Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ¼ÒÇÁÆ®¿þ¾î ¹× µ¥ÀÌÅÍ °øÇÐ
Current Result Document : 17 / 17
| ÇѱÛÁ¦¸ñ(Korean Title) |
Few-Shot LearningÀ» »ç¿ëÇÑ È£½ºÆ® ±â¹Ý ħÀÔ Å½Áö ¸ðµ¨ |
| ¿µ¹®Á¦¸ñ(English Title) |
Host-Based Intrusion Detection Model Using Few-Shot Learning |
| ÀúÀÚ(Author) |
¹Ú´ë°æ
½Åµ¿ÀÏ
½Åµ¿±Ô
±è»ó¼ö
Park DaeKyeong
Shin DongIl
Shin DongKyoo
Kim Sa
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 10 NO. 07 PP. 0271 ~ 0278 (2021. 07) |
Çѱ۳»¿ë
(Korean Abstract) |
ÇöÀç »çÀ̹ö °ø°ÝÀÌ ´õ¿í Áö´Éȵʿ¡ µû¶ó ±âÁ¸ÀÇ Ä§ÀÔ Å½Áö ½Ã½ºÅÛ(Intrusion Detection System)Àº ÀúÀåµÈ ÆÐÅÏ¿¡¼ ¹þ¾î³ Áö´ÉÇü °ø°ÝÀ» ŽÁöÇϱ⠾î·Æ´Ù. À̸¦ ÇØ°áÇÏ·Á´Â ¹æ¹ýÀ¸·Î, µ¥ÀÌÅÍ ÇнÀÀ» ÅëÇØ Áö´ÉÇü °ø°ÝÀÇ ÆÐÅÏÀ» ºÐ¼®ÇÏ´Â µö·¯´×(Deep Learning) ±â¹ÝÀÇ Ä§ÀÔ Å½Áö ½Ã½ºÅÛ ¸ðµ¨ÀÌ µîÀåÇß´Ù. ħÀÔ Å½Áö ½Ã½ºÅÛÀº ¼³Ä¡ À§Ä¡¿¡ µû¶ó È£½ºÆ® ±â¹Ý°ú ³×Æ®¿öÅ© ±â¹ÝÀ¸·Î ±¸ºÐµÈ´Ù. È£½ºÆ® ±â¹Ý ħÀÔ Å½Áö ½Ã½ºÅÛÀº ³×Æ®¿öÅ© ±â¹Ý ħÀÔ Å½Áö ½Ã½ºÅÛ°ú ´Þ¸® ½Ã½ºÅÛ ³»ºÎ¿Í ¿ÜºÎ¸¦ ÀüüÀûÀ¸·Î °üÂûÇØ¾ß ÇÏ´Â ´ÜÁ¡ÀÌ ÀÖ´Ù. ÇÏÁö¸¸ ³×Æ®¿öÅ© ±â¹Ý ħÀÔ Å½Áö ½Ã½ºÅÛ¿¡¼ ŽÁöÇÒ ¼ö ¾ø´Â ħÀÔÀ» ŽÁöÇÒ ¼ö ÀÖ´Â ÀåÁ¡ÀÌ ÀÖ´Ù. µû¶ó¼, º» ¿¬±¸¿¡¼´Â È£½ºÆ® ±â¹ÝÀÇ Ä§ÀÔ Å½Áö ½Ã½ºÅÛ¿¡ °üÇÑ ¿¬±¸¸¦ ¼öÇàÇß´Ù. È£½ºÆ® ±â¹ÝÀÇ Ä§ÀÔ Å½Áö ½Ã½ºÅÛ ¸ðµ¨ÀÇ ¼º´ÉÀ» Æò°¡ÇÏ°í °³¼±Çϱâ À§Çؼ 2018³â¿¡ °ø°³µÈ È£½ºÆ® ±â¹Ý LID-DS(Leipzig Intrusion Detection-Data Set)¸¦ »ç¿ëÇß´Ù. ÇØ´ç µ¥ÀÌÅÍ ¼¼Æ®¸¦ ÅëÇÑ ¸ðµ¨ÀÇ ¼º´É Æò°¡¿¡ ÀÖ¾î¼ °¢ µ¥ÀÌÅÍ¿¡ ´ëÇÑ À¯»ç¼ºÀ» È®ÀÎÇÏ¿© Á¤»ó µ¥ÀÌÅÍÀÎÁö ºñÁ¤»ó µ¥ÀÌÅÍÀÎÁö ½Äº°Çϱâ À§ÇØ 1Â÷¿ø º¤ÅÍ µ¥ÀÌÅ͸¦ 3Â÷¿ø À̹ÌÁö µ¥ÀÌÅÍ·Î º¯È¯ÇÏ¿© À籸¼ºÇß´Ù. ¶ÇÇÑ, µö·¯´× ¸ðµ¨Àº »õ·Î¿î »çÀ̹ö °ø°Ý ¹æ¹ýÀÌ ¹ß°ßµÉ ¶§¸¶´Ù ÇнÀÀ» ´Ù½Ã ÇØ¾ß ÇÑ´Ù´Â ´ÜÁ¡ÀÌ ÀÖ´Ù. Áï, µ¥ÀÌÅÍÀÇ ¾çÀÌ ¸¹À»¼ö·Ï ÇнÀÇÏ´Â ½Ã°£ÀÌ ¿À·¡ °É¸®±â ¶§¹®¿¡ È¿À²ÀûÀÌÁö ¸øÇÏ´Ù. À̸¦ ÇØ°áÇϱâ À§ÇØ º» ³í¹®¿¡¼´Â
ÀûÀº ¾çÀÇ µ¥ÀÌÅ͸¦ ÇнÀÇÏ¿© ¿ì¼öÇÑ ¼º´ÉÀ» º¸ÀÌ´Â Few-Shot Learning ±â¹ýÀ» »ç¿ëÇϱâ À§ÇØ Siamese-CNN(Siamese Convolutional Neural Network)À» Á¦¾ÈÇÑ´Ù. Siamese-CNNÀº À̹ÌÁö·Î º¯È¯ÇÑ °¢ »çÀ̹ö °ø°ÝÀÇ »ùÇÿ¡ ´ëÇÑ À¯»ç¼º Á¡¼ö¿¡ ÀÇÇØ °°Àº À¯ÇüÀÇ °ø°ÝÀÎÁö ¾Æ´ÑÁö ÆÇ´ÜÇÑ´Ù. Á¤È®¼ºÀº Few-Shot Learning ±â¹ýÀ» »ç¿ëÇÏ¿© Á¤È®¼ºÀ» °è»êÇßÀ¸¸ç, Siamese-CNNÀÇ ¼º´ÉÀ» È®ÀÎÇϱâ À§ÇØ Vanilla-CNN(Vanilla Convolutional Neural Network)°ú Siamese-CNNÀÇ ¼º´ÉÀ» ºñ±³Çß´Ù. Accuracy, Precision, Recall ¹× F1-Score ÁöÇ¥¸¦ ÃøÁ¤ÇÑ °á°ú, Vanilla-CNN ¸ðµ¨º¸´Ù º» ¿¬±¸¿¡¼ Á¦¾ÈÇÑ Siamese-CNN ¸ðµ¨ÀÇ RecallÀÌ ¾à 6% Áõ°¡ÇÑ °ÍÀ» È®ÀÎÇß´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
