WEKO3
アイテム
A Combinatorics Proliferation Model with Threshold for Malware Countermeasure
https://ipsj.ixsq.nii.ac.jp/records/68696
https://ipsj.ixsq.nii.ac.jp/records/686967ad6a29b-3e88-48a6-a459-3ad0b1d773fa
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL5103005.pdf (479.7 kB)
|
Copyright (c) 2010 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||
|---|---|---|---|---|---|---|---|---|
| 公開日 | 2010-03-15 | |||||||
| タイトル | ||||||||
| タイトル | A Combinatorics Proliferation Model with Threshold for Malware Countermeasure | |||||||
| タイトル | ||||||||
| 言語 | en | |||||||
| タイトル | A Combinatorics Proliferation Model with Threshold for Malware Countermeasure | |||||||
| 言語 | ||||||||
| 言語 | eng | |||||||
| キーワード | ||||||||
| 主題Scheme | Other | |||||||
| 主題 | 特集:マルチメディア、分散、協調とモバイルシステム | |||||||
| 資源タイプ | ||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||
| 資源タイプ | journal article | |||||||
| 著者所属 | ||||||||
| Japan Advanced Institute of Science and Technology (JAIST) | ||||||||
| 著者所属 | ||||||||
| Fujitsu Laboratories, Ltd. | ||||||||
| 著者所属 | ||||||||
| Fujitsu Laboratories, Ltd. | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Japan Advanced Institute of Science and Technology (JAIST) | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Fujitsu Laboratories, Ltd. | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Fujitsu Laboratories, Ltd. | ||||||||
| 著者名 |
Kazumasa, Omote
× Kazumasa, Omote
|
|||||||
| 著者名(英) |
Kazumasa, Omote
× Kazumasa, Omote
|
|||||||
| 論文抄録 | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Security software such as anti-virus software and personal firewall are usually installed in every host within an enterprise network. There are mainly two kinds of security software: signature-based software and anomaly-based software. Anomaly-based software generally has a “threshold” that discriminates between normal traffic and malware communications in network traffic observation. Such a threshold involves the number of packets used for behavior checking by the anomaly-based software. Also, it indicates the number of packets sent from an infected host before the infected host is contained. In this paper, we propose a mathematical model that uses discrete mathematics known as combinatorics, which is suitable for situations in which there are a small number of infected hosts. Our model can estimate the threshold at which the number of infected hosts can be suppressed to a small number. The result from our model fits very well with the result of computer simulation using typical existing scanning malware and a typical network. | |||||||
| 論文抄録(英) | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Security software such as anti-virus software and personal firewall are usually installed in every host within an enterprise network. There are mainly two kinds of security software: signature-based software and anomaly-based software. Anomaly-based software generally has a “threshold” that discriminates between normal traffic and malware communications in network traffic observation. Such a threshold involves the number of packets used for behavior checking by the anomaly-based software. Also, it indicates the number of packets sent from an infected host before the infected host is contained. In this paper, we propose a mathematical model that uses discrete mathematics known as combinatorics, which is suitable for situations in which there are a small number of infected hosts. Our model can estimate the threshold at which the number of infected hosts can be suppressed to a small number. The result from our model fits very well with the result of computer simulation using typical existing scanning malware and a typical network. | |||||||
| 書誌レコードID | ||||||||
| 収録物識別子タイプ | NCID | |||||||
| 収録物識別子 | AN00116647 | |||||||
| 書誌情報 |
情報処理学会論文誌 巻 51, 号 3, p. 705-715, 発行日 2010-03-15 |
|||||||
| ISSN | ||||||||
| 収録物識別子タイプ | ISSN | |||||||
| 収録物識別子 | 1882-7764 | |||||||
