| Presentation | 2017-03-02 Detection of Bot-infected PCs based on C&C Session Classification Hinako Moroi, Masatoshi Kawarasaki, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In malware detection by traffic characterization analysis, general-purpose detection and methods specialized to specific malware are being studied. In this paper, we propose a method for improving detection accuracy by combining existing methods for botnets, and apply it to actual data to show its effectiveness. Botnet detection is a method of detecting a C&C server in general. In this paper, by monitoring TCP traffic and classifying its characteristics by a machine learning method, we show that communication with C&C server can be detected with higher accuracy. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | C&C server / botnet / anomaly detection |
| Paper # | IN2016-99 |
| Date of Issue | 2017-02-23 (IN) |
| Conference Information | |
| Committee | NS / IN |
|---|---|
| Conference Date | 2017/3/2(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | OKINAWA ZANPAMISAKI ROYAL HOTEL |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | General |
| Chair | Hideki Tode(Osaka Pref. Univ.) / Katsunori Yamaoka(Tokyo Inst. of Tech.) |
| Vice Chair | Yoshikatsu Okazaki(NTT) / Takuji Kishida(NTT) |
| Secretary | Yoshikatsu Okazaki(Kyushu Inst. of Tech.) / Takuji Kishida(NTT) |
| Assistant | Shohei Kamamura(NTT) / Kunitake Kaneko(Keio Univ.) / Takashi Natsume(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Network Systems / Technical Committee on Information Networks |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Detection of Bot-infected PCs based on C&C Session Classification |
| Sub Title (in English) | |
| Keyword(1) | C&C server |
| Keyword(2) | botnet |
| Keyword(3) | anomaly detection |
| 1st Author's Name | Hinako Moroi |
| 1st Author's Affiliation | University of Tsukuba(Tsukuba Univ) |
| 2nd Author's Name | Masatoshi Kawarasaki |
| 2nd Author's Affiliation | University of Tsukuba(Tsukuba Univ) |
| Date | 2017-03-02 |
| Paper # | IN2016-99 |
| Volume (vol) | vol.116 |
| Number (no) | IN-485 |
| Page | pp.pp.13-18(IN), |
| #Pages | 6 |
| Date of Issue | 2017-02-23 (IN) |