Paper Abstract and Keywords |
Presentation |
2016-03-04 11:00
A Suspicious Processes Detection Scheme using Process Frequency and Network State Junji Nakazato, Yu Tsuda, Eto Masashi, Daisuke Inoue, Koji Nakao (NICT) ICSS2015-60 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Many serious security incidents caused by the targeted attacks have been occurred. The targeted attacks can not be prevented easily, because a malware that is used in the attack is difficult to detect by antivirus software. Consequently, the malware has been active for a long term in order to access important user, service, and specific system in a targeted organization. In this paper we proposed a new suspicious process detection scheme. The proposed scheme decides suspicious degree of a process by calculating feature value constructed with process frequency and number of user who executing the same process. Moreover, we use the network conditions, such as communication of a process in order to reduce a false positive. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
targeted attack / malware detection / process frequency / / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 115, no. 488, ICSS2015-60, pp. 77-82, March 2016. |
Paper # |
ICSS2015-60 |
Date of Issue |
2016-02-25 (ICSS) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ICSS2015-60 |
|