Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
ÇѱÛÁ¦¸ñ(Korean Title) |
¿ÀÅä ÀÎÄÚ´õ ±â¹ÝÀÇ ´ÜÀÏ Å¬·¡½º ÀÌ»ó ŽÁö ¸ðµ¨À» ÅëÇÑ ³×Æ®¿öÅ© ħÀÔ Å½Áö |
¿µ¹®Á¦¸ñ(English Title) |
Network Intrusion Detection with One Class Anomaly Detection Model based on Auto Encoder. |
ÀúÀÚ(Author) |
¹Îº´ÁØ
À¯ÁöÈÆ
±è»ó¼ö
½Åµ¿ÀÏ
½Åµ¿±Ô
Byeoungjun Min
Jihoon Yoo
Sangsoo Kim
Dongil Shin
Dongkyoo Shin
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 22 NO. 01 PP. 0013 ~ 0022 (2021. 02) |
Çѱ۳»¿ë (Korean Abstract) |
ÃÖ±Ù ³×Æ®¿öÅ© ȯ°æ¿¡ ´ëÇÑ °ø°ÝÀÌ ±Þ¼Óµµ·Î °íµµÈ ¹× Áö´ÉÈ µÇ°í Àֱ⿡, ±âÁ¸ÀÇ ½Ã±×´Ïó ±â¹Ý ħÀÔŽÁö ½Ã½ºÅÛÀº ÇÑ°èÁ¡ÀÌ ¸íÈ®ÇØÁö°í ÀÖ´Ù. Áö´ÉÇü Áö¼Ó À§Çù(Adavanced Persistent Threat; APT)°ú °°Àº »õ·Î¿î °ø°Ý¿¡ ´ëÇؼ ½Ã±×´Ïó ÆÐÅÏÀº ÀϹÝÈ ¼º´ÉÀÌ ¶³¾îÁö´Â ¹®Á¦°¡ Á¸ÀçÇÑ´Ù. ÀÌ·¯ÇÑ ¹®Á¦¸¦ ÇØ°áÇϱâ À§ÇØ ±â°èÇнÀ ±â¹ÝÀÇ Ä§ÀÔ Å½Áö ½Ã½ºÅÛ¿¡ ´ëÇÑ ¿¬±¸°¡ È°¹ßÈ÷ ÁøÇàµÇ°í ÀÖ´Ù. ÇÏÁö¸¸ ½ÇÁ¦ ³×Æ®¿öÅ© ȯ°æ¿¡¼ °ø°Ý »ùÇÃÀº Á¤»ó »ùÇÿ¡ ºñÇؼ ¸Å¿ì Àû°Ô ¼öÁýµÇ¾î Ŭ·¡½º ºÒ±ÕÇü(Class Imbalance) ¹®Á¦¸¦ °Þ°Ô µÈ´Ù. ÀÌ·¯ÇÑ µ¥ÀÌÅÍ·Î Áöµµ ÇнÀ ±â¹ÝÀÇ ÀÌ»ó ŽÁö ¸ðµ¨À» ÇнÀ½Ãų °æ¿ì Á¤»ó »ùÇÿ¡ ÆíÇâµÈ °á°ú¸¦ °¡Áö°Ô µÈ´Ù. º» ³í¹®¿¡¼´Â ÀÌ·¯ÇÑ ºÒ±ÕÇü ¹®Á¦¸¦ ÇØ°áÇϱâ À§Çؼ ¿ÀÅä ÀÎÄÚ´õ(Auto Encoder; AE)¸¦ È°¿ëÇØ One-Class Anomaly Detection À» ¼öÇàÇÏ¿© À̸¦ ±Øº¹ÇÑ´Ù. ½ÇÇèÀº NSL-KDD µ¥ÀÌÅÍ ¼ÂÀ» ÅëÇØ ÁøÇàµÇ¾úÀ¸¸ç, Á¦¾ÈÇÑ ¹æ¹ýÀÇ ¼º´É Æò°¡¸¦ À§ÇØ Áöµµ ÇнÀµÈ ¸ðµ¨µé°ú ¼º´ÉÀ» ºñ±³ÇÑ´Ù.
|
¿µ¹®³»¿ë (English Abstract) |
Recently network based attack technologies are rapidly advanced and intelligent, the limitations of existing signature-based intrusion detection systems are becoming clear. The reason is that signature-based detection methods lack generalization capabilities for new attacks such as APT attacks. To solve these problems, research on machine learning-based intrusion detection systems is being actively conducted. However, in the actual network environment, attack samples are collected very little compared to normal samples, resulting in class imbalance problems. When a supervised learning-based anomaly detection model is trained with such data, the result is biased to the normal sample. In this paper, we propose to overcome this imbalance problem through One-Class Anomaly Detection using an auto encoder. The experiment was conducted through the NSL-KDD data set and compares the performance with the supervised learning models for the performance evaluation of the proposed method.
|
Å°¿öµå(Keyword) |
ÀÌ»ó ŽÁö
³×Æ®¿öÅ© ħÀÔ Å½Áö
¿ÀÅäÀÎÄÚ´õ
NSL-KDD
Anomaly Detection
Network Intrusion Detection
AutoEncoder
NSL-KDD
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|