DOI QR코드

DOI QR Code

A Study on the Insider Behavior Analysis Using Machine Learning for Detecting Information Leakage

정보 유출 탐지를 위한 머신 러닝 기반 내부자 행위 분석 연구

  • Received : 2017.05.18
  • Accepted : 2017.06.05
  • Published : 2017.06.30

Abstract

In this paper, we design and implement PADIL(Prediction And Detection of Information Leakage) system that predicts and detect information leakage behavior of insider by analyzing network traffic and applying a variety of machine learning methods. we defined the five-level information leakage model(Reconnaissance, Scanning, Access and Escalation, Exfiltration, Obfuscation) by referring to the cyber kill-chain model. In order to perform the machine learning for detecting information leakage, PADIL system extracts various features by analyzing the network traffic and extracts the behavioral features by comparing it with the personal profile information and extracts information leakage level features. We tested various machine learning methods and as a result, the DecisionTree algorithm showed excellent performance in information leakage detection and we showed that performance can be further improved by fine feature selection.

Acknowledgement

Supported by : 광운대학교

References

  1. Richard C. Brackney, Robert H. Anderson, "Understanding the Insider Threat," RAND, 2005.
  2. Marcus A. Maloof외 1인, "ELICT: A System for Detecting Insiders Who Violate Need-toknow," RAID(Recent Advances in Intrusion Detection) 2007, pp. 146-166.
  3. Ted E. Senator 외 26인, "Detecting Insider Threats in a Real Corporate Database of Computer Usage Activity," ACM SIGKDD, 2013, pp. 1393-1401.
  4. William T. Young 외 4인, "Use of Domain Knowledge to Detect Insider Threats in Computer Activities," IEEE Security and Privacy Workshops, 2013, pp. 60-67.
  5. 김태현 ․ 최승원, "SDR 시스템에서 GPU를 사용한 Lattice Reduction-aided 검출기 구현," 디지털산업정보학회, 제8권 4호, 2012, pp.91-98.
  6. 고장혁. 이동호, "국방정보시스템 성능향상을 위한 효율적인 GPU 적용방안 연구," 디지털산업 정보학회, 제11권 제1호, 2015, pp.27-35.
  7. 고장혁 ․ 임원기, "네트워크 트래픽 분석을 통한 행위기반 분석기술 연구," 한국군사과학기술학회, 종합학술대회, 2016, pp. 1291-1292.
  8. Richard Bejtlich, "Practice of Network Security Monitoring," 2013.
  9. Nutan Farah Haq 외 5인, "Application of Machine Learning Approaches in Intrusion Detection System: A Survey," International Journal of Advanced Research in Artificial Intelligence, Vol. 4, No.3, 2015, pp. 9-18.
  10. Jeffrey Cleveland 외 3인, "Scalable Machine Learning Framework for Behavior-Based Access Control," Resilent Control Systems (ISRCS), 2013 6th International Symposium, pp 181-185.