| Presentation | 2019-03-05 Proposal of malicious device detection method by DNS query/response log analysis using machine learning Issei Nakasone, Kitaguchi Yoshiaki, Yamaoka Katsunori, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | One common way for detecting malware devices in a network is to use a blacklist based on signature detection.However, in the near future, this detection method will become difficult because of the variety of malwares.In this paper, we propose the method of detecting malicious devices by using machine learning to identify unknown malware.We extract the time series data of feature vectors from logs of DNS query/response, then we transform them into distributed representation by using Recurrent neural network (RNN). We also performed the cluster analysis to explore their relation.The experiment shows that the behavior of the source IP address is classified into two classes; moreover, the some minority clusters transmit to the specific queries. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | machine learning / anomaly detection / DNS / malware |
| Paper # | IN2018-129 |
| Date of Issue | 2019-02-25 (IN) |
| Conference Information | |
| Committee | IN / NS |
|---|---|
| Conference Date | 2019/3/4(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Okinawa Convention Center |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | General |
| Chair | Takuji Kishida(NTT-AT) / Yoshikatsu Okazaki(NTT) |
| Vice Chair | Kenji Ishida(Hiroshima City Univ.) / Akihiro Nakao(Univ. of Tokyo) |
| Secretary | Kenji Ishida(KDDI Research) / Akihiro Nakao(KDDI Research) |
| Assistant | / Kenichi Kashibuchi(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Information Networks / Technical Committee on Network Systems |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Proposal of malicious device detection method by DNS query/response log analysis using machine learning |
| Sub Title (in English) | |
| Keyword(1) | machine learning |
| Keyword(2) | anomaly detection |
| Keyword(3) | DNS |
| Keyword(4) | malware |
| 1st Author's Name | Issei Nakasone |
| 1st Author's Affiliation | Tokyo Institute of Technology(Tokyo Tech) |
| 2nd Author's Name | Kitaguchi Yoshiaki |
| 2nd Author's Affiliation | Tokyo Institute of Technology(Tokyo Tech) |
| 3rd Author's Name | Yamaoka Katsunori |
| 3rd Author's Affiliation | Tokyo Institute of Technology(Tokyo Tech) |
| Date | 2019-03-05 |
| Paper # | IN2018-129 |
| Volume (vol) | vol.118 |
| Number (no) | IN-466 |
| Page | pp.pp.271-276(IN), |
| #Pages | 6 |
| Date of Issue | 2019-02-25 (IN) |