Paper Abstract and Keywords |
Presentation |
2017-03-13 15:40
Deep Learning Approach for Detecting Malware Infected Host and Detection Performance Evaluation with HTTP Traffic Taishi Nishiyama, Atsutoshi Kumagai, Yasushi Okano, Kazunori Kamiya, Masaki Tanikawa (NTT), Kazuya Okada, Yuji Sekiya (University of Tokyo) ICSS2016-52 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Preventive measures are generally important to stop the occurrence of a security incident caused by malware. However, it is common case that unknown malware slip through the preventive measures, because new or variant type of malware are produced on a large scale by attackers. Therefore, second-best way is to correctly detect malware infected-hosts, and to block malicious communication as soon as possible- in fact, the importance of detecting infected terminal strategy is thus increasing. For detecting infected-hosts, it is important to analyze logs taken inside the network to trace malware activity. In this paper, we propose a method of detecting infected hosts using Deep Learning and analyzing HTTP traffic logs. Through our evaluations, we demonstrate the superiority of Deep Learning based approach in comparison to a conventional Logistic Regression based approach. Especially, our evaluation result shows that $rm{TPR_{1%}}$- TPR when threshold is adjusted so that FPR is less than 1%- of our Deep Learning based approach is better in 7 % than Logistic Regression based approach. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Deep Learning / Log Analysis / Malware / Infected Host / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 116, no. 522, ICSS2016-52, pp. 49-54, March 2017. |
Paper # |
ICSS2016-52 |
Date of Issue |
2017-03-06 (ICSS) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ICSS2016-52 |
Conference Information |
Committee |
ICSS IPSJ-SPT |
Conference Date |
2017-03-13 - 2017-03-14 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
University of Nagasaki |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
System Security, etc. |
Paper Information |
Registration To |
ICSS |
Conference Code |
2017-03-ICSS-SPT |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Deep Learning Approach for Detecting Malware Infected Host and Detection Performance Evaluation with HTTP Traffic |
Sub Title (in English) |
|
Keyword(1) |
Deep Learning |
Keyword(2) |
Log Analysis |
Keyword(3) |
Malware |
Keyword(4) |
Infected Host |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Taishi Nishiyama |
1st Author's Affiliation |
NTT Secure Platform Laboratories (NTT) |
2nd Author's Name |
Atsutoshi Kumagai |
2nd Author's Affiliation |
NTT Secure Platform Laboratories (NTT) |
3rd Author's Name |
Yasushi Okano |
3rd Author's Affiliation |
NTT Secure Platform Laboratories (NTT) |
4th Author's Name |
Kazunori Kamiya |
4th Author's Affiliation |
NTT Secure Platform Laboratories (NTT) |
5th Author's Name |
Masaki Tanikawa |
5th Author's Affiliation |
NTT Secure Platform Laboratories (NTT) |
6th Author's Name |
Kazuya Okada |
6th Author's Affiliation |
The University of Tokyo (University of Tokyo) |
7th Author's Name |
Yuji Sekiya |
7th Author's Affiliation |
The University of Tokyo (University of Tokyo) |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2017-03-13 15:40:00 |
Presentation Time |
25 minutes |
Registration for |
ICSS |
Paper # |
ICSS2016-52 |
Volume (vol) |
vol.116 |
Number (no) |
no.522 |
Page |
pp.49-54 |
#Pages |
6 |
Date of Issue |
2017-03-06 (ICSS) |
|