http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
Indicator-based Behavior Ontology for Detecting Insider Threats in Network Systems
( Janghyuk Kauh ),( Wongi Lim ),( Koohyung Kwon ),( Jong-eon Lee ),( Jung-jae Kim ),( Minwoo Ryu ),( Si-ho Cha ) 한국인터넷정보학회 2017 KSII Transactions on Internet and Information Syst Vol.11 No.10
Malicious insider threats have increased recently, and methods of the threats are diversifying every day. These insider threats are becoming a significant problem in corporations and governments today. From a technology standpoint, detecting potential insider threats is difficult in early stage because it is unpredictable. In order to prevent insider threats in early stage, it is necessary to collect all of insiders’ data which flow in network systems, and then analyze whether the data are potential threat or not. However, analyzing all of data makes us spend too much time and cost. In addition, we need a large repository in order to collect and manage these data. To resolve this problem, we develop an indicator-based behavior ontology (IB2O) that allows us to understand and interpret insiders’ data packets, and then to detect potential threats in early stage in network systems including social networks and company networks. To show feasibility of the behavior ontology, we developed a prototype platform called Insider Threat Detecting Extractor (ITDE) for detecting potential insider threats in early stage based on the behavior ontology. Finally, we showed how the behavior ontology would help detect potential inside threats in network system. We expect that the behavior ontology will be able to contribute to detecting malicious insider threats in early stage.
네트워크 Performance를 고려한 ABR서비스의 셀율 증가 / 감소에 관한 연구
고장혁(Kauh Janghyuk),김광현(Kim kwanghyun),이동호(Lee Dongho) 한국정보과학회 1997 한국정보과학회 학술발표논문집 Vol.24 No.2Ⅲ
ATM-Forum에서는 기존의 telnet, ftp 등과 같은 LAN서비스와 VOD서비스등을 수용하는 적절한 서비스로 ABR, UBR서비스를 권고하고 있다. 그러나 UBR서비스의 경우는 단순히 PCR만을 지원하기 때문에 다양한 QOS를 만족하기 힘들다. 따라서 ABR서비스가 주로 권고되고 있다. 본 논문에서는 이러한 ABR서비스의 트래픽을 제어하기 위한 방법으로 현재 표준으로 정해진 Rate 기반의 제어 방식으로 셀율(Cell Rate)의 증가 및 감소 방식을 다양하게 비교 분석한다. 또 기존의 연구에서 가장 좋은 방법으로 생각되고 있는 가산적인 증가와 배수적인 감소 방법이 수학적 및 시뮬레이션을 통해 다른 방법과 비교하여 보다 성능이 우수하다는 사실을 보이고, 네트워크의 Performance를 고려한 새로운 알고리즘을 제시하여 시뮬레이션을 통해 기존의 방법과 비교 분석한다.
정보 유출 탐지를 위한 머신 러닝 기반 내부자 행위 분석 연구
고장혁,이동호,Kauh, Janghyuk,Lee, Dongho 디지털산업정보학회 2017 디지털산업정보학회논문지 Vol.13 No.2
In this paper, we design and implement PADIL(Prediction And Detection of Information Leakage) system that predicts and detect information leakage behavior of insider by analyzing network traffic and applying a variety of machine learning methods. we defined the five-level information leakage model(Reconnaissance, Scanning, Access and Escalation, Exfiltration, Obfuscation) by referring to the cyber kill-chain model. In order to perform the machine learning for detecting information leakage, PADIL system extracts various features by analyzing the network traffic and extracts the behavioral features by comparing it with the personal profile information and extracts information leakage level features. We tested various machine learning methods and as a result, the DecisionTree algorithm showed excellent performance in information leakage detection and we showed that performance can be further improved by fine feature selection.
네트워크 트래픽 수집 및 복원을 통한 내부자 행위 분석 프레임워크 연구
고장혁,이동호,Kauh, Janghyuk,Lee, Dongho 디지털산업정보학회 2017 디지털산업정보학회논문지 Vol.13 No.4
In this paper, we developed a framework to detect and predict insider information leakage by collecting and restoring network traffic. For automated behavior analysis, many meta information and behavior information obtained using network traffic collection are used as machine learning features. By these features, we created and learned behavior model, network model and protocol-specific models. In addition, the ensemble model was developed by digitizing and summing the results of various models. We developed a function to present information leakage candidates and view meta information and behavior information from various perspectives using the visual analysis. This supports to rule-based threat detection and machine learning based threat detection. In the future, we plan to make an ensemble model that applies a regression model to the results of the models, and plan to develop a model with deep learning technology.