2016 Fiscal Year Final Research Report
Development of intellectual networks forensic technologies against targeted attacks
| Project/Area Number |
26330161
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Research Field |
Information security
|
|---|
| Research Institution | Tokyo Denki University |
|---|
Principal Investigator |
Sasaki ryoichi 東京電機大学, 東京電機大学, 教授 (70333531)
|
|---|
| Project Period (FY) |
2014-04-01 – 2017-03-31
|
| Keywords | セキュアネットワーク / デジタルフォレンジクス / ネットワークフォレンジクス / 人工知能 / ルールベース / イベントログ |
|---|
| Outline of Final Research Achievements |
We established the basic method of the LIFT (Live and Intelligent Network Forensic Technologies) system in order to enable the proper guide to the operation manager and semi-automatic operation of the IT systems, when there is a target type mail attack.
This method uses the rule base system and Bayesian network which are classified as AI technology to describe the relationship between symptom - event - countermeasures and clarify the event and countermeasures from the symptom group. We have developed prototype program of LIFT system consisting of about 2000 steps using C #.
By conducting the evaluation experiment using this prototype program, we showed that 6 out of 6 cases can be correctly found for events similar to what happened in the past, and confirmed the basic effectiveness.
|
| Free Research Field |
情報セキュリティ
|
