repository
A Profiling Detection Framework for Unknown Attack
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.advisor | 곽진 | - |
| dc.contributor.author | 손동식 | - |
| dc.date.accessioned | 2022-11-29T03:01:08Z | - |
| dc.date.available | 2022-11-29T03:01:08Z | - |
| dc.date.issued | 2020-02 | - |
| dc.identifier.other | 29473 | - |
| dc.identifier.uri | https://dspace.ajou.ac.kr/handle/2018.oak/20792 | - |
| dc.description | 학위논문(박사)--아주대학교 일반대학원 :컴퓨터공학과,2020. 2 | - |
| dc.description.tableofcontents | Ⅰ. Introduction 1 Ⅱ. Related Work 6 A. Trend of APT Attack 6 1. APT attack analysis 6 2. APT attack environment analysis 9 3. APT attack environment problem 13 B. Trend of APT Response 18 1. APT detection environment analysis 18 2. APT detection evaluation framework 19 3. APT detection assessment framework and problems 21 4. APT detection profiling 28 Ⅲ. Proposed Scheme 30 A. Framework Overview 30 1. Proposed framework configuration Overview 30 2. APT attack detection framework 32 3. Profiling framework for detection of unknown attacks 42 Ⅳ. Experimental Results 55 A. APT Detection Framework 55 1. Experimental Environment 55 2. Experimental Results 58 B. Profiling framework for unknown attack 68 1. Experimental Environment 68 2. Experimental Results 69 Ⅴ. Conclusion 82 Reference 83 초록 93 | - |
| dc.language.iso | eng | - |
| dc.publisher | The Graduate School, Ajou University | - |
| dc.rights | 아주대학교 논문은 저작권에 의해 보호받습니다. | - |
| dc.title | A Profiling Detection Framework for Unknown Attack | - |
| dc.title.alternative | Dongsik Sohn | - |
| dc.type | Thesis | - |
| dc.contributor.affiliation | 아주대학교 일반대학원 | - |
| dc.contributor.alternativeName | Dongsik Sohn | - |
| dc.contributor.department | 일반대학원 컴퓨터공학과 | - |
| dc.date.awarded | 2020. 2 | - |
| dc.description.degree | Doctoral | - |
| dc.identifier.localId | 1133963 | - |
| dc.identifier.uci | I804:41038-000000029473 | - |
| dc.identifier.url | http://dcoll.ajou.ac.kr:9080/dcollection/common/orgView/000000029473 | - |
| dc.description.alternativeAbstract | The wide variety of hacker attack spectrum means that the range of APT attacks will vary. However, polymorphism of scope and penetration method also means that more than 90% of the attacks use unknown malicious code. In other words, the actions after the infiltration are to take full control of the system, monitor the activity of the system for a long time, and take actions that steal user's useful information. In this study, we use the detection result as metadata, which is a core element of intelligent cyber attack, using the framework for the steady detection of unknown malicious codes, and the result is various factors for generating attack profile of hacker in SIEM As a meaningful identifier, to detect potential hacker attacks more intelligently. The results of the study also show that the system was developed and verified as real data in a commercial environment. In addition, the research contents proposed in this paper are expected to be more practical as the accumulation of large amounts of data as they operate directly in a commercial environment without remaining in the effectiveness test. | - |
- Appears in Collections:
- Graduate School of Ajou University > Department of Computer Engineering > 4. Theses(Ph.D)
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
-
- License
- STATISTICS
- Total Visit :3,727,504
- Total Download :1,818
- Today View :5,162
