A study on abnormal event correlation analysis for convergence security monitor

Recently, the leak of domestic core technology of major business in Korea and the subsequent damage, has been increasing every year. Financial losses due to this leak are estimated to be about 220 trillion, which is equivalent to the gross budget of Korea Besides. Currently, the paradigm of industrial security has been changed from simple installation of security equipment to efficient management and control market. Leakage of internal material is able to be prevented, blocked and tracking afterward innovatively through enterprise risk management and security control by fusion of physical security system (entrance control system, vision security system etc.) and IT integrated security control system. It can be possible to setup systematical converging security control process in short term by achieving an effect to running expert organization without additional investment for current physical security and IT security personnel, and it is needed to firmly setup the acquisition and integrated control of IT security and physical security, connected tracking control when security issue is happened, definition for terms of information leakage and security violation and real-time observation, rapid determination and reaction/corrective action for trial of security violation and information leakage, phased and systematic security policy by individual technology. The majority of the leaks are caused by former and current staff members, cooperated businesses, scientists and investment companies. This shows that the sources of the leaks are internal personnel. In this manner, we can infer that the management and plan of personnel security has not implemented sound practices to prevent technology leak by people. Therefore, this thesis suggests classifying methods of technology leak through clustering, one of the data mining methods about the information of internal personnel to prevent core technology leak from businesses.