| Project/Area Number |
16300010
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (B)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Tohoku University |
|---|
Principal Investigator |
NEMOTO Yoshiaki Tohoku University, Graduate School of Information Sciences, Professor, 大学院・情報科学研究科, 教授 (60005527)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
KATO Nei Tohoku University, Graduate School of Information Sciences, Professor, 大学院・情報科学研究科, 教授 (00236168)
WAIZUMI Yuji Tohoku University, Graduate School of Information Sciences, Lecturer, 大学院・情報科学研究科, 講師 (90333872)
|
|---|
| Project Period (FY) |
2004 – 2005
|
| Project Status |
Completed (Fiscal Year 2005)
|
| Budget Amount *help |
¥6,000,000 (Direct Cost: ¥6,000,000)
Fiscal Year 2005: ¥2,200,000 (Direct Cost: ¥2,200,000)
Fiscal Year 2004: ¥3,800,000 (Direct Cost: ¥3,800,000)
|
|---|
| Keywords | Distributed Misuse Detection / Communicated Contents Similarity / Automatic Signature Generation / Common Token / Histogram / Clustering / 不正アクセス / 異常検知 / 状態記述方式 / 状態判別 / おとりシステム / ネットワークセキュリティ |
|---|
| Research Abstract |
It is important to early detect a novel illegal access for network security. In order to early detect the access, we developed some anomaly detection techniques which can detect unknown attacks, an early detection technique based on contents similarity of communication and an extracting method of characteristic information of illegal accesses.
On the anomaly detection, we proposed three anomaly detection methods based on our analysis of state change of network traffic when illegal accesses occurred, and achieve the world's highest level of detection accuracy using benchmark database. We also developed a distributed early detection system of diffusion of computer viruses. The detection system uses the traffic occurred which the computer viruses copy themselves to many hosts on the Internet when they diffuse. The system adopts a similarity evaluation method for communication contents using histogram of codes of packet payloads. We confirmed that the system possesses extremely high detection accuracy with very low false positives.
Moreover, we developed an automatic signature generation method using virus samples that were detected by the above system from common tokens of the detected viruses. And we discovered that the common tokes can be used to detect subspecies of viruses which can be detected already created signatures.
|
