| Presentation | 2017-03-13 Clustering of Bot Port Scan and Brute-force Activities Shohei Araki, Bo Hu, Yukio Nagafuchi, Takaaki Koyama, Jun Miyoshi, Hajime Shimada, Hiroki Takakura, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Cyber-attacks targeting IoT devices are rapidly spreading. In September 2016, malware called Mirai caused great damages onto the Internet. It is important to clarify malware activities for early-stage measures. In this paper, we propose a clustering method of extracting host groups suspected of similar malware infection. The proposed method decide a high priority port number for narrowing down traffic data efficiently, and then perform clustering for extracting malicious host groups behaving in similar ways. Our proposal can facilitate decision-making of security operators for counter measures in an early stage. In experiment, we showed a holistic view of malicious activities from different host groups and high accuracy achieved by our classification |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Clustering / Port Scan / Brute-force attack / bot classfication / IoT |
| Paper # | ICSS2016-46 |
| Date of Issue | 2017-03-06 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2017/3/13(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | University of Nagasaki |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Yoshiaki Shiraishi(Kobe Univ.) / Takeshi Ueda(Mitsubishi Electric) |
| Secretary | Yoshiaki Shiraishi(NII) / Takeshi Ueda(Yokohama National Univ.) |
| Assistant | Kazunori Kamiya(NTT) / Takahiro Kasama(NICT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Clustering of Bot Port Scan and Brute-force Activities |
| Sub Title (in English) | |
| Keyword(1) | Clustering |
| Keyword(2) | Port Scan |
| Keyword(3) | Brute-force attack |
| Keyword(4) | bot classfication |
| Keyword(5) | IoT |
| 1st Author's Name | Shohei Araki |
| 1st Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
| 2nd Author's Name | Bo Hu |
| 2nd Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
| 3rd Author's Name | Yukio Nagafuchi |
| 3rd Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
| 4th Author's Name | Takaaki Koyama |
| 4th Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
| 5th Author's Name | Jun Miyoshi |
| 5th Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
| 6th Author's Name | Hajime Shimada |
| 6th Author's Affiliation | Nagoya University(Nagoya Univ.) |
| 7th Author's Name | Hiroki Takakura |
| 7th Author's Affiliation | National Institute of Informatics(NII) |
| Date | 2017-03-13 |
| Paper # | ICSS2016-46 |
| Volume (vol) | vol.116 |
| Number (no) | ICSS-522 |
| Page | pp.pp.1-6(ICSS), |
| #Pages | 6 |
| Date of Issue | 2017-03-06 (ICSS) |