As the current cyber attacks become more intelligent, the existing Intrusion Detection System is difficult for detecting intelligent attacks that deviate from the existing stored patterns. In an attempt to solve this, a model of a deep learning-based intrusion detection system that analyzes the pattern of intelligent attacks through data learning has emerged. Intrusion detection systems are divided into host-based and network-based depending on the installation location. Unlike network-based intrusion detection systems, host-based intrusion detection systems have the disadvantage of having to observe the inside and outside of the system as a whole. However, it has the advantage of being able to detect intrusions that cannot be detected by a network-based intrusion detection system. Therefore, in this study, we conducted a study on a host-based intrusion detection system. In order to evaluate and improve the performance of the host-based intrusion detection system model, we used the host-based Leipzig Intrusion Detection-Data Set (LID-DS) published in 2018. In the performance evaluation of the model using that data set, in order to confirm the similarity of each data and reconstructed to identify whether it is normal data or abnormal data, 1D vector data is converted to 3D image data. Also, the deep learning model has the drawback of having to re-learn every time a new cyber attack method is seen. In other words, it is not efficient because it takes a long time to learn a large amount of data. To solve this problem, this paper proposes the Siamese Convolutional Neural Network (Siamese-CNN) to use the Few-Shot Learning method that shows excellent performance by learning the little amount of data. Siamese-CNN determines whether the attacks are of the same type by the similarity score of each sample of cyber attacks converted into images. The accuracy was calculated using Few-Shot Learning technique, and the performance of Vanilla Convolutional Neural Network (Vanilla-CNN) and Siamese-CNN was compared to confirm the performance of Siamese-CNN. As a result of measuring Accuracy, Precision, Recall and F1-Score index, it was confirmed that the recall of the Siamese-CNN model proposed in this study was increased by about 6% from the Vanilla-CNN model. |
| Å°¿öµå(Keyword) |
±â°èÇнÀ
LID-DS
Ç»¼¦ ·¯´×
¼¤ ³×Æ®¿öÅ©
È£½ºÆ® ±â¹Ý ħÀÔ Å½Áö ½Ã½ºÅÛ
Machine Learning
LID-DS
Few-Shot Learning
Siamese Network
HIDS
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
