Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many...Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many intrusion detection systems learn and prevent known scenarios,but because malicious behavior has similar patterns to normal behavior,in reality,these systems can be evaded.Furthermore,because insider threats share a feature space similar to normal behavior,identifying them by detecting anomalies has limitations.This study proposes an improved anomaly detection methodology for insider threats that occur in cybersecurity in which a discrete wavelet transformation technique is applied to classify normal vs.malicious users.The discrete wavelet transformation technique easily discovers new patterns or decomposes synthesized data,making it possible to distinguish between shared characteristics.To verify the efficacy of the proposed methodology,experiments were conducted in which normal users and malicious users were classified based on insider threat scenarios provided in Carnegie Mellon University’s Computer Emergency Response Team(CERT)dataset.The experimental results indicate that the proposed methodology with discrete wavelet transformation reduced the false-positive rate by 82%to 98%compared to the case with no wavelet applied.Thus,the proposed methodology has high potential for application to similar feature spaces.展开更多
This study was conducted to enable prompt classification of malware,which was becoming increasingly sophisticated.To do this,we analyzed the important features of malware and the relative importance of selected featur...This study was conducted to enable prompt classification of malware,which was becoming increasingly sophisticated.To do this,we analyzed the important features of malware and the relative importance of selected features according to a learning model to assess how those important features were identified.Initially,the analysis features were extracted using Cuckoo Sandbox,an open-source malware analysis tool,then the features were divided into five categories using the extracted information.The 804 extracted features were reduced by 70%after selecting only the most suitable ones for malware classification using a learning model-based feature selection method called the recursive feature elimination.Next,these important features were analyzed.The level of contribution from each one was assessed by the Random Forest classifier method.The results showed that System call features were mostly allocated.At the end,it was possible to accurately identify the malware type using only 36 to 76 features for each of the four types of malware with the most analysis samples available.These were the Trojan,Adware,Downloader,and Backdoor malware.展开更多
Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of att...Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully.Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks.Although anomaly detection is adequate for detecting unknown attacks,its disadvantage is the possibility of high false alarms.Misuse detection has low false alarms;its limitation is that it can detect only known attacks.To overcome such limitations,many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques.This method can overcome the limitations of conventional methods and works better in detecting unknown attacks.However,this method does not accurately classify attacks like similar to normal or known attacks.Therefore,we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks.In anomaly detection,the model was designed to perform normal detection using Fuzzy c-means(FCM)and identify attacks hidden in normal predicted data using relabeling.In misuse detection,the model was designed to detect previously known attacks using Classification and Regression Trees(CART)and apply Isolation Forest(iForest)to classify unknown attacks hidden in known attacks.As an experiment result,the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11%and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.展开更多
Coronavirus disease 2019(COVID-19)has been termed a“Pandemic Disease”that has infected many people and caused many deaths on a nearly unprecedented level.As more people are infected each day,it continues to pose a s...Coronavirus disease 2019(COVID-19)has been termed a“Pandemic Disease”that has infected many people and caused many deaths on a nearly unprecedented level.As more people are infected each day,it continues to pose a serious threat to humanity worldwide.As a result,healthcare systems around the world are facing a shortage of medical space such as wards and sickbeds.In most cases,healthy people experience tolerable symptoms if they are infected.However,in other cases,patients may suffer severe symptoms and require treatment in an intensive care unit.Thus,hospitals should select patients who have a high risk of death and treat them first.To solve this problem,a number of models have been developed for mortality prediction.However,they lack interpretability and generalization.To prepare a model that addresses these issues,we proposed a COVID-19 mortality prediction model that could provide new insights.We identified blood factors that could affect the prediction of COVID-19 mortality.In particular,we focused on dependency reduction using partial correlation and mutual information.Next,we used the Class-Attribute Interdependency Maximization(CAIM)algorithm to bin continuous values.Then,we used Jensen Shannon Divergence(JSD)and Bayesian posterior probability to create less redundant and more accurate rules.We provided a ruleset with its own posterior probability as a result.The extracted rules are in the form of“if antecedent then results,posterior probability(θ)”.If the sample matches the extracted rules,then the result is positive.The average AUC Score was 96.77%for the validation dataset and the F1-score was 92.8%for the test data.Compared to the results of previous studies,it shows good performance in terms of classification performance,generalization,and interpretability.展开更多
基金This work was supported by the Research Program through the National Research Foundation of Korea,NRF-2022R1F1A1073375。
文摘Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many intrusion detection systems learn and prevent known scenarios,but because malicious behavior has similar patterns to normal behavior,in reality,these systems can be evaded.Furthermore,because insider threats share a feature space similar to normal behavior,identifying them by detecting anomalies has limitations.This study proposes an improved anomaly detection methodology for insider threats that occur in cybersecurity in which a discrete wavelet transformation technique is applied to classify normal vs.malicious users.The discrete wavelet transformation technique easily discovers new patterns or decomposes synthesized data,making it possible to distinguish between shared characteristics.To verify the efficacy of the proposed methodology,experiments were conducted in which normal users and malicious users were classified based on insider threat scenarios provided in Carnegie Mellon University’s Computer Emergency Response Team(CERT)dataset.The experimental results indicate that the proposed methodology with discrete wavelet transformation reduced the false-positive rate by 82%to 98%compared to the case with no wavelet applied.Thus,the proposed methodology has high potential for application to similar feature spaces.
