Development of intellectual networks forensic technologies against targeted attacks
| Project/Area Number |
26330161
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Research Field |
Information security
|
|---|
| Research Institution | Tokyo Denki University |
|---|
Principal Investigator |
Sasaki ryoichi 東京電機大学, 東京電機大学, 教授 (70333531)
|
|---|
| Project Period (FY) |
2014-04-01 – 2017-03-31
|
| Project Status |
Completed (Fiscal Year 2016)
|
| Budget Amount *help |
¥4,680,000 (Direct Cost: ¥3,600,000、Indirect Cost: ¥1,080,000)
Fiscal Year 2016: ¥1,560,000 (Direct Cost: ¥1,200,000、Indirect Cost: ¥360,000)
Fiscal Year 2015: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000)
Fiscal Year 2014: ¥1,690,000 (Direct Cost: ¥1,300,000、Indirect Cost: ¥390,000)
|
|---|
| Keywords | セキュアネットワーク / デジタルフォレンジクス / ネットワークフォレンジクス / 人工知能 / ルールベース / イベントログ / ネットワークフォレンジック |
|---|
| Outline of Final Research Achievements |
We established the basic method of the LIFT (Live and Intelligent Network Forensic Technologies) system in order to enable the proper guide to the operation manager and semi-automatic operation of the IT systems, when there is a target type mail attack.
This method uses the rule base system and Bayesian network which are classified as AI technology to describe the relationship between symptom - event - countermeasures and clarify the event and countermeasures from the symptom group. We have developed prototype program of LIFT system consisting of about 2000 steps using C #.
By conducting the evaluation experiment using this prototype program, we showed that 6 out of 6 cases can be correctly found for events similar to what happened in the past, and confirmed the basic effectiveness.
|
Report
(4 results)
Research Products
(36 results)
