repository
A Profiling Detection Framework for Unknown Attack
- Alternative Title
- Dongsik Sohn
- Author(s)
- 손동식
- Alternative Author(s)
- Dongsik Sohn
- Advisor
- 곽진
- Department
- 일반대학원 컴퓨터공학과
- Publisher
- The Graduate School, Ajou University
- Publication Year
- 2020-02
- Language
- eng
- Alternative Abstract
- The wide variety of hacker attack spectrum means that the range of APT attacks will vary. However, polymorphism of scope and penetration method also means that more than 90% of the attacks use unknown malicious code. In other words, the actions after the infiltration are to take full control of the system, monitor the activity of the system for a long time, and take actions that steal user's useful information. In this study, we use the detection result as metadata, which is a core element of intelligent cyber attack, using the framework for the steady detection of unknown malicious codes, and the result is various factors for generating attack profile of hacker in SIEM As a meaningful identifier, to detect potential hacker attacks more intelligently. The results of the study also show that the system was developed and verified as real data in a commercial environment. In addition, the research contents proposed in this paper are expected to be more practical as the accumulation of large amounts of data as they operate directly in a commercial environment without remaining in the effectiveness test.
- Fulltext
- Appears in Collections:
- Graduate School of Ajou University > Department of Computer Engineering > 4. Theses(Ph.D)
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
-
- License
- STATISTICS
- Total Visit :3,295,004
- Total Download :1,737
- Today View :2,822
