슬라이딩 윈도우 기반 BERT를 활용한 AWS CloudTrail MITRE ATT&CK 공격 탐지

Vol. 35, No. 1, pp. 109-118, 2월. 2025
10.13089/JKIISC.2025.35.1.109, Full Text:
Keywords: MITRE ATT&CK, BERT, Sliding Window Algorithm
Abstract

Identifying potential security threats in the modern cloud environment is considered a very important task. In this study, we propose a sliding window-based BERT model for predicting MITRE ATT&CK tactics by analyzing AWS CloudTrail logs. We divide the log sequence through the sliding window technique, based on which the model can capture time-series and contextual dependence. This approach enables precise log event classification by leveraging BERT's ability to understand the context. As a result of the experiment, the proposed framework achieved an f1-score of 0.933 in identifying attack tactics. This study highlights the importance of the approach using the sliding window-based BERT model to effectively predict the tactics and techniques of the MITRE ATT&CK framework based on AWS CloudTrail log data.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
박현준, 김지윤, 차원제, 최유정, 김태양, 신예지, "Anomaly Detection of MITRE ATT&CK Techniques in AWS CloudTrail Using BERT-Based Sliding Window Approach," Journal of The Korea Institute of Information Security and Cryptology, vol. 35, no. 1, pp. 109-118, 2025. DOI: 10.13089/JKIISC.2025.35.1.109.

[ACM Style]
박현준, 김지윤, 차원제, 최유정, 김태양, and 신예지. 2025. Anomaly Detection of MITRE ATT&CK Techniques in AWS CloudTrail Using BERT-Based Sliding Window Approach. Journal of The Korea Institute of Information Security and Cryptology, 35, 1, (2025), 109-118. DOI: 10.13089/JKIISC.2025.35.1.109.