| Presentation | 2016-03-04 A Suspicious Processes Detection Scheme using Process Frequency and Network State Junji Nakazato, Yu Tsuda, Eto Masashi, Daisuke Inoue, Koji Nakao, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Many serious security incidents caused by the targeted attacks have been occurred. The targeted attacks can not be prevented easily, because a malware that is used in the attack is difficult to detect by antivirus software. Consequently, the malware has been active for a long term in order to access important user, service, and specific system in a targeted organization. In this paper we proposed a new suspicious process detection scheme. The proposed scheme decides suspicious degree of a process by calculating feature value constructed with process frequency and number of user who executing the same process. Moreover, we use the network conditions, such as communication of a process in order to reduce a false positive. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | targeted attack / malware detection / process frequency |
| Paper # | ICSS2015-60 |
| Date of Issue | 2016-02-25 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2016/3/3(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Academic Center for Computing and Media Studies, Kyoto University |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Information and Communication System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
| Secretary | Takashi Nishide(Mitsubishi Electric) / Yoshiaki Shiraishi(NII) |
| Assistant | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Suspicious Processes Detection Scheme using Process Frequency and Network State |
| Sub Title (in English) | |
| Keyword(1) | targeted attack |
| Keyword(2) | malware detection |
| Keyword(3) | process frequency |
| 1st Author's Name | Junji Nakazato |
| 1st Author's Affiliation | Institute of Information and Communications Technology(NICT) |
| 2nd Author's Name | Yu Tsuda |
| 2nd Author's Affiliation | Institute of Information and Communications Technology(NICT) |
| 3rd Author's Name | Eto Masashi |
| 3rd Author's Affiliation | Institute of Information and Communications Technology(NICT) |
| 4th Author's Name | Daisuke Inoue |
| 4th Author's Affiliation | Institute of Information and Communications Technology(NICT) |
| 5th Author's Name | Koji Nakao |
| 5th Author's Affiliation | Institute of Information and Communications Technology(NICT) |
| Date | 2016-03-04 |
| Paper # | ICSS2015-60 |
| Volume (vol) | vol.115 |
| Number (no) | ICSS-488 |
| Page | pp.pp.77-82(ICSS), |
| #Pages | 6 |
| Date of Issue | 2016-02-25 (ICSS) |