Structure discovery of Network Services by Using Network Traffic

• Project/Area Number: 21500078
• Research Category: Grant-in-Aid for Scientific Research (C)
• Allocation Type: Single-year Grants
• Section: 一般
• Research Field: Computer system/Network
• Research Institution: Kyushu University
• Principal Investigator: HORI Yoshiaki 九州大学, システム情報科学研究院, 准教授 (90264126)
• Co-Investigator(Kenkyū-buntansha): SAKURAI Kouichi 九州大学, 大学院・システム情報科学研究院, 教授 (60264066) ; TAKEUCHI Jun-ichi 九州大学, 大学院・システム情報科学研究院, 教授 (80432871)
• Project Period (FY): 2009 – 2011
• Project Status: Completed (Fiscal Year 2011)
• Budget Amount: ¥4,420,000 (Direct Cost: ¥3,400,000、Indirect Cost: ¥1,020,000); Fiscal Year 2011: ¥1,170,000 (Direct Cost: ¥900,000、Indirect Cost: ¥270,000); Fiscal Year 2010: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000); Fiscal Year 2009: ¥1,820,000 (Direct Cost: ¥1,400,000、Indirect Cost: ¥420,000)
• Keywords: トラヒック観測 / ネットワークセキュリティ / ネットワーク管理運用 / 構造発見 / 異常発見 / 異常検知 / トラフィック観測

Research Abstract

We carry out research for discovering the structure of network services by using network traffic analysis. We propose a flow traffic classification scheme with machine learning by using payload length. We also propose bot detection scheme based on inter-arrival-time analysis on messages between an IRC client and an IRC server. Furthermore, we propose malicious domain evaluation scheme based on analysis of graph structure of domain information and its attributes.

