| Presentation | 2021-03-01 Detection of Infected Device Using DNS Traffic Soichiro Kogo, Atsushi Kanai, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | The damage caused by computer viruses is becoming a serious problem. However, it requires a lot of effort to manage all the terminals connected to the network. Therefore, we focus on the network traffic instead of the terminal side. Since it doesn't depend on the terminal, it is effective in identifying infected terminals without placing a burden on the terminal side. In this paper, we propose a method for detecting BOT by analyzing DNS traffic, which is assumed to change when infected. We used features obtained from A-records of DNS packets and Random Forest as a machine learning method to determine unauthorized traffic. As a result, we have demonstrated that it is possible to achieve high-accuracy and high-speed detection. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Machine Learning / Detection / Security / Malware / BOT / DNS / IoT |
| Paper # | ICSS2020-27 |
| Date of Issue | 2021-02-22 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2021/3/1(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, Trust, etc. |
| Chair | Hiroki Takakura(NII) |
| Vice Chair | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Secretary | Katsunari Yoshioka(NICT) / Kazunori Kamiya(KDDI labs.) |
| Assistant | Keisuke Kito(Mitsubishi Electric) / Toshihiro Yamauchi(Okayama Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Detection of Infected Device Using DNS Traffic |
| Sub Title (in English) | |
| Keyword(1) | Machine Learning |
| Keyword(2) | Detection |
| Keyword(3) | Security |
| Keyword(4) | Malware |
| Keyword(5) | BOT |
| Keyword(6) | DNS |
| Keyword(7) | IoT |
| Keyword(8) | |
| 1st Author's Name | Soichiro Kogo |
| 1st Author's Affiliation | Hosei University(Hosei Univ.) |
| 2nd Author's Name | Atsushi Kanai |
| 2nd Author's Affiliation | Hosei University(Hosei Univ.) |
| Date | 2021-03-01 |
| Paper # | ICSS2020-27 |
| Volume (vol) | vol.120 |
| Number (no) | ICSS-384 |
| Page | pp.pp.7-12(ICSS), |
| #Pages | 6 |
| Date of Issue | 2021-02-22 (ICSS) |