公开(公告)号：US12153604B2

公开(公告)日：2024-11-26

申请号：US17967999

申请日：2022-10-18

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyun-Jin Kim ,  Jong-Hoon Lee ,  Young-Soo Kim ,  Jong-Geun Park ,  Cheol-Hee Park

IPC: G06F16/00 ,  G06F16/28 ,  G06N3/088

Abstract: Disclosed herein are an apparatus and method for generating a data set. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program classifies collected data into numerical feature data and categorical feature data using a filter method, performs correlation analysis on the numerical feature data and the categorical feature data using an analysis of variance (ANOVA) method and a Chi-Squared method, and generates a data set for supervised learning and a data set for unsupervised learning using correlation scores calculated through correlation analysis.

公开(公告)号：US11783034B2

公开(公告)日：2023-10-10

申请号：US17100541

申请日：2020-11-20

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jung-Tae Kim ,  Ji-Hyeon Song ,  Ik-Kyun Kim ,  Young-Su Kim ,  Jong-Hyun Kim ,  Jong-Geun Park ,  Sang-Min Lee ,  Jong-Hoon Lee

IPC: G06F21/56 ,  G06N5/04 ,  G06N20/00

CPC classification number: G06F21/563 ,  G06N5/04 ,  G06N20/00 ,  G06F2221/033

Abstract: Disclosed herein are an apparatus and method for detecting a malicious script. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to extract token-type features, each of which corresponds to a lexical unit, and tree-node-type features of an abstract syntax tree from an input script, to train two learning models to respectively learn two pieces of learning data that are generated in consideration of features extracted respectively from the token-type features and the node-type features as having the highest frequency, and to detect whether the script is a malicious script based on the result of ensemble-based malicious script detection performed for the script, which is acquired using an ensemble detection model generated from the two learning models.

公开(公告)号：US10523697B2

公开(公告)日：2019-12-31

申请号：US15823209

申请日：2017-11-27

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jong-Hoon Lee ,  Ik-Kyun Kim

IPC: H04L29/06

Abstract: Disclosed is a method for detecting a cyberthreat through correlation analysis of security events, which includes extracting a false-positive data set by extracting, from source data, information about security events occurring during a predetermined time period based on a time at which erroneous detection occurred; extracting a true-positive data set by extracting, from the source data, information about security events occurring during the predetermined time period based on a time at which an intrusion threat was correctly detected; extracting a current data set by extracting information about security events occurring during the predetermined time period from data to be analyzed; generating event coincidence statistics by extracting a frequency of each security event in the respective data sets and by compiling statistics thereon; generating an event vector based on the event coincidence statistics; and performing intrusion threat detection through a vector space model based on the event vector.