| Presentation | 2017-03-13 Supervised Classification for Detecting Malware Infected Host in HTTP Traffic and Long-time Evaluation for Detection Performance using Mixed Data Atsutoshi Kumagai, Yasushi Okano, Kazunori Kamiya, Masaki Tanikawa, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | The importance of post-infection countermeasures has greatly increased. Such countermeasures include generating blacklist based on communications made by malware. However, it is difficult for such methods to detect new type of communications made by sophisticated malware. In this paper, we propose a novel method for detecting malware-infected hosts by analyzing their communications based on machine learning. With the proposed method, logistic regression is used as classifiers, and features are extracted from HTTP traffic. The proposed method can eliminate the number of features while maintaining the detection performance by incorporating both sparse learning and feature summarization heuristics. In addition, we propose a novel evaluation procedure considering practical operation. Considering that actual malware-infected hosts generate not only malicious communications which are caused by malware but also normal communications which are caused by legitimate users, we mix malicious communications and normal communications for creating malicious testing data. Furthermore, we evaluate the long-time detection performance since it is important to detect malware-infected hosts correctly over a long period of time. The effectiveness of the proposed method is demonstrated with experiments using HTTP traffic data. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | machine learning / malware / malware-infected host / long-time evaluation for detection performance / mixed data |
| Paper # | ICSS2016-51 |
| Date of Issue | 2017-03-06 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2017/3/13(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | University of Nagasaki |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Yoshiaki Shiraishi(Kobe Univ.) / Takeshi Ueda(Mitsubishi Electric) |
| Secretary | Yoshiaki Shiraishi(NII) / Takeshi Ueda(Yokohama National Univ.) |
| Assistant | Kazunori Kamiya(NTT) / Takahiro Kasama(NICT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Supervised Classification for Detecting Malware Infected Host in HTTP Traffic and Long-time Evaluation for Detection Performance using Mixed Data |
| Sub Title (in English) | |
| Keyword(1) | machine learning |
| Keyword(2) | malware |
| Keyword(3) | malware-infected host |
| Keyword(4) | long-time evaluation for detection performance |
| Keyword(5) | mixed data |
| 1st Author's Name | Atsutoshi Kumagai |
| 1st Author's Affiliation | NTT Corporation(NTT) |
| 2nd Author's Name | Yasushi Okano |
| 2nd Author's Affiliation | NTT Corporation(NTT) |
| 3rd Author's Name | Kazunori Kamiya |
| 3rd Author's Affiliation | NTT Corporation(NTT) |
| 4th Author's Name | Masaki Tanikawa |
| 4th Author's Affiliation | NTT Corporation(NTT) |
| Date | 2017-03-13 |
| Paper # | ICSS2016-51 |
| Volume (vol) | vol.116 |
| Number (no) | ICSS-522 |
| Page | pp.pp.43-48(ICSS), |
| #Pages | 6 |
| Date of Issue | 2017-03-06 (ICSS) |