查看文章

As various types of network threats have increased recently, manual threat response by security analysts has become a limitation. To compensate for this, the importance of security information event management (SIEM), a response system that collects and analyzes threat events from security devices, has been emphasized. In general, SIEM has adopted a signature-based threat classification model that generates large volumes of false threat events and burdens the work of security analysts. To address this limitation of SIEM, research has attempted to develop an AI-based threat classification model. In particular, deep learning-based threat classification models are known to have high accuracy in classifying threats. In this study, we focused on the excessive overhead incurred in learning and classifying large sets of threat events using deep learning models, which becomes an overhead in actual SIEM operations …