| Presentation | 2016-03-04 Preliminary Studies of Linkage Analysis among Process Behavior for Intrusion Prevention Yudai Tomaru, Masaki Hashimoto, Hidehiko Tanaka, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Recently, there are many malware measures such as targeted attacks, communicate with C&C servers, file creation, execution, using as black lists or signatures. Also, the malware cannot be detected, in order to grab the malware behavior, has been determined that the expert is malware from such a variety of trails within the system on the basis of the know-how, such as their knowledge and experience. Therefore, it takes time to discover the malware, it is difficult to mechanically determine now. So, in this study, to mechanically identify cyberattacks, we propose a scheme that is determined to be unauthorized access to see the flow of malignant activity by malware. Specifically, by using TOMOYO Linux, run the malwares that execution and creation files, they collect access information such as the communication to the C&C servers and analysis linkage with the absolute path among process behavior by malware. As a result, the intrusion prevention through the process behavior, to extend the portion can be determined mechanically. It is expected to become the basis for building a more advanced and intelligent intrusion prevention system. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Targeted Attack / Process Behavior / Linkage Analysis / TOMOYO Linux / Access Control |
| Paper # | ICSS2015-61 |
| Date of Issue | 2016-02-25 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2016/3/3(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Academic Center for Computing and Media Studies, Kyoto University |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Information and Communication System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
| Secretary | Takashi Nishide(Mitsubishi Electric) / Yoshiaki Shiraishi(NII) |
| Assistant | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Preliminary Studies of Linkage Analysis among Process Behavior for Intrusion Prevention |
| Sub Title (in English) | |
| Keyword(1) | Targeted Attack |
| Keyword(2) | Process Behavior |
| Keyword(3) | Linkage Analysis |
| Keyword(4) | TOMOYO Linux |
| Keyword(5) | Access Control |
| 1st Author's Name | Yudai Tomaru |
| 1st Author's Affiliation | INSTITUTE of INFORMATION SECURITY(iisec) |
| 2nd Author's Name | Masaki Hashimoto |
| 2nd Author's Affiliation | INSTITUTE of INFORMATION SECURITY(iisec) |
| 3rd Author's Name | Hidehiko Tanaka |
| 3rd Author's Affiliation | INSTITUTE of INFORMATION SECURITY(iisec) |
| Date | 2016-03-04 |
| Paper # | ICSS2015-61 |
| Volume (vol) | vol.115 |
| Number (no) | ICSS-488 |
| Page | pp.pp.83-88(ICSS), |
| #Pages | 6 |
| Date of Issue | 2016-02-25 (ICSS) |