2013 Fiscal Year Final Research Report
Development of abnormality detection system focused on a dangerous system calls using the SVM.
| Project/Area Number |
23500106
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Okinawa National College of Technology |
|---|
Principal Investigator |
IHA Yasushi 沖縄工業高等専門学校, メディア情報工学科, 教授 (60390564)
|
|---|
| Project Period (FY) |
2011 – 2013
|
| Keywords | 不正プログラム検知 / ネットワークセキュリティ技術 / SVM / WAF |
|---|
| Research Abstract |
In this study, we propose the anomaly detection method of combining behavior of program and detection rule to detect a dangerous system call that affects important resource of Windows system. The proposed method first detects a doubtful system call by the detection rule using system call and argument. Then, a dangerous system call is identified by using Support Vector Machine from the history of the system call, and execution is intercepted. We performed an experiment by developing the prototype system based on the proposed method, and using realistic malicious program and usual program. Through the experiments, we have evaluated the detection rate of the proposed technique and the ratio of false positive.
|
