LARGen: Automatic Signature Generation for Malwares Using Latent Dirichlet Allocation
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Lee, Suchul | - |
dc.contributor.author | Kim, Sungho | - |
dc.contributor.author | Lee, Sungil | - |
dc.contributor.author | Choi, Jaehyuk | - |
dc.contributor.author | Yoon, Hanjun | - |
dc.contributor.author | Lee, Dohoon | - |
dc.contributor.author | Lee, Jun-Rak | - |
dc.date.available | 2020-02-27T09:41:49Z | - |
dc.date.created | 2020-02-06 | - |
dc.date.issued | 2018-09 | - |
dc.identifier.issn | 1545-5971 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/3378 | - |
dc.description.abstract | As the quantity and complexity of network threats grow, Intrusion Detection Systems (IDSs) have become critical for securing networks. Achieving computer network intrusion detection with these IDSs requires high-level information technology and security expertise because malicious traffic has to be rigorously analyzed and the appropriate IDS rules written to effectively detect vulnerabilities that may potentially be exploited. However, incorrect IDS rules may produce numerous false positives, thereby degrading the performance of the IDS, and even worse, paralyzing the network. In this paper, we present a novel approach that exploits the Latent Dirichle Allocation (LDA) algorithm to generate IDS rules. Our proposed method, called LDA-based Automatic Rule Generation (LaaGen), automatically performs an analysis of the malicious traffic and extracts the appropriate attack signatures that will be used for IDS rules. LARGen first extracts multiple signature strings embedded in network flows. Then, the flows are classified based on the extracted signature strings, and key content strings for malicious traffic are identified through the LDA inferential topic model. Those key content strings are the core of an IDS rule that can detect malicious traffic. We study the effectiveness of LDA in the context of network attack signature generation via extensive experiments with real network trace data, consisting of both benign and malicious traffic. Experimental results confirm that threat rules generated from LARGen accurately detect every cyber attack with high accuracy. | - |
dc.language | 영어 | - |
dc.language.iso | en | - |
dc.publisher | IEEE COMPUTER SOC | - |
dc.relation.isPartOf | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | - |
dc.title | LARGen: Automatic Signature Generation for Malwares Using Latent Dirichlet Allocation | - |
dc.type | Article | - |
dc.type.rims | ART | - |
dc.description.journalClass | 1 | - |
dc.identifier.wosid | 000443711200004 | - |
dc.identifier.doi | 10.1109/TDSC.2016.2609907 | - |
dc.identifier.bibliographicCitation | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, v.15, no.5, pp.771 - 783 | - |
dc.identifier.scopusid | 2-s2.0-85052848933 | - |
dc.citation.endPage | 783 | - |
dc.citation.startPage | 771 | - |
dc.citation.title | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | - |
dc.citation.volume | 15 | - |
dc.citation.number | 5 | - |
dc.contributor.affiliatedAuthor | Choi, Jaehyuk | - |
dc.type.docType | Article | - |
dc.subject.keywordAuthor | Intrusion detection system | - |
dc.subject.keywordAuthor | automated threat rule generation | - |
dc.subject.keywordAuthor | latent Dirichlet allocation | - |
dc.subject.keywordAuthor | system design and implementation | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Hardware & Architecture | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Software Engineering | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
1342, Seongnam-daero, Sujeong-gu, Seongnam-si, Gyeonggi-do, Republic of Korea(13120)031-750-5114
COPYRIGHT 2020 Gachon University All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.