Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
| ÇѱÛÁ¦¸ñ(Korean Title) |
ÀÛ¼ºÀÚ ºÐ¼® ±â¹ÝÀÇ °ø°Ý ¸ÞÀÏ Å½Áö¸¦ À§ÇÑ ºÐ·ù ¸ðµ¨ |
| ¿µ¹®Á¦¸ñ(English Title) |
A Classification Model for Attack Mail Detection based on the Authorship |
| ÀúÀÚ(Author) |
È«¼º»ï
½Å°ÇÀ±
ÇÑ¸í¹¬
Sung-Sam
Hong Gun-Yoon
Shin Myung-Mook
Han
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 18 NO. 06 PP. 0035 ~ 0046 (2017. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
ÃÖ±Ù »çÀ̹öº¸¾È¿¡¼ ¾Ç¼ºÄڵ带 ÀÌ¿ëÇÑ °ø°ÝÀº ¸ÞÀÏ¿¡ ¾Ç¼ºÄڵ带 ÷ºÎÇÏ¿© À̸¦ »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï À¯µµÇÏ¿© °ø°ÝÀ» ¼öÇàÇÏ´Â ÇüÅ°¡ ´Ã¾î³ª°í ÀÖ´Ù. ƯÈ÷ ¹®¼ÇüÅÂÀÇ ÆÄÀÏÀ» ÷ºÎÇÏ¿© »ç¿ëÀÚ°¡ ½±°Ô ½ÇÇàÇÏ°Ô µÇ¾î À§ÇèÇÏ´Ù. ÀúÀÚ ºÐ¼®Àº NLP(Neutral Language Process) ¹× ÅؽºÆ® ¸¶ÀÌ´× ºÐ¾ß¿¡¼ ¿¬±¸µÇ¾îÁö°í ÀÖ´Â ºÐ¾ßÀ̸ç, ƯÁ¤ ¾ð¾î·Î ÀÌ·ç¾îÁø ÅؽºÆ® ¹®Àå, ±Û, ¹®¼¸¦ ºÐ¼®ÇÏ¿© ÀÛ¼ºÇÑ ÀúÀÚ¸¦ ºÐ¼®ÇÏ´Â ¹æ¹ýµéÀº ¿¬±¸ÇÏ´Â ºÐ¾ßÀÌ´Ù. °ø°Ý ¸ÞÀÏÀÇ °æ¿ì ÀÏÁ¤ °ø°ÝÀÚ¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾îÁö±â ¶§¹®¿¡ ¸ÞÀÏ ³»¿ë ¹× ÷ºÎµÈ ¹®¼ ÆÄÀÏÀ» ºÐ¼®ÇÏ¿© ÇØ´ç ÀúÀÚ¸¦ ½Äº°Çϸé Á¤»ó¸ÞÀÏ°ú ´õ¿í ±¸º°µÈ Ư¡µéÀ» ¹ß°ßÇÒ ¼ö ÀÖÀ¸¸ç, ŽÁö Á¤È®µµ¸¦ Çâ»ó½Ãų ¼öÀÖ´Ù. º» ³í¹®¿¡¼´Â ±âÁ¸ÀÇ ±â°èÇнÀ ±â¹ÝÀÇ ½ºÆÔ¸ÞÀÏ Å½Áö ¸ðµ¨¿¡¼ »ç¿ëµÇ´Â Ư¡µé°ú ¹®¼ÀÇ ÀúÀÚ ºÐ¼®¿¡ »ç¿ëµÇ´Â Ư¡µé·ÎºÎÅÍ °ø°Ý¸ÞÀÏÀ» ºÐ·ù ¹× ŽÁö¸¦ ÇÒ ¼ö ÀÖ´Â feature vector ¹× ÀÌ¿¡ ÀûÇÕÇÑ IADA2(Intelligent Attack mail Detection based on Authorship Analysis)ŽÁö ¸ðµ¨À» Á¦¾ÈÇÏ¿´´Ù. ´Ü¼øÈ÷ ´Ü¾î ±â¹ÝÀÇ Æ¯Â¡µé·Î ŽÁöÇÏ´ø ½ºÆÔ¸ÞÀÏ Å½Áö ¸ðµ¨µéÀ» °³¼±ÇÏ°í, n-gramÀ» Àû¿ëÇÏ¿© ´Ü¾îÀÇ ½ÃÄö½º Ư¼ºÀ» ¹Ý¿µÇÑ Æ¯Â¡À» ÃßÃâÇÏ¿´´Ù. ½ÇÇè°á°ú, Ư¡ÀÇ Á¶ÇÕ°ú Ư¡¼±Åà ±â¹ý, ÀûÇÕÇÑ ¸ðµ¨µé¿¡ µû¶ó ¼º´ÉÀÌ °³¼±µÊÀ» °ËÁõ ÇÒ ¼ö ÀÖ¾úÀ¸¸ç, Á¦¾ÈÇÏ´Â ¸ðµ¨ÀÇ ¼º´ÉÀÇ ¿ì¼ö¼º°ú °³¼± °¡´É¼ºÀ» È®ÀÎÇÒ ¼ö ÀÖ¾ú´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Recently, attackers using malicious code in cyber security have been increased by attaching malicious code to a mail and inducing the user to execute it. Especially, it is dangerous because it is easy to execute by attaching a document type file. The author analysis is a research area that is being studied in NLP (Neutral Language Process) and text mining, and it studies methods of analyzing authors by analyzing text sentences, texts, and documents in a specific language. In case of attack mail, it is created by the attacker. Therefore, by analyzing the contents of the mail and the attached document file and identifying the corresponding author, it is possible to discover more distinctive features from the normal mail and improve the detection accuracy. In this pager, we proposed IADA2(Intelligent Attack mail Detection based on Authorship Analysis) model for attack mail detection. The feature vector that can classify and detect attack mail from the features used in the existing machine learning based spam detection model and the features used in the author analysis of the document and the IADA2 detection model. We have improved the detection models of attack mails by simply detecting term features and extracted features that reflect the sequence characteristics of words by applying n-grams. Result of experiment show that the proposed method improves performance according to feature combinations, feature selection techniques, and appropriate models.
|
| Å°¿öµå(Keyword) |
ÅؽºÆ®¸¶ÀÌ´×
±â°èÇнÀ
ºÐ·ù
ÀÛ¼ºÀںм®
°ø°ÝÀÚ ½Äº°
Text Mining
Machine Learning
Classification
Authorship Analysis
Attacker Identification
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
