Àüü
ÀüÀÚ/Àü±â
Åë½Å
ÄÄÇ»ÅÍ
·Î±×ÀÎ
ȸ¿ø°¡ÀÔ
About Us
ÀÌ¿ë¾È³»
¿¬±¸¹®Çå
±¹³» ³í¹®Áö
¿µ¹® ³í¹®Áö
±¹³» ÇÐȸÁö
Çмú´ëȸ ÇÁ·Î½Ãµù
±¹³» ÇÐÀ§ ³í¹®
³í¹®Á¤º¸
¹é¼
±³À°Á¤º¸
¿¬±¸ ù°ÉÀ½
ÇаúÁ¤º¸
°ÀÇÁ¤º¸
µ¿¿µ»óÁ¤º¸
E-Learning
¿Â¶óÀÎ Àú³Î
½ÉÈÁ¤º¸
¿¬±¸ ¹× ±â¼úµ¿Çâ
Áֿ俬±¸ÅäÇÈ
ÁÖ¿ä°úÁ¦ ¹× ±â°ü
Çؿܱâ°ü °ü·ÃÀÚ·á
¹ÙÀÌ¿À Á¤º¸±â¼ú
ÁÖ¿ä Archive Site
Æ÷Ä¿½ºiN
¿¬±¸ÀÚ Á¤º¸
¶óÀÌ¡½ºÅ¸
ÆÄ¿öiNÅͺä
¼¼ÁßÇÑ
¿¬±¸ÀÚ·á
¹®ÀÚ DB
¿ë¾î»çÀü
¾Ë¸²¸¶´ç
ºÎ½Ç ÇмúÈ°µ¿ ¿¹¹æ
³í¹®¸ðÁý
´ëȸ¾È³»
What's New
¿¬±¸ºñÁ¤º¸
±¸ÀÎÁ¤º¸
°øÁö»çÇ×
CSERIC ±¤Àå
Post-Conference
¿¬±¸ÀÚ Ä«Æä
ÀÚÀ¯°Ô½ÃÆÇ
Q&A
´Ý±â
»çÀÌÆ®¸Ê
¿¬±¸¹®Çå
±¹³» ³í¹®Áö
¿µ¹® ³í¹®Áö
±¹³» ÇÐȸÁö
Çмú´ëȸ ÇÁ·Î½Ãµù
±¹³» ÇÐÀ§ ³í¹®
³í¹®Á¤º¸
¹é¼
±³À°Á¤º¸
¿¬±¸ ù°ÉÀ½
ÇаúÁ¤º¸
°ÀÇÁ¤º¸
µ¿¿µ»óÁ¤º¸
E-Learning
¿Â¶óÀÎ Àú³Î
½ÉÈÁ¤º¸
¿¬±¸ ¹× ±â¼úµ¿Çâ
Áֿ俬±¸ÅäÇÈ
ÁÖ¿ä°úÁ¦ ¹× ±â°ü
Çؿܱâ°ü °ü·ÃÀÚ·á
¹ÙÀÌ¿À Á¤º¸±â¼ú
ÁÖ¿ä Archive Site
ÄÄÇ»ÅÍiN
¿¬±¸ÀÚ Á¤º¸
¿¬±¸ÀÚ·á
¹®ÀÚ DB
Ȧ·Î±×·¥ DB
¿ë¾î»çÀü
¾Ë¸²¸¶´ç
ºÎ½Ç ÇмúÈ°µ¿ ¿¹¹æ
³í¹®¸ðÁý
´ëȸ¾È³»
What's New
¿¬±¸ºñ Á¤º¸
±¸ÀÎÁ¤º¸
°øÁö»çÇ×
IT Daily
CSERIC ±¤Àå
Post-Conference
¿¬±¸ÀÚ Ä«Æä
ÀÚÀ¯°Ô½ÃÆÇ
Q&A
¼ºñ½º ¹Ù·Î°¡±â
¼³¹®Á¶»ç
¿¬±¸À±¸®
°ü·Ã±â°ü
Please wait....
