| Presentation | 2017-03-03 Network based detection of Remote Access Trojan communication by using packet entropy on early instruction stage Masumi Uno, Masahiro Ishii, Atsuo Inomata, Ismail Arai, Kazutoshi Fujikawa, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Confidential information have been leaked accidentally by targetted attacks by targeted attacks. Remote Access Trojan/tool (RAT) is mainly used in such attacks. It is therefore important to detect the RAT activity on intrusion stage to minimize damage by the attack. The detection of the RAT is getting more and more difficult with technological advance. Advanced RATs which use various kinds of protocols cannot be detected with conventional methods. In this study, we provide a method to detect an early intrusion stage of RAT communication by using network features of packet entropy of the communication. We use several supervised machine learning algorithms and K-fold cross validation technique to validate using features of packet entropy. From our experimental results, we report that our approach cant detect RAT sessions with the high accuracy 96.2% and the low false positive rate of 1.6%. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Network Security / ntrusion Detection / RAT |
| Paper # | SITE2016-68,IA2016-98 |
| Date of Issue | 2017-02-24 (SITE, IA) |
| Conference Information | |
| Committee | IA / SITE / IPSJ-IOT |
|---|---|
| Conference Date | 2017/3/3(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Culture Resort Festone (Okinawa) |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Internet and Information Ethics Education, etc. |
| Chair | Ken-ichi Yoshida(Univ. of Tsukuba) / Hitoshi Okada(NII) |
| Vice Chair | Hiroyuki Osaki(Kwansei Gakuin Univ.) / Masahiro Jibiki(NICT) / Tomoki Yoshihisa(Osaka Univ.) / Tetsuya Morizumi(Kanagawa Univ.) / Masaru Ogawa(Kobe Gakuin Univ.) |
| Secretary | Hiroyuki Osaki(Tokyo Inst. of Tech.) / Masahiro Jibiki(Ritsumeikan Univ.) / Tomoki Yoshihisa(Kyushu Univ.) / Tetsuya Morizumi(Gifu Shotoku Gakuen Univ.) / Masaru Ogawa |
| Assistant | Yusuke Sakumoto(Tokyo Metropolitan Univ.) / Yuichiro Hei(KDDI R&D Labs.) / Toshiki Watanabe(NEC) / Kanako Kawaguchi(Tokyo Univ. of the Arts) / Akiyoshi Kabeya(Chiba Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture / Technical Committee on Social Implications of Technology and Information Ethics / Special Interest Group on Internet and Operation Technology |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Network based detection of Remote Access Trojan communication by using packet entropy on early instruction stage |
| Sub Title (in English) | |
| Keyword(1) | Network Security |
| Keyword(2) | ntrusion Detection |
| Keyword(3) | RAT |
| 1st Author's Name | Masumi Uno |
| 1st Author's Affiliation | Graduate School of information ,Nara Institute of Science and Technology(NAIST) |
| 2nd Author's Name | Masahiro Ishii |
| 2nd Author's Affiliation | Tokyo Institute of Technology(Tokyo Tech) |
| 3rd Author's Name | Atsuo Inomata |
| 3rd Author's Affiliation | Tokyo Denki University(TDU) |
| 4th Author's Name | Ismail Arai |
| 4th Author's Affiliation | Graduate School of information ,Nara Institute of Science and Technology(NAIST) |
| 5th Author's Name | Kazutoshi Fujikawa |
| 5th Author's Affiliation | Graduate School of information ,Nara Institute of Science and Technology(NAIST) |
| Date | 2017-03-03 |
| Paper # | SITE2016-68,IA2016-98 |
| Volume (vol) | vol.116 |
| Number (no) | SITE-490,IA-491 |
| Page | pp.pp.41-46(SITE), pp.41-46(IA), |
| #Pages | 6 |
| Date of Issue | 2017-02-24 (SITE, IA) |