Distributed Network anomaly Detection using Multiresolutional Observables

2010 Fiscal Year Final Research Report

• Project/Area Number: 20300023
• Research Category: Grant-in-Aid for Scientific Research (B)
• Allocation Type: Single-year Grants
• Section: 一般
• Research Field: Computer system/Network
• Research Institution: Tohoku University
• Principal Investigator: NEMOTO Yoshiaki 東北大学, 大学院・情報科学研究科, 理事 (60005527)
• Co-Investigator(Kenkyū-buntansha): WAIZUMI Yuji 東北大学, 大学院・情報科学研究科, 准教授 (90333872) ; TSUNODA Hiroshi 東北工業大学, 工学部・情報通信工学科, 講師 (30400302)
• Project Period (FY): 2008 – 2010
• Keywords: 情報システム / セキュア / ネットワーク

Research Abstract

A network anomaly detection system has been developed. This system can achieve high detection accuracy by using feature values extracted with plural algorithms from network flows of which packets are aggregated based on their IP addresses and port numbers. The system can higher detection rate with feature values collected from distributed observation points.

Research Products

• [Journal Article] Network Application Identification Based on Communication Characteristics of Application Messages (2011)
  • Author(s): Y. Waizumi、 Y. Tsukabe, 、H. Tsunoda, Y. Nemoto、K. Tanaka
  • Journal Title: Journal of Communication And Computer Volume: No.8 Pages: 111-119
  • Peer Reviewed
• [Journal Article] メッセージの遷移パターンに基づくネットワークアプリケーション識別システムの試作 (2010)
  • Author(s): 和泉勇治、阿部康一、根元義章
  • Journal Title: 電子情報通信学会論文誌D Volume: J93-D Pages: 2257-2267
  • Peer Reviewed
• [Journal Article] Combating against internet worms in large-scale networks : an autonomic signature-based solution (2009)
  • Author(s): K. Simkhada, T. Taleb, Y. Waizumi, A. Jamalipour, Y. Nemoto
  • Journal Title: SECURITY AND COMMUNICATION NETWORKS Pages: 11-28
  • Peer Reviewed
• [Journal Article] Detecting Dodos attacks by a simple response packet confirmation mechanism (2008)
  • Author(s): H. Tsunoda, K. Ohta, A. Yamamoto, N. Ansari, Y. Waizumi, Y. Nemoto
  • Journal Title: Computer Communications Volume: No.3 Pages: 3299-3306
  • Peer Reviewed
• [Presentation] Network Application Identification Based on Communication characteristics of Application Messages (2009)
  • Author(s): Y. Waizumi, Y. Tsukabe, H. Tsunoda, and Y. Nemoto
  • Organizer: Proc. of WCSET 2009
  • Place of Presentation: Bangkok、タイ
  • Year and Date: 2009-12-26
• [Presentation] A New Traffic Pattern Match-ing for DDoS Traceback Using Inde pendent Component Analysis (2009)
  • Author(s): Y. Waizumi, T. Sato, and Y. Nemoto
  • Organizer: Proc. of WCSET 2009
  • Place of Presentation: Bangkok、タイ
  • Year and Date: 2009-12-26
• [Presentation] A Reliable Network Application Identification Based on Transition Pattern of Payload Length (2008)
  • Author(s): S. Yagi, Y. Waizumi, H. Tsunoda, Y. Nemoto
  • Organizer: Proc. of IEEE Globecom 2008
  • Place of Presentation: New Orleans, 米国
  • Year and Date: 2008-12-02
• [Presentation] Network Application Ident-ification Using Transition Pattern of Payload Length (2008)
  • Author(s): S. Yagi, Y. Waizumi, H. Tsunoda, A. Jamalipour, N. Kato, Y. Nemoto
  • Organizer: IEEE WCNC 2008
  • Place of Presentation: Las Vegas 、米国
  • Year and Date: 2008-04-02
• [Patent(Industrial Property Rights)] Network Failure Detection Method and Network Failure Detection (2008)
  • Inventor(s): Yuji Waizumi, Hitoshi Tsunoda, Yoshiaki Nemoto
  • Industrial Property Rights Holder: Tohoku University
  • Industrial Property Number: 特許、US 2009/0265784 A1
  • Filing Date: 2008-05-08