| Project/Area Number |
15300011
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (B)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Tohoku University |
|---|
Principal Investigator |
KATO Nei Tohoku University, Graduate School of Information Sciences, Professor, 大学院・情報科学研究科, 教授 (00236168)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
OHTA Kohei Cyber Solutions, Inc., Senior Researcher, 主任研究員
|
|---|
| Project Period (FY) |
2003 – 2004
|
| Project Status |
Completed (Fiscal Year 2004)
|
| Budget Amount *help |
¥6,200,000 (Direct Cost: ¥6,200,000)
Fiscal Year 2004: ¥2,800,000 (Direct Cost: ¥2,800,000)
Fiscal Year 2003: ¥3,400,000 (Direct Cost: ¥3,400,000)
|
|---|
| Keywords | Illegal Access / Security / NIDS / Next generation network / DoS / ネットワークセキュリティ / 学習型検出 / IDS / 主成分分析 |
|---|
| Research Abstract |
Recently, NIDS (Network-based Intrusion Detection System) has played an important role in Internet security system. However, the pattern matching technique used in NIDS is weak for new-type virus or unauthorized access, intentionally evasion act and is not expectable for next generation internet protocol IPv6 equipped with encryption. In this study, we propose a new access detection system which have learning function on subnetwork. Our goal is to develop next generation access detection system which include unknown illegal access detection structure, cooperate with NIDS and adapt to IPv6.
In this research, we discussed about DoS (Denial of Service) attack that is difficult to detect in pattern matching technique and developed the system that learn and detect DoS attack This system exploit that the normal access follows the TCP congestion avoidance mechanism and will send test feedback to the source that being suspected of unauthorized access to decrease the transmission rate. By detecting the source's response, we can determine whether it is unauthorized access or not.
Furthermore, we develop the software necessary for sharing information of detected unauthorized access among subnet NIDS and neighboring NIDS. This software makes it possible to block the unauthorized access extensively and we construct unauthorized access detection and extermination system combined with detection system. We had performed experiments over real network. As a result, we verified that detection-system is able to detect attack rapidly and accurately and we can realize high detection rate and low false negative rate.
|
