Presentation	2005-07-21 A Study on Host Profiling for Incident Analysis Kazuya Ohkouchi, Kenji Rikitake, Koji Nakao,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	Profiling is a process to disclose implicit characteristics of a pre-processed data set as the attribute columns. In this paper, we first propose the issues to resolve and applicable scenarios for profiling the implicit characteristics of a security attack based on the packet-capture logs including the IP addresses of the attacking sources. We then show a specific example of a DDoS attack analysis, which discloses implicit characteristics of the involving computer virus by applying the proposed profiling method.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Incident / Profiling / DDoS / Log Analysis
Paper #	ISEC2005-21,SITE2005-19
Date of Issue

Conference Information
Committee	ISEC
Conference Date	2005/7/14(1days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To	Information Security (ISEC)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	A Study on Host Profiling for Incident Analysis
Sub Title (in English)
Keyword(1)	Incident
Keyword(2)	Profiling
Keyword(3)	DDoS
Keyword(4)	Log Analysis
1st Author's Name	Kazuya Ohkouchi
1st Author's Affiliation	National Institute of Information and Communications Technology:Hitachi, Ltd.()
2nd Author's Name	Kenji Rikitake
2nd Author's Affiliation	National Institute of Information and Communications Technology
3rd Author's Name	Koji Nakao
3rd Author's Affiliation	National Institute of Information and Communications Technology:KDDI Corporation
Date	2005-07-21
Paper #	ISEC2005-21,SITE2005-19
Volume (vol)	vol.105
Number (no)	193
Page	pp.pp.-
#Pages	8
Date of Issue