Ensemble Model using Multiple Profiles for Analytical Classification of Threat Intelligence

보안 인텔리전트 유형 분류를 위한 다중 프로파일링 앙상블 모델

  • 김영수 (배재대학교 사이버보안학과)
  • Received : 2016.11.25
  • Accepted : 2016.12.26
  • Published : 2017.03.28


Threat intelligences collected from cyber incident sharing system and security events collected from Security Information & Event Management system are analyzed and coped with expanding malicious code rapidly with the advent of big data. Analytical classification of the threat intelligence in cyber incidents requires various features of cyber observable. Therefore it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified as the same features of cyber observables. We propose a multi-profile ensemble model performed similarity analysis on cyber incident of threat intelligence based on both attack types and cyber observables that can enhance the accuracy of the classification. We see a potential improvement of the cyber incident analysis system, which enhance the accuracy of the classification. Implementation of our suggested technique in a computer network offers the ability to classify and detect similar cyber incident of those not detected by other mechanisms.


Big Data;Threat Intelligence;Cyber Incident;Profile;Ensemble Model;Machine Learning


  1. 김영수, 문형진, 조혜선, 김병익, 이진해, 이진우, 이병엽, "계층적침해자원기반의 침해사고 구성 및 유형 분석," 한국콘텐츠학회논문지, 제16권, 제11호, pp.139-153, 2016.
  2. Y. S. Kim, H. J, Mun, H. S. Cho, B. I. Kim, J. H. Lee, J. W. Lee, and B. Y. Lee, "Analysis Model of Cyber Incident based Threat Intelligence," International Conference on Convergence Content 2016, pp.351-352, Dec. 10, 2016
  3. C. Ten, G. Manimaran, and C. Liu, Cybersecurity for Critical Infrastructures : Attack and Defense Modeling, IEEE TRANSACTIONS ON SYSTEMS, Vol.40, No.4, pp.853-865, 2000.
  4. M. A. Faysel and S. S. Haque, "Towards Cyber Defense: Research in Intrusion Detection and Intrusion Prevention Systems," IJCSNS, Vol.10, No.7, pp.316-325, 2010.
  5. H. D. Nguyen and Q. Cheng, An Efficient Feature Selection Method For Distributed Cyber Attack Detection and Classification, 2011 45th Annual Conference on Information Sciences and Systems (CISS), pp.1-6, 2011.
  6. B. K. Mishra and H. Saini, Cyber Attack Classification using Game Theoretic Weighted Metrics Approach, World Applied Sciences Journal 7(Special Issue of Computer & IT), pp.206-215, 2009.
  7. H. Du, C. Murphy, J. Bean, and S. J. Yang, "Toward Unsupervised Classification of Non-uniform Cyber Attack Tracks," International Conference on Information Fusion, pp.1919-1925, 2009.
  8. A. Jain and A. K. Singh, "Distributed Denial Of Service (Ddos) Attacks - Classification And Implications," Journal of Information and Operations Management, Vol.3, No.1, pp.136-140, 2012.
  9. B. Dharamkar and R. R. Singh, "Cyber-Attack Classification Using Improved Ensemble Technique Based On Support Vector Machine and Neural Network," International Journal of Computer Application, Vol.103, No.11, pp.1-7, 2014.
  10. P. Amudha, S. Karthik, and S. Sivakumari, "An Experimental Analysis of Hybrid Classification Approach for Intrusion Detection," Indian Journal of Science and Technology, Vol.9, No.13, April, 2016.
  11. M. Sharma, S. K. Singh, P. Agrawal, and V. Madaan, "Classification of Clinical Dataset of Cervical Cancer using KNN," Indian Journal of Science and Technology, Vol.9, No.28, July, 2016.
  12. S. R. Suganthi and M. Hanumanthappa, "Classification of Event Image Set Using Mining Techniques," Indian Journal of Science and Technology, Vol.9, No.22, June, 2016.
  13. P. E. Jouve and N. Nicoloyannis, A New Method for Combining Partitions, Applications for Distributed Clustering. Proc. of the International Workshop on Parallel and Distributed Machine Learning and Data Mining, pp.69-76, 2003.
  14. A. Verma, I. Kaur, and A. Kaur, "Algorithmic Approach to Data Mining and Classification Techniques," Indian Journal of Science and Technology, Vol.9, No.28, July, 2016.
  15. S. Vega-Pons and J. Ruiz-Shulcloper, "A survey of clustering ensemble algorithms," International Journal of Pattern Recognition and Artificial Intelligence, Vol.25, No.3, pp.337-372, 2011.
  16. S. Singh and S. Silakari, An Ensemble Approach for Cyber Attack Detection System: A Generic Framework, Proc. 14th ACIS Int. Conf. Softw. Eng. Artif. Intell. Netw. Parallel/Distrib. Comput., pp.79-84, 2013.
  17. D. Rathore and A. Jain, "Design Hybrid method for intrusion detection using Ensemble cluster classification and SOM network," International Journal of Advanced Computer Research, Vol.2, No.5, pp.181-186, 2012.