WEKO3
アイテム
Automated Port-scan Classification with Decision Tree and Distributed Sensors
https://ipsj.ixsq.nii.ac.jp/records/9447
https://ipsj.ixsq.nii.ac.jp/records/944743985a4e-3741-4ab6-a0b0-c32db1639c97
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL4909020.pdf (571.6 kB)
|
Copyright (c) 2008 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||
|---|---|---|---|---|---|---|---|---|
| 公開日 | 2008-09-15 | |||||||
| タイトル | ||||||||
| タイトル | Automated Port-scan Classification with Decision Tree and Distributed Sensors | |||||||
| タイトル | ||||||||
| 言語 | en | |||||||
| タイトル | Automated Port-scan Classification with Decision Tree and Distributed Sensors | |||||||
| 言語 | ||||||||
| 言語 | eng | |||||||
| キーワード | ||||||||
| 主題Scheme | Other | |||||||
| 主題 | 特集:安心・安全な社会基盤を実現するコンピュータセキュリティ技術 | |||||||
| 資源タイプ | ||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||
| 資源タイプ | journal article | |||||||
| その他タイトル | ||||||||
| その他のタイトル | 侵入検出・検知 | |||||||
| 著者所属 | ||||||||
| School of Information Technology Tokai University | ||||||||
| 著者所属 | ||||||||
| School of Information Technology Tokai University | ||||||||
| 著者所属 | ||||||||
| School of Information Technology Tokai University | ||||||||
| 著者所属 | ||||||||
| Hitachi Incident Response Team (HIRT) Hitachi Ltd. | ||||||||
| 著者所属 | ||||||||
| Faculty of Engineering King Mongkut's Institute of Technology Ladkrabang | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| School of Information Technology, Tokai University | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| School of Information Technology, Tokai University | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| School of Information Technology, Tokai University | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Hitachi Incident Response Team (HIRT), Hitachi, Ltd. | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang | ||||||||
| 著者名 |
Hiroaki, Kikuchi
× Hiroaki, Kikuchi
|
|||||||
| 著者名(英) |
Hiroaki, Kikuchi
× Hiroaki, Kikuchi
|
|||||||
| 論文抄録 | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Computer worms randomly perform port scans to find vulnerable hosts to intrude over the Internet. Malicious software varies its port-scan strategy e.g. some hosts intensively perform scans on a particular target and some hosts scan uniformly over IP address blocks. In this paper we propose a new automated worm classification scheme from distributed observations. Our proposed scheme can detect some statistics of behavior with a simple decision tree consisting of some nodes to classify source addresses with optimal threshold values. The choice of thresholds is automated to minimize the entropy gain of the classification. Once a tree has been constructed the classification can be done very quickly and accurately. In this paper we analyze a set of source addresses observed by the distributed 30 sensors in ISDAS for a year in order to clarify a primary statistics of worms. Based on the statistical characteristics we present the proposed classification and show the performance of the proposed scheme<sup>*1</sup>. | |||||||
| 論文抄録(英) | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Computer worms randomly perform port scans to find vulnerable hosts to intrude over the Internet. Malicious software varies its port-scan strategy, e.g., some hosts intensively perform scans on a particular target and some hosts scan uniformly over IP address blocks. In this paper, we propose a new automated worm classification scheme from distributed observations. Our proposed scheme can detect some statistics of behavior with a simple decision tree consisting of some nodes to classify source addresses with optimal threshold values. The choice of thresholds is automated to minimize the entropy gain of the classification. Once a tree has been constructed, the classification can be done very quickly and accurately. In this paper, we analyze a set of source addresses observed by the distributed 30 sensors in ISDAS for a year in order to clarify a primary statistics of worms. Based on the statistical characteristics, we present the proposed classification and show the performance of the proposed scheme<sup>*1</sup>. | |||||||
| 書誌レコードID | ||||||||
| 収録物識別子タイプ | NCID | |||||||
| 収録物識別子 | AN00116647 | |||||||
| 書誌情報 |
情報処理学会論文誌 巻 49, 号 9, p. 3146-3156, 発行日 2008-09-15 |
|||||||
| ISSN | ||||||||
| 収録物識別子タイプ | ISSN | |||||||
| 収録物識別子 | 1882-7764 | |||||||
