Indian Journal of Science and Technology
DOI: 10.17485/ijst/2016/v9iS(1)/109905
Year: 2016, Volume: 9, Issue: Special Issue 1, Pages: 1-5
Original Article
Hyung-Jin Mun1 and Byoung Yup Lee2*
1 Division of Information and Communication Engineering, Baekseok University, Korea; [email protected]
2 Department of Cyber Security, Pai Chai University, Korea; [email protected]
*Author for correspondence
Byoung Yup Lee
Department of Cyber Security
Email:[email protected]
Background/Objectives: Cyber incidents collected from security information & event management system are growing rapidly due to expanding malicious code and companies got to collect more data and to use a variety of information with the advent of big data. Methods/Statistical Analysis: It is difficult for cyber incident analysts to extract and classify similar features due to Cyber Attacks. To solve these problems, the analytical classification of cyber incidentis formerly generated for one of the profiles from the features of cyber incidentsand cyber observable, and by evaluating the degree of similarity based on this profile, similar cyber incident is identified. Findings: Analytical classification from big data of cyber incident requires various features of cyber observables that compose the cyber incident. Therefore, it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified asthe same features of cyber observables. When utilizing an ensemble algorithm and grouping similar features, we calculate the similarity, it shows higher accuracy of the classification than it is calculated based on the same criteria. Improvements/Applications: We propose a multiprofile ensemble model performed similarity analysis on cyber incident based on both attack type and cyber observable that can enhance the accuracy of the classification.
Keywords: Classification, Cyber Incident, Cyber Observable, Ensemble Model, Intrusion, Profiles
Subscribe now for latest articles and news.
