| Presentation | 2020-03-03 Automatic Accumulation of Learning Data on Learning-based Anomaly Detection Utilizing Communication Traffics Natsuki Fukazawa, Naoki Yoshida, Shingo Ata, Ikuo Oka, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | With the advancement and diversification of information infrastructure in recent years, the importanceof network security is becoming much critical. Network-based Intrusion Detection System (NIDS) is one of importantsecurity systems which constantly monitors communication traffic and detects potentially malicious communication. There have been studies on the adaptation of machine learning (ML) for anomaly detection. An important issueon these ML-based algorithms is how to collect a good training data for achieving high accuracy of detection. Especially, automatic way to accumulate training data is still challenging in order to follow unexpected or unknownanomalies in future. In this paper, we propose a method to create training data automatically by analyzing thecorrelation with statistics of network traffic and log data of events collected by a honeypot, which collects behaviorof attacks by injecting known vulnerabilities intentionally. Numerical evaluations show that we can detect similaranomalies by only monitoring traffic statistics with training data accumulated by our method. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Anomaly Detection / Traffic Pattern / Honeypot / Machine Learning / Attack Classification |
| Paper # | ICM2019-50 |
| Date of Issue | 2020-02-24 (ICM) |
| Conference Information | |
| Committee | ICM |
|---|---|
| Conference Date | 2020/3/2(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Ohama Nobumoto Memorial Hall |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | Kiyohito Yoshihara(KDDI Research) |
| Vice Chair | Takumi Miyoshi(Shibaura Inst. of Tech.) / Yoichi Sato(Open Systems Laboratory) |
| Secretary | Takumi Miyoshi(NTT) / Yoichi Sato(NTT) |
| Assistant | Hiroki Nakayama(Bosco) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication Management |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Automatic Accumulation of Learning Data on Learning-based Anomaly Detection Utilizing Communication Traffics |
| Sub Title (in English) | |
| Keyword(1) | Anomaly Detection |
| Keyword(2) | Traffic Pattern |
| Keyword(3) | Honeypot |
| Keyword(4) | Machine Learning |
| Keyword(5) | Attack Classification |
| 1st Author's Name | Natsuki Fukazawa |
| 1st Author's Affiliation | Osaka City University(Osaka City Univ.) |
| 2nd Author's Name | Naoki Yoshida |
| 2nd Author's Affiliation | Osaka City University(Osaka City Univ.) |
| 3rd Author's Name | Shingo Ata |
| 3rd Author's Affiliation | Osaka City University(Osaka City Univ.) |
| 4th Author's Name | Ikuo Oka |
| 4th Author's Affiliation | Osaka City University(Osaka City Univ.) |
| Date | 2020-03-03 |
| Paper # | ICM2019-50 |
| Volume (vol) | vol.119 |
| Number (no) | ICM-438 |
| Page | pp.pp.49-54(ICM), |
| #Pages | 6 |
| Date of Issue | 2020-02-24 (ICM) |