IEICE Technical Committee Submission System
Conference Paper's Information
Online Proceedings
[Sign in]
Tech. Rep. Archives
 Go Top Page Go Previous   [Japanese] / [English] 

Paper Abstract and Keywords
Presentation 2017-03-03 14:50
Network based detection of Remote Access Trojan communication by using packet entropy on early instruction stage
Masumi Uno (NAIST), Masahiro Ishii (Tokyo Tech), Atsuo Inomata (TDU), Ismail Arai, Kazutoshi Fujikawa (NAIST) SITE2016-68 IA2016-98
Abstract (in Japanese) (See Japanese page) 
(in English) Confidential information have been leaked accidentally by targetted attacks by targeted attacks.
Remote Access Trojan/tool (RAT) is mainly used in such attacks.
It is therefore important to detect the RAT activity on intrusion stage to minimize damage by the attack.
The detection of the RAT is getting more and more difficult with technological advance.
Advanced RATs which use various kinds of protocols cannot be detected with conventional methods.

In this study, we provide a method to detect an early intrusion stage of RAT communication by using network features of packet entropy of the communication.
We use several supervised machine learning algorithms and K-fold cross validation technique to validate using features of packet entropy.
From our experimental results, we report that our approach cant detect RAT sessions with the high accuracy 96.2% and the low false positive rate of 1.6%.
Keyword (in Japanese) (See Japanese page) 
(in English) Network Security / ntrusion Detection / RAT / / / / /  
Reference Info. IEICE Tech. Rep., vol. 116, no. 491, IA2016-98, pp. 41-46, March 2017.
Paper # IA2016-98 
Date of Issue 2017-02-24 (SITE, IA) 
ISSN Print edition: ISSN 0913-5685    Online edition: ISSN 2432-6380
Copyright
and
reproduction
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034)
Download PDF SITE2016-68 IA2016-98

Conference Information
Committee IA SITE IPSJ-IOT  
Conference Date 2017-03-03 - 2017-03-04 
Place (in Japanese) (See Japanese page) 
Place (in English) Culture Resort Festone (Okinawa) 
Topics (in Japanese) (See Japanese page) 
Topics (in English) Internet and Information Ethics Education, etc. 
Paper Information
Registration To IA 
Conference Code 2017-03-IA-SITE-IOT 
Language Japanese 
Title (in Japanese) (See Japanese page) 
Sub Title (in Japanese) (See Japanese page) 
Title (in English) Network based detection of Remote Access Trojan communication by using packet entropy on early instruction stage 
Sub Title (in English)  
Keyword(1) Network Security  
Keyword(2) ntrusion Detection  
Keyword(3) RAT  
Keyword(4)  
Keyword(5)  
Keyword(6)  
Keyword(7)  
Keyword(8)  
1st Author's Name Masumi Uno  
1st Author's Affiliation Graduate School of information ,Nara Institute of Science and Technology (NAIST)
2nd Author's Name Masahiro Ishii  
2nd Author's Affiliation Tokyo Institute of Technology (Tokyo Tech)
3rd Author's Name Atsuo Inomata  
3rd Author's Affiliation Tokyo Denki University (TDU)
4th Author's Name Ismail Arai  
4th Author's Affiliation Graduate School of information ,Nara Institute of Science and Technology (NAIST)
5th Author's Name Kazutoshi Fujikawa  
5th Author's Affiliation Graduate School of information ,Nara Institute of Science and Technology (NAIST)
6th Author's Name  
6th Author's Affiliation ()
7th Author's Name  
7th Author's Affiliation ()
8th Author's Name  
8th Author's Affiliation ()
9th Author's Name  
9th Author's Affiliation ()
10th Author's Name  
10th Author's Affiliation ()
11th Author's Name  
11th Author's Affiliation ()
12th Author's Name  
12th Author's Affiliation ()
13th Author's Name  
13th Author's Affiliation ()
14th Author's Name  
14th Author's Affiliation ()
15th Author's Name  
15th Author's Affiliation ()
16th Author's Name  
16th Author's Affiliation ()
17th Author's Name  
17th Author's Affiliation ()
18th Author's Name  
18th Author's Affiliation ()
19th Author's Name  
19th Author's Affiliation ()
20th Author's Name  
20th Author's Affiliation ()
Speaker Author-1 
Date Time 2017-03-03 14:50:00 
Presentation Time 25 minutes 
Registration for IA 
Paper # SITE2016-68, IA2016-98 
Volume (vol) vol.116 
Number (no) no.490(SITE), no.491(IA) 
Page pp.41-46 
#Pages
Date of Issue 2017-02-24 (SITE, IA) 


[Return to Top Page]

[Return to IEICE Web Page]


The Institute of Electronics, Information and Communication Engineers (IEICE), Japan