• Journal of Internet Computing and Services
    ISSN 2287 - 1136 (Online) / ISSN 1598 - 0170 (Print)
    https://jics.or.kr/

Extraction of Network Threat Signatures Using Latent Dirichlet Allocation


Sungil Lee, Suchul Lee, Jun-Rak Lee, Heung-youl Youm, Journal of Internet Computing and Services, Vol. 19, No. 1, pp. 1-10, Feb. 2018
10.7472/jksii.2018.19.1.1, Full Text:
Keywords: LDA, network threat detection, Intrusion Detection System, signature

Abstract

Network threats such as Internet worms and computer viruses have been significantly increasing. In particular, APTs(Advanced Persistent Threats) and ransomwares become clever and complex. IDSes(Intrusion Detection Systems) have performed a key role as information security solutions during last few decades. To use an IDS effectively, IDS rules must be written properly. An IDS rule includes a key signature and is incorporated into an IDS. If so, the network threat containing the signature can be detected by the IDS while it is passing through the IDS. However, it is challenging to find a key signature for a specific network threat. We first need to analyze a network threat rigorously, and write a proper IDS rule based on the analysis result. If we use a signature that is common to benign and/or normal network traffic, we will observe a lot of false alarms. In this paper, we propose a scheme that analyzes a network threat and extracts key signatures corresponding to the threat. Specifically, our proposed scheme quantifies the degree of correspondence between a network threat and a signature using the LDA(Latent Dirichlet Allocation) algorithm. Obviously, a signature that has significant correspondence to the network threat can be utilized as an IDS rule for detection of the threat.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Lee, S., Lee, S., Lee, J., & Youm, H. (2018). Extraction of Network Threat Signatures Using Latent Dirichlet Allocation. Journal of Internet Computing and Services, 19(1), 1-10. DOI: 10.7472/jksii.2018.19.1.1.

[IEEE Style]
S. Lee, S. Lee, J. Lee, H. Youm, "Extraction of Network Threat Signatures Using Latent Dirichlet Allocation," Journal of Internet Computing and Services, vol. 19, no. 1, pp. 1-10, 2018. DOI: 10.7472/jksii.2018.19.1.1.

[ACM Style]
Sungil Lee, Suchul Lee, Jun-Rak Lee, and Heung-youl Youm. 2018. Extraction of Network Threat Signatures Using Latent Dirichlet Allocation. Journal of Internet Computing and Services, 19, 1, (2018), 1-10. DOI: 10.7472/jksii.2018.19.1.1.