Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ¼ÒÇÁÆ®¿þ¾î ¹× µ¥ÀÌÅÍ °øÇÐ
ÇѱÛÁ¦¸ñ(Korean Title) |
»çÀ̹ö °¨½ÃÁ¤ÂûÀÇ Á¤º¸ ºÐ¼®¿¡ Àû¿ëµÇ´Â Á¡ÁøÀû ÇнÀ ¹æ¹ý°ú ÀÏ°ý ÇнÀ ¹æ¹ýÀÇ ¼º´É ºñ±³ |
¿µ¹®Á¦¸ñ(English Title) |
Comparison of Performance Between Incremental and Batch Learning Method for Information Analysis of Cyber Surveillance and Reconnaissance |
ÀúÀÚ(Author) |
½Å°æÀÏ
À±È£»ó
½Åµ¿ÀÏ
½Åµ¿±Ô
Gyeong-Il Shin
Hosang Yooun
DongIl Shin
DongKyoo Shin
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 07 NO. 03 PP. 0099 ~ 0106 (2018. 03) |
Çѱ۳»¿ë (Korean Abstract) |
»çÀ̹ö °¨½ÃÁ¤ÂûÀº °ø°³µÈ ÀÎÅͳÝ, ¾Æ±º ¹× Àû±º ³×Æ®¿öÅ©¿¡¼ Á¤º¸¸¦ ȹµæÇÑ´Ù. »çÀ̹ö ISR¿¡¼ ¿¡ÀÌÀüÆ®¸¦ È°¿ëÇÏ¿© µ¥ÀÌÅ͸¦ ¼öÁýÇÏ°í, ¼öÁýÇÑ µ¥ÀÌÅ͸¦ C&C ¼¹ö¿¡ Àü¼ÛÇÏ¿© ¼öÁýÇÑ µ¥ÀÌÅ͸¦ ºÐ¼® ÇÑ ÈÄ ÇØ´ç ºÐ¼® °á°ú¸¦ ÀÌ¿ëÇÏ¿© ÀÇ»ç°áÁ¤¿¡ µµ¿òÀ» ÁÙ ¼ö ÀÖ´Ù. ÇÏÁö¸¸ ³×Æ®¿öÅ© ±¸¼º¿¡ µû¶ó ħÅõÇÑ ÄÄÇ»ÅÍ¿¡ ½É¾îÁø ¿¡ÀÌÀüÆ®¿Í ¿ÜºÎ ³×Æ®¿öÅ©¿¡ Á¸ÀçÇÏ´Â C&C ¼¹ö °£ Á¤±âÀûÀÎ Åë½ÅÀÌ ºÒ°¡´ÉÇÏ°Ô µÇ´Â °æ¿ì°¡ Á¸ÀçÇÑ´Ù. À̶§ ¿¡ÀÌÀüÆ®´Â C&C ¼¹ö¿Í Åë½ÅÀÌ Àç°³µÇ´Â ªÀº ¼ø°£¿¡ µ¥ÀÌÅ͸¦ C&C ¼¹ö¿¡ Àü´ÞÇÏ°í, À̸¦ ¹ÞÀº C&C ¼¹ö´Â ¼öÁýÇÑ µ¥ÀÌÅ͸¦ ºÐ¼®ÇÑ ÈÄ ´Ù½Ã ¿¡ÀÌÀüÆ®¿¡°Ô ¸í·ÉÀ» ³»·Á¾ßÇÑ´Ù. µû¶ó¼ ÇØ´ç ¹®Á¦¸¦ ÇØ°áÇϱâ À§Çؼ´Â ªÀº ½Ã°£ ³»¿¡ ºü¸£°Ô ÇнÀÀÌ °¡´ÉÇϸç, ÇнÀ °úÁ¤¿¡¼ ¸¹Àº ÀÚ¿øÀ» ¼Ò¸ðÇÏÁö ¾Ê°íµµ ÇнÀÇÒ ¼ö ÀÖ¾î¾ßÇÑ´Ù. º» ¿¬±¸¿¡¼´Â Á¡ÁøÀû ÇнÀ ¹æ¹ýÀ» ÀÏ°ý ÇнÀ ¹æ¹ý°ú ºñ±³ÇÏ´Â ½ÇÇèÀ» ÅëÇØ ¿ì¼ö¼ºÀ» º¸¿©ÁÖ°í ÀÖ´Ù. Á¡ÁøÀû ÇнÀ ¹æ¹ýÀ» »ç¿ëÇÑ ½ÇÇè¿¡¼´Â 500M ÀÌÇÏÀÇ ¸Þ¸ð¸® ¸®¼Ò½º·Î Á¦ÇÑµÈ È¯°æ¿¡¼ ÇнÀ¼Ò¿ä½Ã°£À» 10¹è ÀÌ»ó ´ÜÃà½ÃÅ°´Â °á°ú¸¦ º¸¿© ÁÖ¾úÀ¸³ª, À߸ø ºÐ·ùµÈ µ¥ÀÌÅ͸¦ Àç»ç¿ëÇÏ¿© ÇнÀ ¸ðµ¨À» °³¼±ÇÏ´Â ½ÇÇè¿¡¼´Â ÀçÇнÀ¿¡ ¼Ò¿äµÇ´Â ½Ã°£ÀÌ 200% ÀÌ»ó Áõ°¡ÇÏ´Â ¹®Á¦Á¡ÀÌ ¹ß°ßµÇ¾ú´Ù.
|
¿µ¹®³»¿ë (English Abstract) |
In the process of acquiring information through the cyber ISR (Intelligence Surveillance Reconnaissance) and research into the agent to help decision-making, periodic communication between the C&C (Command and Control) server and the agent may not be possible. In this case, we have studied how to effectively surveillance and reconnaissance. Due to the network configuration, agents planted on infiltrated computers can not communicate seamlessly with C&C servers. In this case, the agent continues to collect data continuously, and in order to analyze the collected data within a short time in When communication is possible with the C&C server, it can utilize limited resources and time to continue its mission without being discovered. This research shows the superiority of incremental learning method over batch method through experiments. At an experiment with the restricted memory of 500 mega bytes, incremental learning method shows 10 times decrease in learning time. But at an experiment with the reuse of incorrectly classified data, the required time for relearn takes twice more.
|
Å°¿öµå(Keyword) |
»çÀ̹ö ISR
Á¡ÁøÀû ÇнÀ ¹æ¹ý
ÀÏ°ý ÇнÀ ¹æ¹ý
AdaBoost
Cyber ISR
Incremental Learning Method
Batch Learning Method
AdaBoost
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|