sciences(MDPI), May 2021. https://doi.org/10.3390/app11115165   DOI
7 S. dageet, "Quadrennial defense review report," Department of Defense., Virginia, USA, Feb. 2010.
8 J. Youn. "Research on Cyber IPB Visualization Method based on BGP Archive Data for Cyber Situation Awareness," KSII Transactions on Internet and Information Systems(TIIS), 15(2), 749-766, 2021. https://doi.org/10.3837/tiis.2021.02.020   DOI
9 P.A. Veriver, "Visual analytics for BGP monitoring and prefix hijacking identification," in IEEE Network, vol. 26, no. 6, pp. 33-39, November-December 2012. https://doi.org/10.1109/MNET.2012.6375891.   DOI
10 P. Baldi, "Autoencoders, unsupervised learning, and deep architectures," In Proceedings of ICML workshop on unsupervised and transfer learning, pp. 37-49, 2012. https://dl.acm.org/citation.cfm?id=3045796.3045801
11 D. Freet and R. Agrawal, "A virtual machine platform and methodology for network data analysis with IDS and security visualization." SoutheastCon 2017, pp. 1-8, 2017. https://doi.org/10.1109/SECON.2017.7925300.   DOI
12 Kim, M., "North Korea's cyber capabilities and their implications for international security," Sustainability, 14(3), 1744, February 2022. https://doi.org/10.3390/su14031744   DOI
13 E. Chanlett-Avery, "North Korean Cyber Capabilities: In Brief," Congressional Research Service, pp. 1-12, Washington, DC, USA, August 2017.