엔드포인트 보안 솔루션의 시스템 이벤트 로그를 활용한 사용자 행위 기반 위협 탐지에 관한 연구A Study on Threat Detection based on User Behavior Model Using System Event Logs of Endpoint Security Solution
- Other Titles
- A Study on Threat Detection based on User Behavior Model Using System Event Logs of Endpoint Security Solution
- Authors
- 유초롱; 강필성
- Issue Date
- 2020
- Publisher
- 대한산업공학회
- Keywords
- Threat Detection; Endpoint Security; Logs of System Event; User Behavior Model; t-SNE; Classification
- Citation
- 대한산업공학회지, v.46, no.6, pp.637 - 649
- Indexed
- KCI
- Journal Title
- 대한산업공학회지
- Volume
- 46
- Number
- 6
- Start Page
- 637
- End Page
- 649
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/130868
- DOI
- 10.7232/JKIIE.2020.46.6.637
- ISSN
- 1225-0988
- Abstract
- This study develops a threat detection method based on user behavior modeling using system event logs from Endpoint security solution. Recently the approaches based on monitoring and responding from endpoint have been highlighted because they can find out and take measures to intelligent attacks like zero-day attack more promptly and flexibly than signature-based approaches. In this paper, we design the behavior model of each user from system event logs generated by solutions installed on personal computers. To do so, we apply Doc2Vec algorithm to transform event log sequences into numerical vectors. Then we conduct an experiment to verify a behavior pattern of each user with our vectorized log sequences. Experimental result shows that not only user classification using event log sequences can work well but also it can detect a change of user behavior over time. We expect that the proposed scheme can detect the possibility of external or internal threats by finding out an activity that deviates from the normal behavior pattern.
2020년 3월 18일 접수; 2020년 6월 2일 수정본 접수; 2020년 7월 30일 게재 확정.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Engineering > School of Industrial and Management Engineering > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.