Research Products

• [Journal Article] "Proactive Blacklisting for Malicious Web Sites by Reputation Evaluation Based on Domain and IP Address Registration," (2011)
  • Author(s): Yoshiro Fukushima, Yoshiaki Hori, Kouichi Sakurai
  • Journal Title: Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications(IEEE TrustCom-11) Pages: 352-361
  • Peer Reviewed
• [Journal Article] Proactive Blacklisting for Malicious Web Sites by Reputation Evaluation Based on Domain and IP Address Registration (2011)
  • Author(s): Yoshiro Fukushima
  • Journal Title: Proc.of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-11) Pages: 352-361
  • DOI: 10.1109/trustcom.2011.46
  • Peer Reviewed
• [Journal Article] "Implementation and Evaluation of Bot Detection Scheme based on Data Transmission Interval," (2010)
  • Author(s): Seiichiro Mizoguchi, Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai
  • Journal Title: Proceedings of the 6th Workshop on Secure Network Protocols(NPsec2010) Pages: 73-78
  • Peer Reviewed
• [Journal Article] "Darknet Monitoring on Real-Operated Networks," (2010)
  • Author(s): Seiichiro Mizoguchi, Yoshiro Fukushima, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai
  • Journal Title: Proceedings of the 5th International Conference on Broadband, Wireless Computing, Communication and Applications(BWCCA2010) Pages: 278-285
  • Peer Reviewed
• [Journal Article] Darknet Monitoring on Real-Operated Networks (2010)
  • Author(s): S.Mizoguchi, Y.Fukushima, Y.Kasahara, Y.Hori, K.Sakurai
  • Journal Title: Prof.of The 5th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA) Pages: 287-285
  • Peer Reviewed
• [Journal Article] Implementation and Evaluation of Bot Detection Scheme based on Data Transmission Intervals (2010)
  • Author(s): S.Mizoguchi, Y.Kugisaki, Y.Kasahara, Y.Hori, K.Sakurai
  • Journal Title: Prof.of the 6th Workshop on Secure Network Protocols (NPsec2010) Pages: 73-78
  • Peer Reviewed
• [Journal Article] "Flow Traffic Classification with Support Vector Machine by Using Payload Length," (2009)
  • Author(s): Masayoshi Kohara, Yoshiaki Hori, Kouichi Sakurai, Heejo Lee, Jae-Cheol Ryou
  • Journal Title: Proceedings of the 2nd International Conference on Computer Science and its Applications(CSA2009) Volume: 2 Pages: 703-707
  • Peer Reviewed
• [Journal Article] Flow Traffic Classification with Support Vector Machine by using Payload Length (2009)
  • Author(s): Yoshiaki Hori
  • Journal Title: Proceedings of the 2009 2nd International Conference on Computer Science and its Applications(CSA2009), NTCCA2009 Workshop 2 Pages: 703-707
  • Peer Reviewed
• [Presentation] HTTPリクエストにおける情報量の外れ値検出を用いた漏洩検知" (2012)
  • Author(s): 千葉一輝, 堀良彰, 櫻井幸一
  • Organizer: 2012年電子情報通信学会総合大会
  • Place of Presentation: 岡山市
  • Year and Date: 2012-03-23
• [Presentation] HTTPリクエストにおける情報量の外れ値検出を用いた漏洩検知 (2012)
  • Author(s): 千葉一輝
  • Organizer: 電子情報通信学会総合大会
  • Place of Presentation: 岡山市
  • Year and Date: 2012-03-23
• [Presentation] "ウェブサーバのログ解析による異常検知" (2012)
  • Author(s): 落水壱歩, 堀良彰, 櫻井幸一
  • Organizer: 火の国情報シンポジウム2012
  • Place of Presentation: 福岡県飯塚市
  • Year and Date: 2012-03-15
• [Presentation] ウェブサーバのログ解析による異常検知 (2012)
  • Author(s): 落水壱歩
  • Organizer: 火の国情報シンポジウム2012
  • Place of Presentation: 福岡県飯塚市
  • Year and Date: 2012-03-15
• [Presentation] データ送信間隔のエントロピーに着目した挙動の数値化手法," (2012)
  • Author(s): 溝口誠一郎, 堀良彰, 櫻井幸一
  • Organizer: 2012年暗号と情報セキュリティシンポジウム(SCIS2012)
  • Place of Presentation: 金沢市
  • Year and Date: 2012-01-31
• [Presentation] "Reviewing the Way to Quantifying Information Leaks on HTTP Requests and Proposing the Detection System," (2012)
