LARGen: Automatic Signature Generation for Malwares Using Latent Dirichlet Allocation
- Authors
- Lee, Suchul; Kim, Sungho; Lee, Sungil; Choi, Jaehyuk; Yoon, Hanjun; Lee, Dohoon; Lee, Jun-Rak
- Issue Date
- Sep-2018
- Publisher
- IEEE COMPUTER SOC
- Keywords
- Intrusion detection system; automated threat rule generation; latent Dirichlet allocation; system design and implementation
- Citation
- IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, v.15, no.5, pp.771 - 783
- Journal Title
- IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
- Volume
- 15
- Number
- 5
- Start Page
- 771
- End Page
- 783
- URI
- https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/3378
- DOI
- 10.1109/TDSC.2016.2609907
- ISSN
- 1545-5971
- Abstract
- As the quantity and complexity of network threats grow, Intrusion Detection Systems (IDSs) have become critical for securing networks. Achieving computer network intrusion detection with these IDSs requires high-level information technology and security expertise because malicious traffic has to be rigorously analyzed and the appropriate IDS rules written to effectively detect vulnerabilities that may potentially be exploited. However, incorrect IDS rules may produce numerous false positives, thereby degrading the performance of the IDS, and even worse, paralyzing the network. In this paper, we present a novel approach that exploits the Latent Dirichle Allocation (LDA) algorithm to generate IDS rules. Our proposed method, called LDA-based Automatic Rule Generation (LaaGen), automatically performs an analysis of the malicious traffic and extracts the appropriate attack signatures that will be used for IDS rules. LARGen first extracts multiple signature strings embedded in network flows. Then, the flows are classified based on the extracted signature strings, and key content strings for malicious traffic are identified through the LDA inferential topic model. Those key content strings are the core of an IDS rule that can detect malicious traffic. We study the effectiveness of LDA in the context of network attack signature generation via extensive experiments with real network trace data, consisting of both benign and malicious traffic. Experimental results confirm that threat rules generated from LARGen accurately detect every cyber attack with high accuracy.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - ETC > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/3378)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.