Paper Abstract and Keywords |
Presentation |
2018-03-07 13:25
Combining Local and Global Graph-based Features for Stealth Scan Detection on LAN Hiroki Nagayama, Bo HU, Kazunori Kamiya, Masaki Tanikawa (NTT) ICSS2017-52 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
In recent years, the increase of unknown malware is remarkable and it is difficult to prevent malware infiltration by 100%.
Therefore, considering the occurrence of malware infection as the premise, it is important to create a technology to detect invasive activity such as scan by malware on LAN.
Often the assumption is made that scanning activities are carried out fast, and in the existing research on scan detection,
a detection technique using feature of an increase in traffic volume has been proposed.
Meanwhile, a stealth scan technique implemented at a low rate to avoid detection has also been proposed and these stealth scans are difficult to detect by the conventional detection method.
Therefore, we propose a method to detect stealth scans out of the normal communication connection relation regardless of traffic volume.
Specifically, the communication connection relationship between the hosts is expressed as a graph by using ARP communication which is easy to obtain and is lightweight, and
we combining feature focusing on the local and global structure of the graph, and also newly design the degree centrality of the neighbor nodes considering the direction of communication as the local graph feature.
In the proposed method, stealth scan is detected by learning the communication connection relationship at the time of normal and time of occurrence of scans expressed by these feature. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
graph mining / ARP / stealth scan / anomaly detection / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 117, no. 481, ICSS2017-52, pp. 7-12, March 2018. |
Paper # |
ICSS2017-52 |
Date of Issue |
2018-02-28 (ICSS) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ICSS2017-52 |
Conference Information |
Committee |
ICSS IPSJ-SPT |
Conference Date |
2018-03-07 - 2018-03-08 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Okinawa Hokubu Koyou Nouryoku Kaihatsu Sougou Center |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Security, Trust, etc. |
Paper Information |
Registration To |
ICSS |
Conference Code |
2018-03-ICSS-SPT |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Combining Local and Global Graph-based Features for Stealth Scan Detection on LAN |
Sub Title (in English) |
|
Keyword(1) |
graph mining |
Keyword(2) |
ARP |
Keyword(3) |
stealth scan |
Keyword(4) |
anomaly detection |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Hiroki Nagayama |
1st Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
2nd Author's Name |
Bo HU |
2nd Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
3rd Author's Name |
Kazunori Kamiya |
3rd Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
4th Author's Name |
Masaki Tanikawa |
4th Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2018-03-07 13:25:00 |
Presentation Time |
25 minutes |
Registration for |
ICSS |
Paper # |
ICSS2017-52 |
Volume (vol) |
vol.117 |
Number (no) |
no.481 |
Page |
pp.7-12 |
#Pages |
6 |
Date of Issue |
2018-02-28 (ICSS) |
|