TIIS (Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
Indicator-based Behavior Ontology for Detecting Insider Threats in Network Systems |
| ¿µ¹®Á¦¸ñ(English Title) |
Indicator-based Behavior Ontology for Detecting Insider Threats in Network Systems |
| ÀúÀÚ(Author) |
Janghyuk Kauh
Wongi Lim
Koohyung Kwon
Jong-Eon Lee
Jung-Jae Kim
Minwoo Ryu
Si-Ho Cha
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 11 NO. 10 PP. 5062 ~ 5079 (2017. 10) |
Çѱ۳»¿ë
(Korean Abstract) |
|
¿µ¹®³»¿ë
(English Abstract) |
Malicious insider threats have increased recently, and methods of the threats are diversifying every day. These insider threats are becoming a significant problem in corporations and governments today. From a technology standpoint, detecting potential insider threats is difficult in early stage because it is unpredictable. In order to prevent insider threats in early stage, it is necessary to collect all of insiders¡¯ data which flow in network systems, and then analyze whether the data are potential threat or not. However, analyzing all of data makes us spend too much time and cost. In addition, we need a large repository in order to collect and manage these data. To resolve this problem, we develop an indicator-based behavior ontology (IB2O) that allows us to understand and interpret insiders¡¯ data packets, and then to detect potential threats in early stage in network systems including social networks and company networks. To show feasibility of the behavior ontology, we developed a prototype platform called Insider Threat Detecting Extractor (ITDE) for detecting potential insider threats in early stage based on the behavior ontology. Finally, we showed how the behavior ontology would help detect potential inside threats in network system. We expect that the behavior ontology will be able to contribute to detecting malicious insider threats in early stage. |
| Å°¿öµå(Keyword) |
Semantics
insider threat
behavior indicator
ontology
network system
security
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
