论文信息 - Anomaly Based Unknown Intrusion Detection in Endpoint Environments

Anomaly Based Unknown Intrusion Detection in Endpoint Environments

According to a study by Cybersecurity Ventures, cybercrime is expected to cost $6 trillion annually by 2021. Most cybersecurity threats access internal networks through infected endpoints. Recently, various endpoint environments such as smartphones, tablets, and Internet of things (IoT) devices have been configured, and security issues caused by malware targeting them are intensifying. Event logs-based detection technology for endpoint security is detected using rules or patterns. Therefore, known attacks can respond, but unknown attacks can be difficult to respond to immediately. To solve this problem, in this paper, local outlier factor (LOF) and Autoencoder detect suspicious behavior that deviates from normal behavior. It also detects threats and shows the corresponding threats when suspicious events corresponding to the rules created through the attack profile are constantly occurring. Experimental results detected eight new suspicious processes that were not previously detected, and four malicious processes and one suspicious process were judged using Hybrid Analysis and VirusTotal. Based on the experiment results, it is expected that the use of operational policies such as allowlists in the proposed model will significantly improve performance by minimizing false positives.

[1] Chih-Fong Tsai,et al. CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[2] Albert Y. Zomaya,et al. A Hybrid Deep Learning-Based Model for Anomaly Detection in Cloud Datacenter Networks , 2019, IEEE Transactions on Network and Service Management.

[3] Trevor J. Bihl,et al. anomalyDetection: Implementation of Augmented Network Log Anomaly Detection Procedures , 2017, R J..

[4] Shadi Aljawarneh,et al. Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model , 2017, J. Comput. Sci..

[5] Huy Kang Kim,et al. Andro-profiler: Anti-malware system based on behavior profiling of mobile malware , 2014, Inscrypt 2014.

[6] Ali Dehghantanha,et al. A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks , 2019, IEEE Transactions on Emerging Topics in Computing.

[7] A. Ebonyi,et al. Hepatitis B Virus Total Core Antibodies among HIV-1 Infected Hepatitis B Surface Antigen Negative Patients Attending a Tertiary Health Facility in North-central Nigeria , 2016 .

[8] Mohiuddin Ahmed,et al. A survey of network anomaly detection techniques , 2016, J. Netw. Comput. Appl..

[9] B. Muthukumar,et al. Intrusion Detection System (IDS): Anomaly Detection Using Outlier Detection Approach , 2015 .