Development of Malware Detection/Classification System Introducing Incremental Learning and Active Learning
| Project/Area Number |
24500173
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Research Field |
Intelligent informatics
|
|---|
| Research Institution | Kobe University |
|---|
Principal Investigator |
OZAWA Seiichi 神戸大学, 工学(系)研究科(研究院), 教授 (70214129)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
ANDO Ruo 情報通信研究機構, ネットワークセキュリティ研究所, 主任研究員 (30446596)
|
|---|
| Co-Investigator(Renkei-kenkyūsha) |
KITAZONO Jun 神戸大学, 大学院工学研究科, 助教 (00733677)
BAN Tao 情報通信研究機構, ネットワークセキュリティ研究所, 主任研究員 (80462878)
NAKAZATO Junji 情報通信研究機構, ネットワークセキュリティ研究所, 研究員 (60435782)
|
|---|
| Research Collaborator |
SHIMAMURA Jumpei
|
|---|
| Project Period (FY) |
2012-04-01 – 2015-03-31
|
| Project Status |
Completed (Fiscal Year 2014)
|
| Budget Amount *help |
¥5,070,000 (Direct Cost: ¥3,900,000、Indirect Cost: ¥1,170,000)
Fiscal Year 2014: ¥1,300,000 (Direct Cost: ¥1,000,000、Indirect Cost: ¥300,000)
Fiscal Year 2013: ¥1,300,000 (Direct Cost: ¥1,000,000、Indirect Cost: ¥300,000)
Fiscal Year 2012: ¥2,470,000 (Direct Cost: ¥1,900,000、Indirect Cost: ¥570,000)
|
|---|
| Keywords | サイバーセキュリティ / 機械学習 / オンライン学習 / 悪性スパムメール検知 / ダークネット解析 / DDoSバックスキャッタ判定 / マルウェア感染モニタリング / テキスト解析 / 悪性スパムメール攻撃 / ビッグデータ / 識別器 / マルウェア検知 / ダークネットトラフィック解析 / スパムメール悪性度判定 / インターネットセキュリティ / パターン認識 / 特徴選択 / パケット解析 / 行動推定 |
|---|
| Outline of Final Research Achievements |
In order to protect network uses from malicious spam mail attacks that can lead to malware infections and to conduct a large-scale monitoring of malicious activities by malwares, we developed three types of learning systems introducing machine learning techniques. First, we developed a malicious spam mail detection system with the following three sophisticated functions: an automatic mechanism to collect suspected malicious spam mails, an automatic labelling (malicious or benign) function for collected spam mails by a crawler-type of web security analyzer, and online learning function for automatically collected training data. Second, we developed a large-scale monitoring system which can observe transitions of subnet infection states by allocating the most similar typical patters obtained by performing the hierarchical clustering for darknet traffic features. Finally, we developed a large-scale monitoring system which can detect DDoS backscatter from observed darknet traffic features.
|
Report
(4 results)
Research Products
(33 results)
