| Presentation | 2017-03-13 Deep Learning Approach for Detecting Malware Infected Host and Detection Performance Evaluation with HTTP Traffic Taishi Nishiyama, Atsutoshi Kumagai, Yasushi Okano, Kazunori Kamiya, Masaki Tanikawa, Kazuya Okada, Yuji Sekiya, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Preventive measures are generally important to stop the occurrence of a security incident caused by malware. However, it is common case that unknown malware slip through the preventive measures, because new or variant type of malware are produced on a large scale by attackers. Therefore, second-best way is to correctly detect malware infected-hosts, and to block malicious communication as soon as possible- in fact, the importance of detecting infected terminal strategy is thus increasing. For detecting infected-hosts, it is important to analyze logs taken inside the network to trace malware activity. In this paper, we propose a method of detecting infected hosts using Deep Learning and analyzing HTTP traffic logs. Through our evaluations, we demonstrate the superiority of Deep Learning based approach in comparison to a conventional Logistic Regression based approach. Especially, our evaluation result shows that $rm{TPR_{1%}}$- TPR when threshold is adjusted so that FPR is less than 1%- of our Deep Learning based approach is better in 7 % than Logistic Regression based approach. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Deep Learning / Log Analysis / Malware / Infected Host |
| Paper # | ICSS2016-52 |
| Date of Issue | 2017-03-06 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2017/3/13(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | University of Nagasaki |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Yoshiaki Shiraishi(Kobe Univ.) / Takeshi Ueda(Mitsubishi Electric) |
| Secretary | Yoshiaki Shiraishi(NII) / Takeshi Ueda(Yokohama National Univ.) |
| Assistant | Kazunori Kamiya(NTT) / Takahiro Kasama(NICT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Deep Learning Approach for Detecting Malware Infected Host and Detection Performance Evaluation with HTTP Traffic |
| Sub Title (in English) | |
| Keyword(1) | Deep Learning |
| Keyword(2) | Log Analysis |
| Keyword(3) | Malware |
| Keyword(4) | Infected Host |
| 1st Author's Name | Taishi Nishiyama |
| 1st Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
| 2nd Author's Name | Atsutoshi Kumagai |
| 2nd Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
| 3rd Author's Name | Yasushi Okano |
| 3rd Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
| 4th Author's Name | Kazunori Kamiya |
| 4th Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
| 5th Author's Name | Masaki Tanikawa |
| 5th Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
| 6th Author's Name | Kazuya Okada |
| 6th Author's Affiliation | The University of Tokyo(University of Tokyo) |
| 7th Author's Name | Yuji Sekiya |
| 7th Author's Affiliation | The University of Tokyo(University of Tokyo) |
| Date | 2017-03-13 |
| Paper # | ICSS2016-52 |
| Volume (vol) | vol.116 |
| Number (no) | ICSS-522 |
| Page | pp.pp.49-54(ICSS), |
| #Pages | 6 |
| Date of Issue | 2017-03-06 (ICSS) |