Ikkyun Kim scite author profile

Deep learning has been widely studied in many technical domains such as image analysis and speech recognition, with its benefits that effectively deal with complex and high-dimensional data.Our preliminary experiments show a high degree of non-linearity from the network connection data, which explains why it is hard to improve the performance of identifying network anomalies by using conventional learning methods (e.g., Adaboosting, SVM, and Random Forest). In this study, we design and examine deep learning models constructed based on Fully Connected Networks (FCNs), Variational AutoEncoder (VAE), and Sequence-to-Sequence (Seq2Seq) structures. For the extensive evaluation, we employ a broad range of the public datasets with unique characteristics. Our experimental results confirm the feasibility of deep learning-based network anomaly detection, with the improved performance compared to the conventional learning techniques. In particular, the detection model based on Seq2Seq with LSTM is highly promising, consistently yielding over 99% of accuracy to identify network anomalies from the entire datasets employed in the evaluation.

show abstract

PE File Header Analysis-Based Packed PE File Detection Technique (PHAD)

Choi

Kim

et al. 2008

View full text Add to dashboard

Cyber Threat Detection Based on Artificial Neural Networks Using Event Profiles

Lee

Kim

et al. 2019

IEEE Access

View full text Add to dashboard

One of the major challenges in cybersecurity is the provision of an automated and effective cyber-threats detection technique. In this paper, we present an AI technique for cyber-threats detection, based on artificial neural networks. The proposed technique converts multitude of collected security events to individual event profiles and use a deep learning-based detection method for enhanced cyber-threat detection. For this work, we developed an AI-SIEM system based on a combination of event profiling for data preprocessing and different artificial neural network methods, including FCNN, CNN, and LSTM. The system focuses on discriminating between true positive and false positive alerts, thus helping security analysts to rapidly respond to cyber threats. All experiments in this study are performed by authors using two benchmark datasets (NSLKDD and CICIDS2017) and two datasets collected in the real world. To evaluate the performance comparison with existing methods, we conducted experiments using the five conventional machine-learning methods (SVM, k-NN, RF, NB, and DT). Consequently, the experimental results of this study ensure that our proposed methods are capable of being employed as learning-based models for network intrusion-detection, and show that although it is employed in the real world, the performance outperforms the conventional machine-learning methods.

show abstract

Host-based intrusion detection system for secure human-centric computing

2015

View full text Add to dashboard

With the advancement of information communication technology, people can access many useful services for human-centric computing. Although this advancement increases work efficiency and provides greater convenience to people, advanced security threats such as the Advanced Persistent Threat (APT) attack have been continuously increasing. Technical measures for protecting against an APT attack are desperately needed because APT attacks, such as the 3.20 Cyber Terror and SK Communications hacking incident, have occurred repeatedly and cause considerable damage, socially and economically. Moreover, there are limitations of the existing security devices designed to cope with APT attacks that continue persistently using zero-day malware. For this reason, we propose a malware detection method based on the behavior information of a process on the host PC. Our proposal overcomes the limitations of the existing signature-based intrusion detection systems. First, we defined 39 characteristics for demarcating malware from benign programs and collected 8.7 million characteristic parameter events when malware and benign programs were executed in a virtual-machine environment. Further, when an executable program B Daesung Moon daesung@etri.re.kr Sung Bum Pan 123 D. Moon et al.is running on a host PC, we present the behavior information as an 83-dimensional vector by reconstructing the frequency of each characteristic parameter's occurrence according to the process ID for the collected characteristic parameter data. It is possible to present more accurate behavior information by including the frequency of characteristic parameter events occurring in child processes. We use a C4.5 decision tree algorithm to detect malware in the database. The results of our proposed method show a 2.0 % false-negative detection rate and a 5.8 % false-positive detection rate.

show abstract

Unsupervised Labeling for Supervised Anomaly Detection in Enterprise and Cloud Networks

Baek

Kwon

Kim

et al. 2017

View full text Add to dashboard

Improvement of malware detection and classification using API call sequence alignment and visualization

Kim

et al. 2017

Cluster Comput

View full text Add to dashboard

scite is a Brooklyn-based startup that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Ikkyun Kim

A survey of deep learning-based network anomaly detection

DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks

An Empirical Evaluation of Deep Learning for Network Anomaly Detection

PE File Header Analysis-Based Packed PE File Detection Technique (PHAD)

Cyber Threat Detection Based on Artificial Neural Networks Using Event Profiles

Host-based intrusion detection system for secure human-centric computing

Unsupervised Labeling for Supervised Anomaly Detection in Enterprise and Cloud Networks

Improvement of malware detection and classification using API call sequence alignment and visualization

Contact Info

Product

Resources

About