¿¬±¸¹®Çå
±¹³» ³í¹®Áö
¿µ¹® ³í¹®Áö
±¹³» ÇÐȸÁö
Çмú´ëȸ ÇÁ·Î½Ãµù
±¹³» ÇÐÀ§ ³í¹®
³í¹®Á¤º¸
¹é¼
±¹³» ³í¹®Áö
Ȩ > ¿¬±¸¹®Çå > ±¹³» ³í¹®Áö >
Çѱ¹Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö
>
Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ¼ÒÇÁÆ®¿þ¾î ¹× µ¥ÀÌÅÍ °øÇÐ
Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ¼ÒÇÁÆ®¿þ¾î ¹× µ¥ÀÌÅÍ °øÇÐ
Current Result Document :
1
/ 584
´ÙÀ½°Ç
ÇѱÛÁ¦¸ñ(Korean Title)
¸¶ÀÌÅÍ ¾îÅðú ¸Ó½Å·¯´×À» ÀÌ¿ëÇÑ UNSW-NB15 µ¥ÀÌÅͼ ±â¹Ý À¯ÇØ Æ®·¡ÇÈ ºÐ·ù
¿µ¹®Á¦¸ñ(English Title)
Malicious Traffic Classification Using Mitre ATT&CK and Machine Learning Based on UNSW-NB15 Dataset
ÀúÀÚ(Author)
À±µ¿Çö
±¸ÀÚȯ
¿øµ¿È£
Yoon Dong Hyun
Koo Ja Hwan
Won Dong Ho
¿ø¹®¼ö·Ïó(Citation)
VOL 12 NO. 02 PP. 0099 ~ 0110 (2023. 02)
Çѱ۳»¿ë
(Korean Abstract)
º» ¿¬±¸´Â Çö º¸¾È °üÁ¦ ½Ã½ºÅÛÀÌ Á÷¸éÇÑ ½Ç½Ã°£ Æ®·¡ÇÈ Å½Áö ¹®Á¦¸¦ ÇØ°áÇϱâ À§ÇØ »çÀ̹ö À§Çù ÇÁ·¹ÀÓ¿öÅ©ÀÎ ¸¶ÀÌÅÍ ¾îÅðú ¸Ó½Å·¯´×À» ÀÌ¿ëÇÏ¿© À¯ÇØ ³×Æ®¿öÅ© Æ®·¡ÇÈÀ» ºÐ·ùÇÏ´Â ¹æ¾ÈÀ» Á¦¾ÈÇÏ¿´´Ù. ¸¶ÀÌÅÍ ¾îÅà ÇÁ·¹ÀÓ¿öÅ©¿¡ ³×Æ®¿öÅ© Æ®·¡ÇÈ µ¥ÀÌÅͼÂÀÎ UNSW-NB15¸¦ Àû¿ëÇÏ¿© ¶óº§À» º¯È¯ ÈÄ Èñ¼Ò Ŭ·¡½º 󸮸¦ ÅëÇØ ÃÖÁ¾ µ¥ÀÌÅͼÂÀ» »ý¼ºÇÏ¿´´Ù. »ý¼ºµÈ ÃÖÁ¾ µ¥ÀÌÅͼÂÀ» »ç¿ëÇÏ¿© ºÎ½ºÆà ±â¹ÝÀÇ ¾Ó»óºí ¸ðµ¨À» ÇнÀ½ÃŲ ÈÄ ÀÌ·¯ÇÑ ¾Ó»óºí ¸ðµ¨µéÀÌ ´Ù¾çÇÑ ¼º´É ÃøÁ¤ ÁöÇ¥·Î ¾î¶»°Ô ³×Æ®¿öÅ© Æ®·¡ÇÈÀ» ºÐ·ùÇÏ´ÂÁö Æò°¡ÇÏ¿´´Ù. ±× °á°ú F-1 ½ºÄھ ±âÁØÀ¸·Î Æò°¡ÇÏ¿´À» ¶§ Èñ¼Ò Ŭ·¡½º ¹Ìó¸®ÇÑ XGBoost°¡ ¸ÖƼ Ŭ·¡½º Æ®·¡ÇÈ È¯°æ¿¡¼ °¡Àå ¿ì¼öÇÔÀ» º¸¿´´Ù. ÇнÀÇϱ⠾î·Á¿î ¼Ò¼öÀÇ °ø°ÝŬ·¡½º±îÁö Æ÷ÇÔÇÏ¿© ¸¶ÀÌÅÍ ¾îÅà ¶óº§ º¯È¯ ¹× ¿À¹ö»ùÇøµÃ³¸®¸¦ ÅëÇÑ ¸Ó½Å·¯´×Àº ±âÁ¸ ¿¬±¸ ´ëºñ Â÷º°Á¡À» °¡Áö°í ÀÖÀ¸³ª, ±âÁ¸ µ¥ÀÌÅͼ°ú ¸¶ÀÌÅÍ ¾îÅà ¶óº§ °£ÀÇ º¯È¯ ½Ã ¿Ïº®ÇÏ°Ô ÀÏÄ¡ÇÒ ¼ö ¾ø´Â Á¡°ú Áö³ªÄ£ Èñ¼Ò Ŭ·¡½º Á¸Àç·Î ÀÎÇÑ ÇÑ°è°¡ ÀÖÀ½À» ÀÎÁöÇÏ¿´´Ù. ±×·³¿¡µµ ºÒ±¸ÇÏ°í B-SMOTE¸¦ Àû¿ëÇÑ Catboost´Â 0.9526ÀÇ ºÐ·ù Á¤È®µµ¸¦ ´Þ¼ºÇÏ¿´°í ÀÌ´Â Á¤»ó/ºñÁ¤»ó ³×Æ®¿öÅ© Æ®·¡ÇÈÀ» ÀÚµ¿À¸·Î ŽÁöÇÒ ¼ö ÀÖÀ» °ÍÀ¸·Î º¸ÀδÙ.
