SECURITY MONITORING INTRUSION DETECTION ALARM PROCESSING DEVICE AND METHOD USING ARTIFICIAL INTELLIGENCE
The present invention relates to a security control intrusion detection alarm processing device using artificial intelligence and a method thereof, which automatically generate an exception rule based on payload content by applying a divide-and-conquer strategy to a security control event. The devic...
Saved in:
Main Authors | , |
---|---|
Format | Patent |
Language | English Korean |
Published |
02.01.2023
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The present invention relates to a security control intrusion detection alarm processing device using artificial intelligence and a method thereof, which automatically generate an exception rule based on payload content by applying a divide-and-conquer strategy to a security control event. The device comprises: a packet receiving part receiving a plurality of event packets; a packet classification part classifying the plurality of event packets in accordance with a prescribed criterion; a packet vectorizing part vectorizing classified event packets based on a payload of each packet to convert the event packets into packet vectors; a packet clustering part clustering the packet vectors to generate a plurality of clusters; a cluster labeling part inspecting the plurality of clusters to assign a label in accordance with a cluster property; and a rule generation part generating a detection rule for security control based on label information for the plurality of clusters.
본 발명은 인공지능을 이용한 보안관제 침입탐지 알람 처리 장치 및 방법에 관한 것으로, 상기 장치는 복수의 이벤트 패킷들을 수신하는 패킷 수신부; 상기 복수의 이벤트 패킷들을 소정의 기준에 따라 분류하는 패킷 분류부; 분류된 이벤트 패킷들을 각 패킷의 페이로드(payload)를 기초로 벡터화 하여 패킷 벡터들로 변환하는 패킷 벡터화부; 상기 패킷 벡터들을 군집화 하여 복수의 군집들을 생성하는 패킷 군집화부; 상기 복수의 군집들 각각을 검사하여 군집 특성에 따른 라벨(label)을 부여하는 군집 라벨링부; 및 상기 복수의 군집들에 대한 라벨 정보를 기초로 보안관제를 위한 탐지 규칙을 생성하는 규칙 생성부;를 포함한다. |
---|---|
Bibliography: | Application Number: KR20210082724 |