엔드포인트 보안 솔루션의 시스템 이벤트 로그를 활용한 사용자 행위 기반 위협 탐지에 관한 연구
DC Field | Value | Language |
---|---|---|
dc.contributor.author | 유초롱 | - |
dc.contributor.author | 강필성 | - |
dc.date.accessioned | 2021-12-10T18:41:50Z | - |
dc.date.available | 2021-12-10T18:41:50Z | - |
dc.date.created | 2021-08-31 | - |
dc.date.issued | 2020 | - |
dc.identifier.issn | 1225-0988 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/130868 | - |
dc.description.abstract | This study develops a threat detection method based on user behavior modeling using system event logs from Endpoint security solution. Recently the approaches based on monitoring and responding from endpoint have been highlighted because they can find out and take measures to intelligent attacks like zero-day attack more promptly and flexibly than signature-based approaches. In this paper, we design the behavior model of each user from system event logs generated by solutions installed on personal computers. To do so, we apply Doc2Vec algorithm to transform event log sequences into numerical vectors. Then we conduct an experiment to verify a behavior pattern of each user with our vectorized log sequences. Experimental result shows that not only user classification using event log sequences can work well but also it can detect a change of user behavior over time. We expect that the proposed scheme can detect the possibility of external or internal threats by finding out an activity that deviates from the normal behavior pattern. 2020년 3월 18일 접수; 2020년 6월 2일 수정본 접수; 2020년 7월 30일 게재 확정. | - |
dc.language | Korean | - |
dc.language.iso | ko | - |
dc.publisher | 대한산업공학회 | - |
dc.title | 엔드포인트 보안 솔루션의 시스템 이벤트 로그를 활용한 사용자 행위 기반 위협 탐지에 관한 연구 | - |
dc.title.alternative | A Study on Threat Detection based on User Behavior Model Using System Event Logs of Endpoint Security Solution | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | 강필성 | - |
dc.identifier.doi | 10.7232/JKIIE.2020.46.6.637 | - |
dc.identifier.bibliographicCitation | 대한산업공학회지, v.46, no.6, pp.637 - 649 | - |
dc.relation.isPartOf | 대한산업공학회지 | - |
dc.citation.title | 대한산업공학회지 | - |
dc.citation.volume | 46 | - |
dc.citation.number | 6 | - |
dc.citation.startPage | 637 | - |
dc.citation.endPage | 649 | - |
dc.type.rims | ART | - |
dc.identifier.kciid | ART002657238 | - |
dc.description.journalClass | 2 | - |
dc.description.journalRegisteredClass | kci | - |
dc.subject.keywordAuthor | Threat Detection | - |
dc.subject.keywordAuthor | Endpoint Security | - |
dc.subject.keywordAuthor | Logs of System Event | - |
dc.subject.keywordAuthor | User Behavior Model | - |
dc.subject.keywordAuthor | t-SNE | - |
dc.subject.keywordAuthor | Classification | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
145 Anam-ro, Seongbuk-gu, Seoul, 02841, Korea+82-2-3290-2963
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.