Intrusion Detection Systems Based on Machine Learning Using Feature Expansion Methods.

With the development of computer networks, the amount of network traffic is explosively increasing. In addition, the importance of cyber security is being highlighted as cyber threats increase accordingly. In general, rule-based detection approaches have been used to detect cyber threats. The detection rules used in these are broadly set up to reliably detect cyber threats, resulting in too many unnecessary events. This leads to unanalyzed events, which can lead to severe security incidents. To solve this problem, recently, researches on AI-based cyber threat detection system that learns network traffic information and automatically generates detection rules are being conducted. Most of them have used complex model with sophisticated structures or feature engineering techniques so that AI models can learn as much information as possible. But, these are difficult to use in real-world security monitoring environment where quick decisions need to be made in real time, and are not suitable for that environments because they have been trained and verified through only open datasets. In this paper, we propose an AI-based cyber threat detection system that efficiently learns security event characteristics without any complicated process using tree-based model which efficient to learning tabular data. The proposed system detects cyber threats by learning security event characteristics using only information provided from security devices without complicated feature extraction process. In addition, rather than using the used information as a simple value, the value is transformed through a simple process so that the model can learn the event characteristics more effectively. Using the simplicity of the proposed method, it is expected that it can be applied to the real-world environments, and the possibility of this is demonstrated through real-world data.