MF研究者総覧

教員活動データベース

A Parameterless Learning Algorithm for Behavior-Based Detection

発表形態:
原著論文
主要業績:
主要業績
単著・共著:
共著
発表年月:
2014年09月
DOI:
10.1109/AsiaJCIS.2014.29
会議属性:
国際会議(国内開催を含む)
査読:
有り
リンク情報:

日本語フィールド

著者:
Can Wang, Yaokai Feng, Junpei Kawamoto, Yoshiaki Hori, Kouichi Sakurai
題名:
A Parameterless Learning Algorithm for Behavior-Based Detection
発表情報:
Proceedings of Ninth Asia Joint Conference on Information Security (AsiaJCIS 2014) ページ: 11-18
キーワード:
概要:
The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.
抄録:
The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.

英語フィールド

Author:
Can Wang, Yaokai Feng, Junpei Kawamoto, Yoshiaki Hori, Kouichi Sakurai
Title:
A Parameterless Learning Algorithm for Behavior-Based Detection
Announcement information:
Proceedings of Ninth Asia Joint Conference on Information Security (AsiaJCIS 2014) Page: 11-18
An abstract:
The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.
An abstract:
The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.


Copyright © MEDIA FUSION Co.,Ltd. All rights reserved.