The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Design of Multi-Level Abnormal Detection System Suitable for Time-Series Data

시계열 데이터에 적합한 다단계 비정상 탐지 시스템 설계

  • 채문창 ((주)퓨쳐시스템 보안기술연구소) ;
  • 임혁 ((주)퓨쳐시스템 보안기술연구소) ;
  • 강남희 (덕성여자대학교 디지털미디어학과)
  • Received : 2016.11.16
  • Accepted : 2016.12.09
  • Published : 2016.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

As new information and communication technologies evolve, security threats are also becoming increasingly intelligent and advanced. In this paper, we analyze the time series data continuously entered through a series of periods from the network device or lightweight IoT (Internet of Things) devices by using the statistical technique and propose a system to detect abnormal behaviors of the device or abnormality based on the analysis results. The proposed system performs the first level abnormal detection by using previously entered data set, thereafter performs the second level anomaly detection according to the trust bound configured by using stored time series data based on time attribute or group attribute. Multi-level analysis is able to improve reliability and to reduce false positives as well through a variety of decision data set.

새로운 정보통신 기술의 발전과 더불어 보안 위협도 나날이 지능화 고도화되고 있다. 본 논문은 네트워크 장치나 사물인터넷 경량 장치에서 일련의 주기를 통해 연속적으로 입력되는 시계열 데이터를 통계적 기법을 활용하여 분석하고, 분석 정보를 기반으로 장치의 이상 유무나 비정상 징후를 탐지할 수 있는 시스템을 제안한다. 제안 시스템은 과거에 입력된 데이터를 기반으로 1차 비정상 탐지를 수행하고, 시간 속성이나 그룹의 속성을 기반으로 저장되어있는 시계열 데이터를 기반으로 신뢰구간을 설정하여 2차 비정상 탐지를 수행한다. 다단계 분석은 판정 데이터의 다양성을 통해 신뢰성을 향상시키고 오탐율을 줄일 수 있다.

Keywords

References

  1. S. Li, L. D. Xu, and S. Zhao, "The internet of things: a survey," Information Systems Frontiers, Springer, Vol. 17, No. 2, pp. 243-259, April 2015. DOI: https://doi.org/10.1007/s10796-014-9492-7.
  2. Jeongin Kim, Namhi Kang, "Secure Configuration Scheme for Internet of Things using NFC as OOB Channel," The Journal of the Institute of Internet, Broadcasting and Communication, Vol. 16, No. 03, pp.13-19, June 2016. DOI: https://doi.org/10.7236/JIIBC.2016.16.3.13
  3. Jiye Park, Namhi Kang, "Design of Smart Service based on Reverse-proxy for the Internet of Things," The Journal of the Institute of Internet, Broadcasting and Communication, Vol. 14, No. 06, pp.1-6, Dec. 2014. DOI: https://doi.org/10.7236/JIIBC.2014.14.6.1
  4. Myungcheol Lee, Daesung Moon, Ikkyun Kim, "Real-time Abnormal Behavior Detection System based on Fast Data," Journal of the Korea Institute of Information Security and Cryptology, Vol. 25, No. 5, pp.1027-1041, Oct. 2015. DOI: https://doi.org/10.13089/JKIISC.2015.25.5.102
  5. Colin Tankard, "Advanced persistent threats and how to monitor and deter them," Network Security, Vol. 2011, No. 8, pp. 16-19, Aug. 2011. DOI: https://doi.org/10.1016/S1353-4858(11)70086-1
  6. Mark Stamp, "Information Security, Principles and Practice," Wiley, ISBN 978-0-470-62639-9, May 2011.
  7. Z. Zulkefli, M. M. Singh, N. H. A. H. Malim, "Advanced Persistent Threat Mitigation Using Multi Level Security - Access Control Framework," Vol. 9158, LNCS, Springer, pp 90-105, June 2015. DOI: https://doi.org/10.1007/978-3-319-21410-8_7
  8. Elshoush. H. Tagelsir. and I. M. Osmank, "Alert correlation in collaborative intelligent intrusion detection systems - A survey." Applied Soft Computing In Press, Vol. 11, No. 7, pp.4349-4365, Oct. 2011. DOI: https://doi.org/10.1016/j.asoc.2010.12.004
  9. Chan-young Choi, Dea-woo Park, "The Analysis of the APT Prelude by Big Data Analytics," Journal of the Korea Institute of Information and Communication Engineering, Vol. 20, No. 6, pp.1129-1135, June 2016. DOI : https://doi.org/10.6109/jkiice.2016.20.6.1129
  10. Ho-sub Lee, Eung-ki Park, Jung-taek Seo, "A New Method to Detect Anomalous State of Network using Information of Clusters," Journal of the Korea Institute of Information Security and Cryptology, Vol. 22, No. 3, pp. 545-552, June 2012.
  11. Kyungho Son, Taijin Lee, Dongho Won, "Design for Zombie PCs and APT Attack Detection based on traffic analysis," Journal of The Korea Institute of Information Security & Cryptology, VOL.24, NO.3, Jun. 2014. DOI : https://doi.org/10.13089/JKIISC.2014.24.3.491
  12. Poonam Sinai Kenkre, Anusha Pai, Louella Colaco, "Real Time Intrusion Detection and Prevention System," Proc. of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA), pp. 405-411, 2014. DOI: https://doi.org/10.1007/978-3-319-11933-5_44