Development of abnormality detection system focused on a dangerous system calls using the SVM.
| Project/Area Number |
23500106
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Okinawa National College of Technology |
|---|
Principal Investigator |
IHA Yasushi 沖縄工業高等専門学校, メディア情報工学科, 教授 (60390564)
|
|---|
| Project Period (FY) |
2011 – 2013
|
| Project Status |
Completed (Fiscal Year 2013)
|
| Budget Amount *help |
¥4,680,000 (Direct Cost: ¥3,600,000、Indirect Cost: ¥1,080,000)
Fiscal Year 2013: ¥910,000 (Direct Cost: ¥700,000、Indirect Cost: ¥210,000)
Fiscal Year 2012: ¥910,000 (Direct Cost: ¥700,000、Indirect Cost: ¥210,000)
Fiscal Year 2011: ¥2,860,000 (Direct Cost: ¥2,200,000、Indirect Cost: ¥660,000)
|
|---|
| Keywords | 不正プログラム検知 / ネットワークセキュリティ技術 / SVM / WAF / 仮想マシンモニタ / BitVisor |
|---|
| Research Abstract |
In this study, we propose the anomaly detection method of combining behavior of program and detection rule to detect a dangerous system call that affects important resource of Windows system. The proposed method first detects a doubtful system call by the detection rule using system call and argument. Then, a dangerous system call is identified by using Support Vector Machine from the history of the system call, and execution is intercepted. We performed an experiment by developing the prototype system based on the proposed method, and using realistic malicious program and usual program. Through the experiments, we have evaluated the detection rate of the proposed technique and the ratio of false positive.
|
Report
(4 results)
Research Products
(12 results)
