MF研究者総覧

教員活動データベース

挙動に基づく分散型攻撃の検知案の再考

発表形態:
一般講演(学術講演を含む)
主要業績:
その他
単著・共著:
単著
発表年月:
2014年01月
DOI:
会議属性:
国内会議
査読:
無し
リンク情報:

日本語フィールド

著者:
フォン ヤオカイ, 堀 良彰, 櫻井 幸一
題名:
挙動に基づく分散型攻撃の検知案の再考
発表情報:
2014年暗号と情報セキュリティシンポジウム (SCIS 2014), 2C2-4, 5 pages 巻: 2C2-4 ページ: 1-5
キーワード:
Distributed Scan, anomaly detection, cyberattack, collaborative attack, behavior-based method, darknets
概要:
The technologies used by attackers in the Internet environment are becoming more and more sophisticated. Of the many kinds of attacks, distributed scan have become one of the most serious problems. In our previous study, we proposed a novel method based on normal behavior modes of traffic to detect distributed scan attacks in darknet environments. In that method, all the possible destination TCP and UDP ports are monitored. Moreover, the alerts can have several levels reflecting the relative scales of the attacks. The efficiency of that proposal is also verified using real darknet traffic data. However, several parameters are necessary in that method and tuning the parameters is not a simple problem in many real cases. Thus, in this study, we try to decrease the number of parameters. Concretely, we build an evaluation function and use it to realize a new learning algorithm in which no parameters are necessary. In this way, the two most important parameters in our previous study are removed. Our experimental result indicates that the new learning algorithm is also able to work well.
抄録:
The technologies used by attackers in the Internet environment are becoming more and more sophisticated. Of the many kinds of attacks, distributed scan have become one of the most serious problems. In our previous study, we proposed a novel method based on normal behavior modes of traffic to detect distributed scan attacks in darknet environments. In that method, all the possible destination TCP and UDP ports are monitored. Moreover, the alerts can have several levels reflecting the relative scales of the attacks. The efficiency of that proposal is also verified using real darknet traffic data. However, several parameters are necessary in that method and tuning the parameters is not a simple problem in many real cases. Thus, in this study, we try to decrease the number of parameters. Concretely, we build an evaluation function and use it to realize a new learning algorithm in which no parameters are necessary. In this way, the two most important parameters in our previous study are removed. Our experimental result indicates that the new learning algorithm is also able to work well.

英語フィールド

Author:
Yaokai Feng, Yoshiaki Hori, Kouichi Sakurai
Title:
Reconsidering the Behavior-based Method for Detecting Distributed Scan Attacks in Darknets
Announcement information:
The 31st Symposium on Cryptography and Information Security (SCIS 2014), 2C2-4, 5 pages Vol: 2C2-4 Page: 1-5
Keyword:
Distributed Scan, anomaly detection, cyberattack, collaborative attack, behavior-based method, darknets
An abstract:
The technologies used by attackers in the Internet environment are becoming more and more sophisticated. Of the many kinds of attacks, distributed scan have become one of the most serious problems. In our previous study, we proposed a novel method based on normal behavior modes of traffic to detect distributed scan attacks in darknet environments. In that method, all the possible destination TCP and UDP ports are monitored. Moreover, the alerts can have several levels reflecting the relative scales of the attacks. The efficiency of that proposal is also verified using real darknet traffic data. However, several parameters are necessary in that method and tuning the parameters is not a simple problem in many real cases. Thus, in this study, we try to decrease the number of parameters. Concretely, we build an evaluation function and use it to realize a new learning algorithm in which no parameters are necessary. In this way, the two most important parameters in our previous study are removed. Our experimental result indicates that the new learning algorithm is also able to work well.
An abstract:
The technologies used by attackers in the Internet environment are becoming more and more sophisticated. Of the many kinds of attacks, distributed scan have become one of the most serious problems. In our previous study, we proposed a novel method based on normal behavior modes of traffic to detect distributed scan attacks in darknet environments. In that method, all the possible destination TCP and UDP ports are monitored. Moreover, the alerts can have several levels reflecting the relative scales of the attacks. The efficiency of that proposal is also verified using real darknet traffic data. However, several parameters are necessary in that method and tuning the parameters is not a simple problem in many real cases. Thus, in this study, we try to decrease the number of parameters. Concretely, we build an evaluation function and use it to realize a new learning algorithm in which no parameters are necessary. In this way, the two most important parameters in our previous study are removed. Our experimental result indicates that the new learning algorithm is also able to work well.


Copyright © MEDIA FUSION Co.,Ltd. All rights reserved.