Presentation | 2017-03-13 Deep Learning Approach for Detecting Malware Infected Host and Detection Performance Evaluation with HTTP Traffic Taishi Nishiyama, Atsutoshi Kumagai, Yasushi Okano, Kazunori Kamiya, Masaki Tanikawa, Kazuya Okada, Yuji Sekiya, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Preventive measures are generally important to stop the occurrence of a security incident caused by malware. However, it is common case that unknown malware slip through the preventive measures, because new or variant type of malware are produced on a large scale by attackers. Therefore, second-best way is to correctly detect malware infected-hosts, and to block malicious communication as soon as possible- in fact, the importance of detecting infected terminal strategy is thus increasing. For detecting infected-hosts, it is important to analyze logs taken inside the network to trace malware activity. In this paper, we propose a method of detecting infected hosts using Deep Learning and analyzing HTTP traffic logs. Through our evaluations, we demonstrate the superiority of Deep Learning based approach in comparison to a conventional Logistic Regression based approach. Especially, our evaluation result shows that $rm{TPR_{1%}}$- TPR when threshold is adjusted so that FPR is less than 1%- of our Deep Learning based approach is better in 7 % than Logistic Regression based approach. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Deep Learning / Log Analysis / Malware / Infected Host |
Paper # | ICSS2016-52 |
Date of Issue | 2017-03-06 (ICSS) |
Conference Information | |
Committee | ICSS / IPSJ-SPT |
---|---|
Conference Date | 2017/3/13(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | University of Nagasaki |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | System Security, etc. |
Chair | Yutaka Miyake(KDDI R&D Labs.) |
Vice Chair | Yoshiaki Shiraishi(Kobe Univ.) / Takeshi Ueda(Mitsubishi Electric) |
Secretary | Yoshiaki Shiraishi(NII) / Takeshi Ueda(Yokohama National Univ.) |
Assistant | Kazunori Kamiya(NTT) / Takahiro Kasama(NICT) |
Paper Information | |
Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Deep Learning Approach for Detecting Malware Infected Host and Detection Performance Evaluation with HTTP Traffic |
Sub Title (in English) | |
Keyword(1) | Deep Learning |
Keyword(2) | Log Analysis |
Keyword(3) | Malware |
Keyword(4) | Infected Host |
1st Author's Name | Taishi Nishiyama |
1st Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
2nd Author's Name | Atsutoshi Kumagai |
2nd Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
3rd Author's Name | Yasushi Okano |
3rd Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
4th Author's Name | Kazunori Kamiya |
4th Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
5th Author's Name | Masaki Tanikawa |
5th Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
6th Author's Name | Kazuya Okada |
6th Author's Affiliation | The University of Tokyo(University of Tokyo) |
7th Author's Name | Yuji Sekiya |
7th Author's Affiliation | The University of Tokyo(University of Tokyo) |
Date | 2017-03-13 |
Paper # | ICSS2016-52 |
Volume (vol) | vol.116 |
Number (no) | ICSS-522 |
Page | pp.pp.49-54(ICSS), |
#Pages | 6 |
Date of Issue | 2017-03-06 (ICSS) |