  • Author(s): Kazuki Chiba, Yoshiaki Hori, Kouichi Sakurai
  • Organizer: 5th Workshop among Asian Information Security Labs(WAIS 2012)
  • Place of Presentation: Pohang, South Korea
  • Year and Date: 2012-01-13
• [Presentation] Reviewing the Way to Quantifying Information Leaks on HTTP Requests, and Proposing the Detection System (2012)
  • Author(s): Kazuki Chiba
  • Organizer: Fifth Workshop among Asian Information Security Labs (WAIS'2012)
  • Place of Presentation: Pohang, South Korea
  • Year and Date: 2012-01-13
• [Presentation] "Entropy based Network Behavior Characterization and Bot Detection," (2011)
  • Author(s): Seiichiro Mizoguchi, Yoshiaki Hori, Kouichi Sakurai
  • Organizer: The 6th International Workshop on Security(IWSEC 2011)
  • Place of Presentation: 東京都
  • Year and Date: 2011-11-09
• [Presentation] Entropy based Network Behavior Characterization and Bot Detection," International Workshop on Security (2011)
  • Author(s): Seiichiro Mizoguchi
  • Organizer: The 6th International Workshop on Security (IWSEC2011)
  • Place of Presentation: 東京都
  • Year and Date: 2011-11-09
• [Presentation] 履歴情報に基づくHTTPリクエストにおける情報量の数値化手法の検討と検知システムの考案" (2011)
  • Author(s): 千葉一輝, 堀良彰, 櫻井幸一
  • Organizer: 2011年コンピュータセキュリティシンポジウム(CSS2011)
  • Place of Presentation: 新潟市
  • Year and Date: 2011-10-19
• [Presentation] 履歴情報に基づくHTTPリクエストにおける情報量の数値化手法の検討と検知システムの考案 (2011)
  • Author(s): 千葉一輝
  • Organizer: コンピュータセキュリティシンポジウム2011
  • Place of Presentation: 新潟市
  • Year and Date: 2011-10-19
• [Presentation] "履歴情報に基づくHTTPリクエストにおける情報漏洩量の数値化手法の検討," (2011)
  • Author(s): 千葉一輝, 堀良彰, 櫻井幸一
  • Organizer: 2011年電気関係学会九州支部連合大会(第64回連合大会)
  • Place of Presentation: 佐賀市
  • Year and Date: 2011-09-27
• [Presentation] "エントロピーを用いた機械的特徴のスコアリングとボット検知への応用" (2011)
  • Author(s): 溝口誠一郎, 堀良彰, 櫻井幸一
  • Organizer: 2011年電気関係学会九州支部連合大会(第64回連合大会)
  • Place of Presentation: 佐賀市
  • Year and Date: 2011-09-27
• [Presentation] "悪性Webサイト間の関連性に着目した信頼性評価によるブラックリスト方式の検討" (2011)
  • Author(s): 福島祥郎,堀良彰,櫻井幸一
  • Organizer: 情報処理学会第146回マルチメディア通信と分散処理・第52回コンピュータセキュリティ合同研究発表会
  • Place of Presentation: 大阪府吹田市
  • Year and Date: 2011-03-11
• [Presentation] 悪性Webサイト間の関連性に着目した信頼性評価によるブラックリスト方式の検討 (2011)
  • Author(s): 福島祥郎, 堀良彰, 櫻井幸一
  • Organizer: 第146回 マルチメディア通信と分散処理・第52回コンピュータセキュリティ合同研究発表会
  • Place of Presentation: 大阪府吹田市
  • Year and Date: 2011-03-11
• [Presentation] 情報量を用いたHTTPリクエストにおける情報漏洩検知システム" (2011)
  • Author(s): 千葉一輝,西出隆志,堀良彰,櫻井幸一
  • Organizer: 2011年火の国情報シンポジウム
  • Place of Presentation: 福岡市
  • Year and Date: 2011-03-09
• [Presentation] 情報量を用いたHTTPリクエストにおける情報漏洩検知システム (2011)
  • Author(s): 千葉一輝, 西出隆志, 堀良彰, 櫻井幸一
  • Organizer: 火の国情報シンポジウム
  • Place of Presentation: 福岡市(福岡大学)
  • Year and Date: 2011-03-09
• [Presentation] "データ送信間隔に基づくボット検知手法の実装ならびに評価,"マルチメディア,分散 (2010)
  • Author(s): 溝口誠一郎,釘崎裕司,笠原義晃,堀良彰,櫻井幸一
  • Organizer: 協調とモバイルシンポジウム(DICOMO2010)
  • Place of Presentation: 岐阜県下呂市
  • Year and Date: 2010-07-07
• [Presentation] "低レート攻撃トラフィック検出に関する検討",マルチメディア,分散 (2010)
  • Author(s): 福島祥郎,堀良彰,櫻井幸一
  • Organizer: 協調とモバイルシンポジウム(DICOMO2010)
  • Place of Presentation: 岐阜県下呂市
  • Year and Date: 2010-07-07
• [Presentation] 低レート攻撃トラフィック検出に関する検討 (2010)
  • Author(s): 福島祥郎, 堀良彰, 櫻井幸一
  • Organizer: マルチメディア、分散、協調とモバイル(DICOMO2010)シンポジウム
  • Place of Presentation: 岐阜県下呂市
  • Year and Date: 2010-07-07
• [Remarks]
  • URL: http://itslab.inf.kyushu-u.ac.jp/index-j.html
• [Remarks]
  • URL: http://itslab.inf.kyushu-u.ac.jp/index.html
• [Remarks]
  • URL: http://itslab.csce.kyushu-u.ac.jp/