¿µ¹®³»¿ë
(English Abstract)
This study proposed a classification of malicious network traffic using the cyber threat framework(Mitre ATT&CK) and machine learning to solve the real-time traffic detection problems faced by current security monitoring systems. We applied a network traffic dataset called UNSW-NB15 to the Mitre ATT&CK framework to transform the label and generate the final dataset through rare class processing. After learning several boosting-based ensemble models using the generated final dataset, we demonstrated how these ensemble models classify network traffic using various performance metrics. Based on the F-1 score, we showed that XGBoost with no rare class processing is the best in the multi-class traffic environment. We recognized that machine learning ensemble models through Mitre ATT&CK label conversion and oversampling processing have differences over existing studies, but have limitations due to (1) the inability to match perfectly when converting between existing datasets and Mitre ATT&CK labels and (2) the presence of excessive sparse classes. Nevertheless, Catboost with B-SMOTE achieved the classification accuracy of 0.9526, which is expected to be able to automatically detect normal/abnormal network traffic.
Å°¿öµå(Keyword)
¸Ó½Å·¯´×
¸¶ÀÌÅÍ ¾îÅÃ
UNSW-NB15
³×Æ®¿öÅ© Æ®·¡ÇÈ ºÐ·ù
³×Æ®¿öÅ© º¸¾È °üÁ¦
Machine Learning
Mitre ATT&CK
UNSW-NB15
Network Traffic Classification
Network Security Monitoring
ÆÄÀÏ÷ºÎ
PDF ´Ù¿î·Îµå
¸ñ·Ï
Copyright(c)
Computer Science Engineering Research Information Center
. All rights reserved.