Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
¿ÀÅäÀÎÄÚ´õ ±â¹ÝÀÇ ¿ÜºÎ¸Á Àû´ëÀû »çÀ̹ö È°µ¿ ¡ÈÄ °¨Áö |
| ¿µ¹®Á¦¸ñ(English Title) |
Detection of Signs of Hostile Cyber Activity against External Networks based on Autoencoder |
| ÀúÀÚ(Author) |
¹ÚÇѼÖ
±è±¹Áø
Á¤À翵
ÀåÁö¼ö
À±ÀçÇÊ
½Åµ¿±Ô
Hansol Park
Kookjin Kim
Jaeyeong Jeong
jisu Jang
Jaepil Youn
Dongkyoo Shin
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 23 NO. 06 PP. 0039 ~ 0048 (2022. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
Àü ¼¼°èÀûÀ¸·Î »çÀ̹ö °ø°ÝÀº °è¼Ó Áõ°¡ÇØ ¿ÔÀ¸¸ç ±× ÇÇÇØ´Â Á¤ºÎ ½Ã¼³À» ³Ñ¾î ¹Î°£Àε鿡°Ô ¿µÇâÀ» ¹ÌÄ¡°í ÀÖ´Ù. ÀÌ·¯ÇÑ ¹®Á¦·Î »çÀ̹ö ÀÌ»ó¡Èĸ¦ Á¶±â¿¡ ½Äº°ÇÏ¿© ŽÁöÇÒ ¼ö ÀÖ´Â ½Ã½ºÅÛ °³¹ßÀÇ Á߿伺ÀÌ °Á¶µÇ¾ú´Ù. À§¿Í °°ÀÌ, »çÀ̹ö ÀÌ»ó¡Èĸ¦ È¿°úÀûÀ¸·Î ½Äº°Çϱâ À§ÇØ BGP(Border Gateway Protocol) µ¥ÀÌÅ͸¦ ¸Ó½Å·¯´× ¸ðµ¨À» ÅëÇØ ÇнÀÇÏ°í, À̸¦ ÀÌ»ó¡ÈÄ·Î ½Äº°ÇÏ´Â ¿©·¯ ¿¬±¸°¡ ÁøÇàµÇ¾ú´Ù. ±×·¯³ª BGP µ¥ÀÌÅÍ´Â ÀÌ»ó µ¥ÀÌÅÍ°¡ Á¤»ó µ¥ÀÌÅͺ¸´Ù ÀûÀº ºÒ±ÕÇü µ¥ÀÌÅÍ(Imbalanced data)ÀÌ´Ù. ÀÌ´Â, ¸ðµ¨¿¡ ÇнÀÀÌ ÆíÇâµÈ °á°ú¸¦ °¡Áö°Ô µÇ¾î °á°ú¿¡ ´ëÇÑ ½Å·Ú¼ºÀ» °¨¼Ò½ÃŲ´Ù. ¶ÇÇÑ, ½ÇÁ¦ »çÀ̹ö »óȲ¿¡¼ º¸¾È ´ã´çÀÚµéÀÌ ¸Ó½Å·¯´×ÀÇ Á¤ÇüÀûÀÎ °á°ú·Î »çÀ̹ö »óȲÀ» ÀνĽÃų ¼ö ¾ø´Â ÇÑ°èµµ Á¸ÀçÇÑ´Ù. µû¶ó¼ º» ³í¹®¿¡¼´Â Àü ¼¼°è ³×Æ®¿öÅ© ±â·ÏÀ» º¸°üÇÏ´Â BGP(Border Gateway Protocol)¸¦ Á¶»çÇÏ°í, SMOTE(Synthetic Minority Over-sampling Technique) È°¿ëÇØ ºÒ±ÕÇü µ¥ÀÌÅÍ ¹®Á¦¸¦ ÇØ°áÇÑ´Ù. ±× ÈÄ, »çÀ̹ö °ø¹æ(Cyber Range) »óȲÀ» °¡Á¤ÇÏ¿©, ¿ÀÅäÀÎÄÚ´õ¸¦ ÅëÇØ »çÀ̹ö ÀÌ»ó¡ÈÄ ºÐ·ùÇÏ°í ºÐ·ùµÈ µ¥ÀÌÅ͸¦ °¡½ÃÈÇÑ´Ù. ¸Ó½Å·¯´× ¸ðµ¨ÀÎ ¿ÀÅäÀÎÄÚ´õ´Â Á¤»ó µ¥ÀÌÅÍÀÇ ÆÐÅÏÀ» ÇнÀ½ÃÄÑ ÀÌ»ó µ¥ÀÌÅ͸¦ ºÐ·ùÇÏ´Â ¼º´ÉÀ» 92.4%ÀÇ Á¤È®µµ¸¦ µµÃâÇß°í º¸Á¶ ÁöÇ¥µµ 90%ÀÇ ¼º´ÉÀ» º¸¿© °á°ú¿¡ ´ëÇÑ ½Å·Ú¼ºÀ» È®º¸ÇÑ´Ù. ¶ÇÇÑ, È¥ÀâÇÑ »çÀ̹ö °ø°£À» °¡½ÃÈÇÏ¿© È¿À²ÀûÀ¸·Î »óȲÀ» ÀνÄÇÒ ¼ö Àֱ⿡ »çÀ̹ö °ø°Ý¿¡ È¿°úÀûÀ¸·Î ¹æ¾îÇÒ ¼ö ÀÖ´Ù°í Àü¸ÁµÈ´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
Cyberattacks around the world continue to increase, and their damage extends beyond government facilities and affects civilians. These issues emphasized the importance of developing a system that can identify and detect cyber anomalies early. As above, in order to effectively identify cyber anomalies, several studies have been conducted to learn BGP (Border Gateway Protocol) data through a machine learning model and identify them as anomalies. However, BGP data is unbalanced data in which abnormal data is less than normal data. This causes the model to have a learning biased result, reducing the reliability of the result. In addition, there is a limit in that security personnel cannot recognize the cyber situation as a typical result of machine learning in an actual cyber situation. Therefore, in this paper, we investigate BGP (Border Gateway Protocol) that keeps network records around the world and solve the problem of unbalanced data by using SMOTE. After that, assuming a cyber range situation, an autoencoder classifies cyber anomalies and visualizes the classified data. By learning the pattern of normal data, the performance of classifying abnormal data with 92.4% accuracy was derived, and the auxiliary index also showed 90% performance, ensuring reliability of the results. In addition, it is expected to be able to effectively defend against cyber attacks because it is possible to effectively recognize the situation by visualizing the congested cyber space. |
| Å°¿öµå(Keyword) |
ÀÌ»ó ŽÁö
¿ÀÅäÀÎÄÚ´õ
BGP Archive Data
Anomaly Detection
AutoEncoder
BGP Archive Data
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
