Browse > Article
http://dx.doi.org/10.33778/kcsa.2022.22.2.009

A Study on Improving Precision Rate in Security Events Using Cyber Attack Dictionary and TF-IDF  

Jongkwan Kim (전남대학교 정보보안협동과정)
Myongsoo Kim (전력연구원 지능화솔루션연구실)
Publication Information
Convergence Security Journal / v.22, no.2, 2022 , pp. 9-19 More about this Journal
Abstract
As the expansion of digital transformation, we are more exposed to the threat of cyber attacks, and many institution or company is operating a signature-based intrusion prevention system at the forefront of the network to prevent the inflow of attacks. However, in order to provide appropriate services to the related ICT system, strict blocking rules cannot be applied, causing many false events and lowering operational efficiency. Therefore, many research projects using artificial intelligence are being performed to improve attack detection accuracy. Most researches were performed using a specific research data set which cannot be seen in real network, so it was impossible to use in the actual system. In this paper, we propose a technique for classifying major attack keywords in the security event log collected from the actual system, assigning a weight to each key keyword, and then performing a similarity check using TF-IDF to determine whether an actual attack has occurred.
Keywords
Security Events; TF-IDF; Similarity; IPS log; Actual network; Precision Rate;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 윤영근, 최인혁, 구자빈, 손주암, 오태근. "자기애자 손상평가를 위한 머신러닝 기법의 적용." 대한전기학회 학술대회 논문집, pp. 88-89, 2019.
2 WANG Wei-Hong, LV Yin-Jun, CHEN Hui-Bing, FANG Zhao-Lin, "A Static Malicious Javascript Detection Using SVM." In proceedings of the 2nd International Conference on Computer Science and Electronics Engineering(ICCSEE), 2013.
3 H. Kim, J.H. Huh, "Detecting DNS-poisoning-based phishing attacks from their network performance characteristics", Electronics Letters, vol. 47, no.11, pp. 656-658, 2011.
4 Y Liao, VR Vemuri, "Use of K-Nearest Neighbor classifier for intrusion detection" Computer&Security, vol 21, no.5, pp. 439-448, 2002.
5 양환석, "머신러닝을 이용한 APT 공격탐지기법에 관한 연구," 한국융합보안학회 융합보안논문지 제21권 제 5호, pp. 21-27, 2021.
6 김도형, 이상근, 정순기, "이상금융거래 탐지 시스템(FDS)을 위한 딥러닝 모델의 설계 및 구현", 한국융합보안학회 융합보안논문지 제21권 제5호, pp. 69-78, 2021.
7 변성현, 김영원, 고관섭, 이수진, "CNN기반 악성코드 탐지에서 이미지 형식이 탐지성능과 자원 사용에 미치는 영향 분석." 한국융합보안학회 융합보안논문지 제21권 제4호, pp. 59-68, 2021.
8 안병욱, 이중찬, 최재성, 박원형, "머신러닝과 딥러닝을 활용한 악성 패킷 탐지 기술 연구", 한국융합보안학회 융합보안논문지 제21권 제4호, pp. 109-115, 2021.
9 김남욱, 이동규, 엄정호, "지능형 사이버 공격 경로 분석 방법에 관한 연구," 한국융합보안학회 융합보안논문지 제21권 제1호, pp. 93-100, 2021.
10 권현, 박상준, 김용철, "딥뉴럴네트워크상에 신속한 오인식 샘플 생성 공격", 한국융합보안학회 융합보안논문지 제20권 제2호, pp. 111-121, 2020.
11 Mohsen Kakavand, etc. "A Text Mining-Based Anomaly Detection Model in Network Security", Vol14, No 40G(2014):Global Journal Of Computer Science and Technology, 2015.
12 WesamS. Bhaya, etc. "Anomaly Detection System for Internet Traffic bsedon TF-IDF and BFR Clustering Algorithms", International Journal of Engineering & Technology, 8(1.5), pp 131-137, 2019.
13 Hyoseok Kim, etc. "A Validation of Effectiveness for Intrusion Detection Events Using TF-IDF", Journal of the Korea Institute of Information Security & Cryptology, Vol.28, pp.1489-1497, 2018
14 Choi S, Jang M, Kim M (2020), A Study on AI algorithms to Improve Precision Rate in a Managed Security Service, Trans Korean Inst Electrical Engineering, pp 1046-1052, https://doi.org/10.5370/KIEE2020.69.7.1046.   DOI
15 OWASP, "OWASP Top 10 -2001", http://owasp.org/Top10/