| Presentation | 2014-03-28 Ruleset Optimization for Detecting Malware-Derived Traffic Based on Network-Dependent Log Analysis Kensuke NAKATA, Kazunori KAMIYA, Hiroshi KURAKAMI, Kazufumi AOKI, Takeshi YAGI, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Recent cyber-attacks rapidly get advanced to infect terminals via invalid network access and could damage enterprise activity. Various types of malware and new attack technique are frequently updated so that existing pre-infection countermeasure, such as IDS/IPS or AntiVirus, does not always prevent infection. It becomes important to have post-infection countermeasure, such as infected-host detection or data-loss prevention, to minimize the damage. In this paper, we explain the method of detecting malware-infected hosts : this is based on in-house developed multiple rules which could analyze multi-layered network/security logs that range from Firewall to Proxy. Then we propose the method of tuning rule set considering the deployed network environments, that could select effective rule set by determining fine parameters for selected rules and eliminating ineffective rules. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | log analysis / network log / anomaly detection |
| Paper # | ICSS2013-74 |
| Date of Issue |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2014/3/20(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information and Communication System Security (ICSS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Ruleset Optimization for Detecting Malware-Derived Traffic Based on Network-Dependent Log Analysis |
| Sub Title (in English) | |
| Keyword(1) | log analysis |
| Keyword(2) | network log |
| Keyword(3) | anomaly detection |
| 1st Author's Name | Kensuke NAKATA |
| 1st Author's Affiliation | NTT Secure Platform Laboratories, NTT Corporation() |
| 2nd Author's Name | Kazunori KAMIYA |
| 2nd Author's Affiliation | NTT Secure Platform Laboratories, NTT Corporation |
| 3rd Author's Name | Hiroshi KURAKAMI |
| 3rd Author's Affiliation | NTT Secure Platform Laboratories, NTT Corporation |
| 4th Author's Name | Kazufumi AOKI |
| 4th Author's Affiliation | NTT Secure Platform Laboratories, NTT Corporation |
| 5th Author's Name | Takeshi YAGI |
| 5th Author's Affiliation | NTT Secure Platform Laboratories, NTT Corporation |
| Date | 2014-03-28 |
| Paper # | ICSS2013-74 |
| Volume (vol) | vol.113 |
| Number (no) | 502 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |