Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
엔드포인트 보안 솔루션의 시스템 이벤트 로그를 활용한 사용자 행위 기반 위협 탐지에 관한 연구
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | 유초롱 | - |
| dc.contributor.author | 강필성 | - |
| dc.date.accessioned | 2021-12-10T18:41:50Z | - |
| dc.date.available | 2021-12-10T18:41:50Z | - |
| dc.date.created | 2021-08-31 | - |
| dc.date.issued | 2020 | - |
| dc.identifier.issn | 1225-0988 | - |
| dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/130868 | - |
| dc.description.abstract | This study develops a threat detection method based on user behavior modeling using system event logs from Endpoint security solution. Recently the approaches based on monitoring and responding from endpoint have been highlighted because they can find out and take measures to intelligent attacks like zero-day attack more promptly and flexibly than signature-based approaches. In this paper, we design the behavior model of each user from system event logs generated by solutions installed on personal computers. To do so, we apply Doc2Vec algorithm to transform event log sequences into numerical vectors. Then we conduct an experiment to verify a behavior pattern of each user with our vectorized log sequences. Experimental result shows that not only user classification using event log sequences can work well but also it can detect a change of user behavior over time. We expect that the proposed scheme can detect the possibility of external or internal threats by finding out an activity that deviates from the normal behavior pattern. 2020년 3월 18일 접수; 2020년 6월 2일 수정본 접수; 2020년 7월 30일 게재 확정. | - |
| dc.language | Korean | - |
| dc.language.iso | ko | - |
| dc.publisher | 대한산업공학회 | - |
| dc.title | 엔드포인트 보안 솔루션의 시스템 이벤트 로그를 활용한 사용자 행위 기반 위협 탐지에 관한 연구 | - |
| dc.title.alternative | A Study on Threat Detection based on User Behavior Model Using System Event Logs of Endpoint Security Solution | - |
| dc.type | Article | - |
| dc.contributor.affiliatedAuthor | 강필성 | - |
| dc.identifier.doi | 10.7232/JKIIE.2020.46.6.637 | - |
| dc.identifier.bibliographicCitation | 대한산업공학회지, v.46, no.6, pp.637 - 649 | - |
| dc.relation.isPartOf | 대한산업공학회지 | - |
| dc.citation.title | 대한산업공학회지 | - |
| dc.citation.volume | 46 | - |
| dc.citation.number | 6 | - |
| dc.citation.startPage | 637 | - |
| dc.citation.endPage | 649 | - |
| dc.type.rims | ART | - |
| dc.identifier.kciid | ART002657238 | - |
| dc.description.journalClass | 2 | - |
| dc.description.journalRegisteredClass | kci | - |
| dc.subject.keywordAuthor | Threat Detection | - |
| dc.subject.keywordAuthor | Endpoint Security | - |
| dc.subject.keywordAuthor | Logs of System Event | - |
| dc.subject.keywordAuthor | User Behavior Model | - |
| dc.subject.keywordAuthor | t-SNE | - |
| dc.subject.keywordAuthor | Classification | - |
- Files in This Item
- There are no files associated with this item.
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
Related Researcher
- Kang, Pil sung
- 공과대학 (School of Industrial and Management Engineering)