Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Insider Behavior Analysis Framework for Detecting Information Leakage Using Network Traffic Collection and Restoration

네트워크 트래픽 수집 및 복원을 통한 내부자 행위 분석 프레임워크 연구

  • Received : 2017.11.20
  • Accepted : 2017.12.05
  • Published : 2017.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we developed a framework to detect and predict insider information leakage by collecting and restoring network traffic. For automated behavior analysis, many meta information and behavior information obtained using network traffic collection are used as machine learning features. By these features, we created and learned behavior model, network model and protocol-specific models. In addition, the ensemble model was developed by digitizing and summing the results of various models. We developed a function to present information leakage candidates and view meta information and behavior information from various perspectives using the visual analysis. This supports to rule-based threat detection and machine learning based threat detection. In the future, we plan to make an ensemble model that applies a regression model to the results of the models, and plan to develop a model with deep learning technology.

Keywords

References

  1. Richard C. Brackney, Robert H. Anderson, "Understanding the Insider Threat," RAND, 2005.
  2. Marcus A. Maloof, Gregory D. Stephens, "ELICT: A System for Detecting Insiders Who Violate need-to-know," RAID(Recent Advances in Intrusion Detection), 2007, pp. 146-166.
  3. Ted E. Senator 외 26인, "Detecting Insider Threats in a Real Corporate Database of Computer Usage Activity," ACM SIGKDD, 2013, pp. 1393-1401.
  4. 고장혁,이동호, "GPU를 이용한 정보시스템 성능 향상에 관한 연구," 한국군사과학기술학회, 종합학술대회, 2013, pp.391-392.
  5. 고장혁, 이동호, "국방정보시스템 성능향상을 위한 효율적인 GPU 적용방안 연구," 디지털산업정보학회, 제11권, 제1호, 2015, pp.27-35. https://doi.org/10.17662/KSDIM.2015.11.1.027
  6. Kalyan Veeramachaneni 외 2인, "AI2: Training a Big Data Machine to Defend," IEEE BigDataSecurity-HPSC-IDS, 2016, pp.49-54.
  7. 고장혁, 이동호, "정보 유출 탐지를 위한 머신 러닝 기반 내부자 행위 분석 연구," 디지털산업정보학회, 제13권, 제2호, 2017, pp.1-11. https://doi.org/10.17662/KSDIM.2017.13.2.001
  8. Richard Bejtlich, "Practice of Network Security Monitoring," 2013.
  9. 고장혁 외 6인, "Indicator-based Behavior Ontology for Detecting insider Threats in Network Systems," KSII Transactions on Internet and Information Systems, Vol. 11, No.10, 2017, pp.5062-5079.
  10. Nutan Farah Haq 외 5인, "Application of Machine Learning Approaches in Intrusion Detection System: A Survey," International Journal of Advanced Research in Artificial Intelligence, Vol.4, No.3, 2015, pp.9-18.
  11. Jeffrey Cleveland 외 3인, "Scalable Machine Learning Framework for Behavior-Based Access Control," Resilient Control Systems(ISRCS), 2013 6th International Symposium, pp.181-185.