IEICE Technical Committee Submission System
Conference Paper's Information
Online Proceedings
[Sign in]
Tech. Rep. Archives
 Go Top Page Go Previous   [Japanese] / [English] 

Paper Abstract and Keywords
Presentation 2018-03-07 13:25
Combining Local and Global Graph-based Features for Stealth Scan Detection on LAN
Hiroki Nagayama, Bo HU, Kazunori Kamiya, Masaki Tanikawa (NTT) ICSS2017-52
Abstract (in Japanese) (See Japanese page) 
(in English) In recent years, the increase of unknown malware is remarkable and it is difficult to prevent malware infiltration by 100%.
Therefore, considering the occurrence of malware infection as the premise, it is important to create a technology to detect invasive activity such as scan by malware on LAN.
Often the assumption is made that scanning activities are carried out fast, and in the existing research on scan detection,
a detection technique using feature of an increase in traffic volume has been proposed.
Meanwhile, a stealth scan technique implemented at a low rate to avoid detection has also been proposed and these stealth scans are difficult to detect by the conventional detection method.
Therefore, we propose a method to detect stealth scans out of the normal communication connection relation regardless of traffic volume.
Specifically, the communication connection relationship between the hosts is expressed as a graph by using ARP communication which is easy to obtain and is lightweight, and
we combining feature focusing on the local and global structure of the graph, and also newly design the degree centrality of the neighbor nodes considering the direction of communication as the local graph feature.
In the proposed method, stealth scan is detected by learning the communication connection relationship at the time of normal and time of occurrence of scans expressed by these feature.
Keyword (in Japanese) (See Japanese page) 
(in English) graph mining / ARP / stealth scan / anomaly detection / / / /  
Reference Info. IEICE Tech. Rep., vol. 117, no. 481, ICSS2017-52, pp. 7-12, March 2018.
Paper # ICSS2017-52 
Date of Issue 2018-02-28 (ICSS) 
ISSN Print edition: ISSN 0913-5685    Online edition: ISSN 2432-6380
Copyright
and
reproduction
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034)
Download PDF ICSS2017-52

Conference Information
Committee ICSS IPSJ-SPT  
Conference Date 2018-03-07 - 2018-03-08 
Place (in Japanese) (See Japanese page) 
Place (in English) Okinawa Hokubu Koyou Nouryoku Kaihatsu Sougou Center 
Topics (in Japanese) (See Japanese page) 
Topics (in English) Security, Trust, etc. 
Paper Information
Registration To ICSS 
Conference Code 2018-03-ICSS-SPT 
Language Japanese 
Title (in Japanese) (See Japanese page) 
Sub Title (in Japanese) (See Japanese page) 
Title (in English) Combining Local and Global Graph-based Features for Stealth Scan Detection on LAN 
Sub Title (in English)  
Keyword(1) graph mining  
Keyword(2) ARP  
Keyword(3) stealth scan  
Keyword(4) anomaly detection  
Keyword(5)  
Keyword(6)  
Keyword(7)  
Keyword(8)  
1st Author's Name Hiroki Nagayama  
1st Author's Affiliation Nippon Telegraph and Telephone Corporation (NTT)
2nd Author's Name Bo HU  
2nd Author's Affiliation Nippon Telegraph and Telephone Corporation (NTT)
3rd Author's Name Kazunori Kamiya  
3rd Author's Affiliation Nippon Telegraph and Telephone Corporation (NTT)
4th Author's Name Masaki Tanikawa  
4th Author's Affiliation Nippon Telegraph and Telephone Corporation (NTT)
5th Author's Name  
5th Author's Affiliation ()
6th Author's Name  
6th Author's Affiliation ()
7th Author's Name  
7th Author's Affiliation ()
8th Author's Name  
8th Author's Affiliation ()
9th Author's Name  
9th Author's Affiliation ()
10th Author's Name  
10th Author's Affiliation ()
11th Author's Name  
11th Author's Affiliation ()
12th Author's Name  
12th Author's Affiliation ()
13th Author's Name  
13th Author's Affiliation ()
14th Author's Name  
14th Author's Affiliation ()
15th Author's Name  
15th Author's Affiliation ()
16th Author's Name  
16th Author's Affiliation ()
17th Author's Name  
17th Author's Affiliation ()
18th Author's Name  
18th Author's Affiliation ()
19th Author's Name  
19th Author's Affiliation ()
20th Author's Name  
20th Author's Affiliation ()
Speaker Author-1 
Date Time 2018-03-07 13:25:00 
Presentation Time 25 minutes 
Registration for ICSS 
Paper # ICSS2017-52 
Volume (vol) vol.117 
Number (no) no.481 
Page pp.7-12 
#Pages
Date of Issue 2018-02-28 (ICSS) 


[Return to Top Page]

[Return to IEICE Web Page]


The Institute of Electronics, Information and Communication Engineers (IEICE), Japan