An Active Malware Detection System for Secure Campus Networks
| Project/Area Number |
18K11296
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Review Section |
Basic Section 60070:Information security-related
|
|---|
| Research Institution | Kyushu Institute of Technology |
|---|
Principal Investigator |
Satoh Akihiro 九州工業大学, 情報基盤センター, 助教 (30609376)
|
|---|
| Project Period (FY) |
2018-04-01 – 2021-03-31
|
| Project Status |
Completed (Fiscal Year 2020)
|
| Budget Amount *help |
¥4,160,000 (Direct Cost: ¥3,200,000、Indirect Cost: ¥960,000)
Fiscal Year 2020: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000)
Fiscal Year 2019: ¥650,000 (Direct Cost: ¥500,000、Indirect Cost: ¥150,000)
Fiscal Year 2018: ¥2,080,000 (Direct Cost: ¥1,600,000、Indirect Cost: ¥480,000)
|
|---|
| Keywords | ネットワークセキュリティ / DGAマルウェア / ドメイン名 / 機械学習 / マルウェア / C&C / Network Security / DGA Bot |
|---|
| Outline of Final Research Achievements |
Some of the most serious security threats facing computer networks involve malware. To prevent malware-related damage, administrators must swiftly identify and remove the infected machines that may reside in their networks. However, many malware families have domain generation algorithms (DGAs) to avoid detection. In this research project, we develop a system to detect malware-infected machines from massive DNS queries. Here, we focus on queried domain names for the DNSs because name resolution is an unencrypted interaction that always occurs prior to malware communication. Our system mainly has two features to detect the infected machines by superficially analyzing DNS queries and to actively collect information about malware families by forcibly changing their callback destinations.
|
| Academic Significance and Societal Importance of the Research Achievements |
総務省は,オリンピックの東京開催を見据え,公衆無線LANの整備を推進している.加えて,高等教育の現場では,学生個人の端末を必携とするBYOD体制を検討する動きが盛んになってきている.このように,自身が所有する端末を外出先のネットワークに接続する利用形態は,今後増加するものと想像できる.その一方,マルウェアに感染した端末をネットワークに持ち込まれる可能性はより高まることになる.本研究の成果は,ネットワークに内在する感染端末を迅速に排除することを可能とする.故に,公衆無線LANやキャンパスネットワークなど,端末の持ち込みを前提としたネットワークにおいて,セキュリティの向上に大きく寄与する.
|
Report
(4 results)
Research Products
(12 results)