基金supported by the Research Program through the National Research Foundation of Korea,NRF-2018R1D1A1B07050864.
文摘This study was conducted to enable prompt classification of malware,which was becoming increasingly sophisticated.To do this,we analyzed the important features of malware and the relative importance of selected features according to a learning model to assess how those important features were identified.Initially,the analysis features were extracted using Cuckoo Sandbox,an open-source malware analysis tool,then the features were divided into five categories using the extracted information.The 804 extracted features were reduced by 70%after selecting only the most suitable ones for malware classification using a learning model-based feature selection method called the recursive feature elimination.Next,these important features were analyzed.The level of contribution from each one was assessed by the Random Forest classifier method.The results showed that System call features were mostly allocated.At the end,it was possible to accurately identify the malware type using only 36 to 76 features for each of the four types of malware with the most analysis samples available.These were the Trojan,Adware,Downloader,and Backdoor malware.
基金This work was supported by the Research Program through the National Research Foundation of Korea,NRF-2018R1D1A1B07050864,and was supported by another the Agency for Defense Development,UD200020ED.
文摘Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully.Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks.Although anomaly detection is adequate for detecting unknown attacks,its disadvantage is the possibility of high false alarms.Misuse detection has low false alarms;its limitation is that it can detect only known attacks.To overcome such limitations,many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques.This method can overcome the limitations of conventional methods and works better in detecting unknown attacks.However,this method does not accurately classify attacks like similar to normal or known attacks.Therefore,we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks.In anomaly detection,the model was designed to perform normal detection using Fuzzy c-means(FCM)and identify attacks hidden in normal predicted data using relabeling.In misuse detection,the model was designed to detect previously known attacks using Classification and Regression Trees(CART)and apply Isolation Forest(iForest)to classify unknown attacks hidden in known attacks.As an experiment result,the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11%and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.
基金This research was supported by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2021–2020–0–01602)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘Coronavirus disease 2019(COVID-19)has been termed a“Pandemic Disease”that has infected many people and caused many deaths on a nearly unprecedented level.As more people are infected each day,it continues to pose a serious threat to humanity worldwide.As a result,healthcare systems around the world are facing a shortage of medical space such as wards and sickbeds.In most cases,healthy people experience tolerable symptoms if they are infected.However,in other cases,patients may suffer severe symptoms and require treatment in an intensive care unit.Thus,hospitals should select patients who have a high risk of death and treat them first.To solve this problem,a number of models have been developed for mortality prediction.However,they lack interpretability and generalization.To prepare a model that addresses these issues,we proposed a COVID-19 mortality prediction model that could provide new insights.We identified blood factors that could affect the prediction of COVID-19 mortality.In particular,we focused on dependency reduction using partial correlation and mutual information.Next,we used the Class-Attribute Interdependency Maximization(CAIM)algorithm to bin continuous values.Then,we used Jensen Shannon Divergence(JSD)and Bayesian posterior probability to create less redundant and more accurate rules.We provided a ruleset with its own posterior probability as a result.The extracted rules are in the form of“if antecedent then results,posterior probability(θ)”.If the sample matches the extracted rules,then the result is positive.The average AUC Score was 96.77%for the validation dataset and the F1-score was 92.8%for the test data.Compared to the results of previous studies,it shows good performance in terms of classification performance,generalization,and interpretability.
