| Project/Area Number |
18K11295
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Review Section |
Basic Section 60070:Information security-related
|
|---|
| Research Institution | Kyushu University |
|---|
Principal Investigator |
Feng Yaokai 九州大学, システム情報科学研究院, 助教 (60363389)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
櫻井 幸一 九州大学, システム情報科学研究院, 教授 (60264066)
|
|---|
| Project Period (FY) |
2018-04-01 – 2021-03-31
|
| Project Status |
Completed (Fiscal Year 2020)
|
| Budget Amount *help |
¥4,420,000 (Direct Cost: ¥3,400,000、Indirect Cost: ¥1,020,000)
Fiscal Year 2020: ¥1,170,000 (Direct Cost: ¥900,000、Indirect Cost: ¥270,000)
Fiscal Year 2019: ¥1,300,000 (Direct Cost: ¥1,000,000、Indirect Cost: ¥300,000)
Fiscal Year 2018: ¥1,950,000 (Direct Cost: ¥1,500,000、Indirect Cost: ¥450,000)
|
|---|
| Keywords | 攻撃パターン / パターンの自動抽出 / 検知時の閾値自動調整 / サイバー攻撃 / アンサンブル検知 / シーケンシャル検知 / 2段階検知 / 特徴選択 / Multidimensional Pattern / Two-stage detection / Sequential Detection / Extraction of Threshold / Feature Selection / 多分類器の異常検知 / Automatic Thresholding / Distributed attacks / サイバー攻撃検知 / 通常時挙動パターン / 多次元挙動パターン / 閾値の自動抽出 |
|---|
| Outline of Final Research Achievements |
1) The necessary features for effective detection of distributed attacks were investigated. 2) Realization and performance verification of a lightweight attack detection system based on machine learning. 3) A new feature selection method was proposed,we proposed a detection system that uses multiple detectors in parallel and demonstrated its performance. 4) Regarding the method of using multiple classifiers in order to maintain the balance of multiple performance indicators for attack detection, the effects of related parameters on the detection performance were investigated and meaningful findings were obtained. 5) We conducted research on the automatic extraction of thresholds for attack detection from multidimensional behavior patterns and the automatic adjustment of the thresholds during detection, and obtained meaningful results.
Based on the research results of this research, seven academic journal papers and 8 domestic/international academic conference papers were published.
|
| Academic Significance and Societal Importance of the Research Achievements |
今回の研究で得られた様々な知見は、今後の研究や実際のサイバー攻撃検知システムの設計に役立つ。特には、1) 新しい特徴選択方法を提案し、それを使用して複数の検出器を並列に使用する検出システムの提案; 2) 攻撃検出システムにある複数の性能指標のバランスを保つのは難しい問題を解決するための調査と提案(複数の分類器を使用する順次検出システムのパラメーターの決定法);3) 多次元行動パターンから攻撃検出用閾値を自動抽出し、その自動抽出閾値を検出時に自動的に調整することにより実現した2段階検出方式は、検知システムの軽量化を実現したので、特に IoT 関連のシステムでは重要な知見と考えられている。
|
