A Validation of Effectiveness for Intrusion Detection Events Using TF-IDF

김효석; 김용민

A Validation of Effectiveness for Intrusion Detection Events Using TF-IDF

김효석

김용민

Vol. 28, No. 6, pp. 1489-1497, Nov. 2018

10.13089/JKIISC.2018.28.6.1489, Full Text:

Keywords: Intrusion Detection, Web Traffic Analysis, Text Mining, TF-IDF
Abstract

Web application services have diversified. At the same time, research on intrusion detection is continuing due to thesurge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specificintrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, webapplication type and version of the target system in real time, and intrusion detection events occurring in network-basedsecurity devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur forthreats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness forintrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of thetarget system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with anTF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

Statistics

Show / Hide Statistics

Cite this article

[IEEE Style]

김효석 and 김용민, "A Validation of Effectiveness for Intrusion Detection Events Using TF-IDF," Journal of The Korea Institute of Information Security and Cryptology, vol. 28, no. 6, pp. 1489-1497, 2018. DOI: 10.13089/JKIISC.2018.28.6.1489.

[ACM Style]

김효석 and 김용민. 2018. A Validation of Effectiveness for Intrusion Detection Events Using TF-IDF. Journal of The Korea Institute of Information Security and Cryptology, 28, 6, (2018), 1489-1497. DOI: 10.13089/JKIISC.2018.28.6.1489.