본문 바로가기
  • Home

Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2023, 28(11), pp.89-101
  • DOI : 10.9708/jksci.2023.28.11.089
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science
  • Received : September 13, 2023
  • Accepted : November 15, 2023
  • Published : November 30, 2023

Juyeon Lee 1 Dae-seon Choi 2 Seung-Hyun Kim 1

1한국교원대학교
2숭실대학교

Accredited

ABSTRACT

In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched. Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates. To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.

Citation status

* References for papers published after 2023 are currently being built.

This paper was written with support from the National Research Foundation of Korea.