Paper Abstract and Keywords |
Presentation |
2017-03-03 14:50
Network based detection of Remote Access Trojan communication by using packet entropy on early instruction stage Masumi Uno (NAIST), Masahiro Ishii (Tokyo Tech), Atsuo Inomata (TDU), Ismail Arai, Kazutoshi Fujikawa (NAIST) SITE2016-68 IA2016-98 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Confidential information have been leaked accidentally by targetted attacks by targeted attacks.
Remote Access Trojan/tool (RAT) is mainly used in such attacks.
It is therefore important to detect the RAT activity on intrusion stage to minimize damage by the attack.
The detection of the RAT is getting more and more difficult with technological advance.
Advanced RATs which use various kinds of protocols cannot be detected with conventional methods.
In this study, we provide a method to detect an early intrusion stage of RAT communication by using network features of packet entropy of the communication.
We use several supervised machine learning algorithms and K-fold cross validation technique to validate using features of packet entropy.
From our experimental results, we report that our approach cant detect RAT sessions with the high accuracy 96.2% and the low false positive rate of 1.6%. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Network Security / ntrusion Detection / RAT / / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 116, no. 491, IA2016-98, pp. 41-46, March 2017. |
Paper # |
IA2016-98 |
Date of Issue |
2017-02-24 (SITE, IA) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
SITE2016-68 IA2016-98 |
Conference Information |
Committee |
IA SITE IPSJ-IOT |
Conference Date |
2017-03-03 - 2017-03-04 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Culture Resort Festone (Okinawa) |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Internet and Information Ethics Education, etc. |
Paper Information |
Registration To |
IA |
Conference Code |
2017-03-IA-SITE-IOT |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Network based detection of Remote Access Trojan communication by using packet entropy on early instruction stage |
Sub Title (in English) |
|
Keyword(1) |
Network Security |
Keyword(2) |
ntrusion Detection |
Keyword(3) |
RAT |
Keyword(4) |
|
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Masumi Uno |
1st Author's Affiliation |
Graduate School of information ,Nara Institute of Science and Technology (NAIST) |
2nd Author's Name |
Masahiro Ishii |
2nd Author's Affiliation |
Tokyo Institute of Technology (Tokyo Tech) |
3rd Author's Name |
Atsuo Inomata |
3rd Author's Affiliation |
Tokyo Denki University (TDU) |
4th Author's Name |
Ismail Arai |
4th Author's Affiliation |
Graduate School of information ,Nara Institute of Science and Technology (NAIST) |
5th Author's Name |
Kazutoshi Fujikawa |
5th Author's Affiliation |
Graduate School of information ,Nara Institute of Science and Technology (NAIST) |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2017-03-03 14:50:00 |
Presentation Time |
25 minutes |
Registration for |
IA |
Paper # |
SITE2016-68, IA2016-98 |
Volume (vol) |
vol.116 |
Number (no) |
no.490(SITE), no.491(IA) |
Page |
pp.41-46 |
#Pages |
6 |
Date of Issue |
2017-02-24 (SITE, IA) |
|