Traceback System of Malicious Accesses of the Internet based on Similarity of Communication Data

基于通信数据相似性的互联网恶意访问追溯系统

基本信息

  • 批准号:
    18300017
  • 负责人:
  • 金额:
    $ 4.43万
  • 依托单位:
  • 依托单位国家:
    日本
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
  • 财政年份:
    2006
  • 资助国家:
    日本
  • 起止时间:
    2006 至 2007
  • 项目状态:
    已结题

项目摘要

We developed a traceback system of malicious accesses of the Internet base on the similarity of communication data of network flows. In order to protect privacy of communication, we proposed a new modeling method to evaluate the similarity of communication data. Our proposed modeling method express a network flow, which is a TCP connection, with a 256-dimensional vector which consists of the occurrence probabilities of 8-bit codes. Since this modeling method id irreversible data translation, the privacy of communication data can ne protected. By using this modeling, we can evaluate the similarities of communication flows. If we have a 256-dimensioncal vector extracted from a network worm flow, we can detect the same kind of worm flow by evaluating the similarity between the vector and vector of newly observed flow because the vector of a same kind of network worm is very similar each other. Consequently, we developed a high accurate modeling method to identify flows which have similar … More contents.We also developed a distributed worm detection system which can detect network worms of which the detection signatures have not generated. The proposed detection system has Global Detector and Local Detectors. If multiple similar flows are observed at a Local Detector in a short term, the Local Detector judges that this emergence of similar flows can be occurred by network worm activities, and send the mean 256-dimensional vector of the similar flows to the Global Detector. In order to detect malicious accesses occurrence, Global Detector evaluate the similarity among the vectors sent from the Local Detectors. If the manner, our proposed detection system can detect malicious network activities without signatures made in advance.Based on the similarities of vectors, a new traceback system which can discover the point of release of a new malicious access have been proposed. To find the point of release of a malicious access, the traceback system keeps three elements: detection time when a malicious flow was observed, src IP of the flow and the 256-dimensional vector of the flow. By communicating the three elements and evaluating the similarity, the traceback system can find the point of release of the malicious flow. Less
我们开发了一个基于网络流量通信数据相似性的恶意访问追踪系统。为了保护通信隐私,提出了一种新的通信数据相似度建模方法。我们提出的建模方法表示一个网络流,这是一个TCP连接,与256维向量,其中包括8位代码的出现概率。由于这种建模方法是不可逆的数据转换,因此可以保护通信数据的隐私。通过使用这种建模,我们可以评估通信流的相似性。如果我们从一个网络蠕虫流中提取出一个256维的向量,由于同一类型的网络蠕虫的向量非常相似,我们可以通过计算这个向量与新观察到的网络蠕虫的向量之间的相似度来检测同一类型的蠕虫流。因此,我们开发了一种高精度的建模方法来识别具有相似性的流动, ...更多信息 我们还开发了一个分布式蠕虫检测系统,可以检测到尚未生成检测特征的网络蠕虫。提出的检测系统具有全局检测器和局部检测器。如果局部检测器在短期内观察到多个相似流,则局部检测器判断该相似流的出现可能是网络蠕虫活动造成的,并将相似流的平均256维向量发送给全局检测器。为了检测恶意访问的发生,全局检测器评估从本地检测器发送的向量之间的相似性。基于向量的相似性,提出了一种新的回溯系统,可以发现新的恶意访问的释放点。为了找到恶意访问的释放点,回溯系统保留三个元素:观察到恶意流时的检测时间、流的src IP和流的256维向量。通过传递这三个元素并评估相似性,追踪系统可以找到恶意流的释放点。少

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
An Efficient Signature-Based Approach for Automatic Detection of Internet Worms over Large-Scale Networks
一种有效的基于签名的方法,用于自动检测大规模网络上的网络蠕虫
An Evaluation of Transition Pattern of Payload Legnth for Network Application Identification
网络应用识别有效负载长度转换模式的评估
  • DOI:
  • 发表时间:
    2007
  • 期刊:
  • 影响因子:
    0
  • 作者:
    S. Yagi;Y. Waizumi;H. Tsunoda;Y. Nemoto
  • 通讯作者:
    Y. Nemoto
帯域利用状態に着目したパルス型DoS検知の誤検知と観測コストの低減
减少脉冲 DoS 检测中的误报和观察成本,重点关注带宽使用状态
  • DOI:
  • 发表时间:
    2006
  • 期刊:
  • 影响因子:
    0
  • 作者:
    荒井健二郎;角田裕;和泉勇治;根元義章
  • 通讯作者:
    根元義章
Network Application Identification using Transition Pattern of Packets
使用数据包转换模式进行网络应用识别
  • DOI:
  • 发表时间:
    2006
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Y. Waizumi;Y. Nemoto
  • 通讯作者:
    Y. Nemoto
相関関係ヒストグラムによるネットワーク状態評価方式
基于相关直方图的网络状态评估方法
  • DOI:
  • 发表时间:
    2006
  • 期刊:
  • 影响因子:
    0
  • 作者:
    和泉勇治;廣瀬 淳一;角田 裕 根元義章
  • 通讯作者:
    角田 裕 根元義章
{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

NEMOTO Yoshiaki其他文献

NEMOTO Yoshiaki的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('NEMOTO Yoshiaki', 18)}}的其他基金

Distributed Network anomaly Detection using Multiresolutional Observables
使用多分辨率可观察量的分布式网络异常检测
  • 批准号:
    20300023
  • 财政年份:
    2008
  • 资助金额:
    $ 4.43万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
Next Generation Automatic Trace Back System for Broad Unlawful Access Based on Time-Series Analysis of Trafic Patterns
基于流量模式时间序列分析的下一代广泛非法访问自动追溯系统
  • 批准号:
    14380172
  • 财政年份:
    2002
  • 资助金额:
    $ 4.43万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
Organization-defense Style Security System by using Detection of Omens of Illegal Access.
利用非法访问预兆检测的组织防御式安全系统。
  • 批准号:
    12558036
  • 财政年份:
    2000
  • 资助金额:
    $ 4.43万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
Solution of the electromagnetic noise produced from small electric appliance by real-time parallel measurements
实时并行测量解决小电器产生的电磁噪声
  • 批准号:
    11834003
  • 财政年份:
    1999
  • 资助金额:
    $ 4.43万
  • 项目类别:
    Grant-in-Aid for Scientific Research (C)
A study of Real-time fault detecting system using information filtering technique
基于信息过滤技术的实时故障检测系统研究
  • 批准号:
    09680388
  • 财政年份:
    1997
  • 资助金额:
    $ 4.43万
  • 项目类别:
    Grant-in-Aid for Scientific Research (C)
Construction of Distributed Network Management System for High speed and Large Scale Information Network
高速大规模信息网络分布式网络管理系统的构建
  • 批准号:
    08558033
  • 财政年份:
    1996
  • 资助金额:
    $ 4.43万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了