| Project/Area Number |
22500093
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Media informatics/Database
|
|---|
| Research Institution | Kyushu University |
|---|
Principal Investigator |
YAOKAI Feng 九州大学, 大学院・システム情報科学研究院, 助教 (60363389)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
AKIFUMI Makinouchiakifumi 久留米工業大学, 工学部, 教授 (30221576)
|
|---|
| Project Period (FY) |
2010 – 2012
|
| Project Status |
Completed (Fiscal Year 2012)
|
| Budget Amount *help |
¥4,290,000 (Direct Cost: ¥3,300,000、Indirect Cost: ¥990,000)
Fiscal Year 2012: ¥1,040,000 (Direct Cost: ¥800,000、Indirect Cost: ¥240,000)
Fiscal Year 2011: ¥1,170,000 (Direct Cost: ¥900,000、Indirect Cost: ¥270,000)
Fiscal Year 2010: ¥2,080,000 (Direct Cost: ¥1,600,000、Indirect Cost: ¥480,000)
|
|---|
| Keywords | データベースシステム / 分散型スキャン攻撃 / ヒストグラムデータベース / サイバー攻撃 / 異常検知 / ネットワークセキュリティ / ネットワーク攻撃 / 低レート攻撃 / 通常時挙動モード / ヒストグラム |
|---|
| Research Abstract |
By this study, it was made clear that the network attacks can be detected by checking the characteristic features of the packet traffics. As a concrete approach, we proposed a novel approach based on normal behavior mode for fast detection of distributed port scans in darknets. In this approach, the number of sources is counted in each time unit and a histogram is built for each of the monitored ports. Then, a normal behavior mode for each port can be extracted from the histogram of this port. At last, this normal behaviormode can be used to detectabnormal behaviors in the real network traffics. The related papers havebeen accepted by an internal conference and the Journal of Information Processing of IPJS.
|
