Development of Malware Detection/Classification System Introducing Incremental Learning and Active Learning

2014 Fiscal Year Final Research Report

• Project/Area Number: 24500173
• Research Category: Grant-in-Aid for Scientific Research (C)
• Allocation Type: Multi-year Fund
• Section: 一般
• Research Field: Intelligent informatics
• Research Institution: Kobe University
• Principal Investigator: OZAWA Seiichi 神戸大学, 工学(系)研究科(研究院), 教授 (70214129)
• Co-Investigator(Kenkyū-buntansha): ANDO Ruo 情報通信研究機構, ネットワークセキュリティ研究所, 主任研究員 (30446596)
• Co-Investigator(Renkei-kenkyūsha): KITAZONO Jun 神戸大学, 大学院工学研究科, 助教 (00733677) ; BAN Tao 情報通信研究機構, ネットワークセキュリティ研究所, 主任研究員 (80462878) ; NAKAZATO Junji 情報通信研究機構, ネットワークセキュリティ研究所, 研究員 (60435782)
• Research Collaborator: SHIMAMURA Jumpei
• Project Period (FY): 2012-04-01 – 2015-03-31
• Keywords: サイバーセキュリティ / 機械学習 / オンライン学習 / 悪性スパムメール検知 / ダークネット解析 / DDoSバックスキャッタ判定 / マルウェア感染モニタリング / テキスト解析

Outline of Final Research Achievements

In order to protect network uses from malicious spam mail attacks that can lead to malware infections and to conduct a large-scale monitoring of malicious activities by malwares, we developed three types of learning systems introducing machine learning techniques. First, we developed a malicious spam mail detection system with the following three sophisticated functions: an automatic mechanism to collect suspected malicious spam mails, an automatic labelling (malicious or benign) function for collected spam mails by a crawler-type of web security analyzer, and online learning function for automatically collected training data. Second, we developed a large-scale monitoring system which can observe transitions of subnet infection states by allocating the most similar typical patters obtained by performing the hierarchical clustering for darknet traffic features. Finally, we developed a large-scale monitoring system which can detect DDoS backscatter from observed darknet traffic features.

Free Research Field

知能情報学