Presentation | 2016-03-04 A Suspicious Processes Detection Scheme using Process Frequency and Network State Junji Nakazato, Yu Tsuda, Eto Masashi, Daisuke Inoue, Koji Nakao, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Many serious security incidents caused by the targeted attacks have been occurred. The targeted attacks can not be prevented easily, because a malware that is used in the attack is difficult to detect by antivirus software. Consequently, the malware has been active for a long term in order to access important user, service, and specific system in a targeted organization. In this paper we proposed a new suspicious process detection scheme. The proposed scheme decides suspicious degree of a process by calculating feature value constructed with process frequency and number of user who executing the same process. Moreover, we use the network conditions, such as communication of a process in order to reduce a false positive. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | targeted attack / malware detection / process frequency |
Paper # | ICSS2015-60 |
Date of Issue | 2016-02-25 (ICSS) |
Conference Information | |
Committee | ICSS / IPSJ-SPT |
---|---|
Conference Date | 2016/3/3(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | Academic Center for Computing and Media Studies, Kyoto University |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | Information and Communication System Security, etc. |
Chair | Yutaka Miyake(KDDI R&D Labs.) |
Vice Chair | Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
Secretary | Takashi Nishide(Mitsubishi Electric) / Yoshiaki Shiraishi(NII) |
Assistant | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
Paper Information | |
Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | A Suspicious Processes Detection Scheme using Process Frequency and Network State |
Sub Title (in English) | |
Keyword(1) | targeted attack |
Keyword(2) | malware detection |
Keyword(3) | process frequency |
1st Author's Name | Junji Nakazato |
1st Author's Affiliation | Institute of Information and Communications Technology(NICT) |
2nd Author's Name | Yu Tsuda |
2nd Author's Affiliation | Institute of Information and Communications Technology(NICT) |
3rd Author's Name | Eto Masashi |
3rd Author's Affiliation | Institute of Information and Communications Technology(NICT) |
4th Author's Name | Daisuke Inoue |
4th Author's Affiliation | Institute of Information and Communications Technology(NICT) |
5th Author's Name | Koji Nakao |
5th Author's Affiliation | Institute of Information and Communications Technology(NICT) |
Date | 2016-03-04 |
Paper # | ICSS2015-60 |
Volume (vol) | vol.115 |
Number (no) | ICSS-488 |
Page | pp.pp.77-82(ICSS), |
#Pages | 6 |
Date of Issue | 2016-02-25 (ICSS) |