@article{ART003017300},
author={Juyeon Lee and Dae-seon Choi and Seung-Hyun Kim},
title={Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies},
journal={Journal of The Korea Society of Computer and Information},
issn={1598-849X},
year={2023},
volume={28},
number={11},
pages={89-101},
doi={10.9708/jksci.2023.28.11.089}
TY - JOUR
AU - Juyeon Lee
AU - Dae-seon Choi
AU - Seung-Hyun Kim
TI - Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies
JO - Journal of The Korea Society of Computer and Information
PY - 2023
VL - 28
IS - 11
PB - The Korean Society Of Computer And Information
SP - 89
EP - 101
SN - 1598-849X
AB - In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched.
Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates.
To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.
KW - Anomaly Detection;LANL2015;HBOS;Feature extraction;Logon Type
DO - 10.9708/jksci.2023.28.11.089
ER -
Juyeon Lee, Dae-seon Choi and Seung-Hyun Kim. (2023). Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies. Journal of The Korea Society of Computer and Information, 28(11), 89-101.
Juyeon Lee, Dae-seon Choi and Seung-Hyun Kim. 2023, "Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies", Journal of The Korea Society of Computer and Information, vol.28, no.11 pp.89-101. Available from: doi:10.9708/jksci.2023.28.11.089
Juyeon Lee, Dae-seon Choi, Seung-Hyun Kim "Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies" Journal of The Korea Society of Computer and Information 28.11 pp.89-101 (2023) : 89.
Juyeon Lee, Dae-seon Choi, Seung-Hyun Kim. Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies. 2023; 28(11), 89-101. Available from: doi:10.9708/jksci.2023.28.11.089
Juyeon Lee, Dae-seon Choi and Seung-Hyun Kim. "Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies" Journal of The Korea Society of Computer and Information 28, no.11 (2023) : 89-101.doi: 10.9708/jksci.2023.28.11.089
Juyeon Lee; Dae-seon Choi; Seung-Hyun Kim. Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies. Journal of The Korea Society of Computer and Information, 28(11), 89-101. doi: 10.9708/jksci.2023.28.11.089
Juyeon Lee; Dae-seon Choi; Seung-Hyun Kim. Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies. Journal of The Korea Society of Computer and Information. 2023; 28(11) 89-101. doi: 10.9708/jksci.2023.28.11.089
Juyeon Lee, Dae-seon Choi, Seung-Hyun Kim. Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies. 2023; 28(11), 89-101. Available from: doi:10.9708/jksci.2023.28.11.089
Juyeon Lee, Dae-seon Choi and Seung-Hyun Kim. "Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies" Journal of The Korea Society of Computer and Information 28, no.11 (2023) : 89-101.doi: 10.9708/jksci.2023.28.11.089