A Profiling Detection Framework for Unknown Attack

Alternative Title
Dongsik Sohn
Author(s)
손동식
Alternative Author(s)
Dongsik Sohn
Advisor
곽진
Department
일반대학원 컴퓨터공학과
Publisher
The Graduate School, Ajou University
Publication Year
2020-02
Language
eng
Alternative Abstract
The wide variety of hacker attack spectrum means that the range of APT attacks will vary. However, polymorphism of scope and penetration method also means that more than 90% of the attacks use unknown malicious code. In other words, the actions after the infiltration are to take full control of the system, monitor the activity of the system for a long time, and take actions that steal user's useful information. In this study, we use the detection result as metadata, which is a core element of intelligent cyber attack, using the framework for the steady detection of unknown malicious codes, and the result is various factors for generating attack profile of hacker in SIEM As a meaningful identifier, to detect potential hacker attacks more intelligently. The results of the study also show that the system was developed and verified as real data in a commercial environment. In addition, the research contents proposed in this paper are expected to be more practical as the accumulation of large amounts of data as they operate directly in a commercial environment without remaining in the effectiveness test.
URI
https://dspace.ajou.ac.kr/handle/2018.oak/20792
Fulltext

Appears in Collections:
Graduate School of Ajou University > Department of Computer Engineering > 4. Theses(Ph.D)
Files in This Item:
There are no files associated with this item.
Export
RIS (EndNote)
XLS (Excel)
XML

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse