書誌事項
- タイトル別名
-
- 侵入検出・検知
この論文をさがす
抄録
Computer worms randomly perform port scans to find vulnerable hosts to intrude over the Internet. Malicious software varies its port-scan strategy e.g. some hosts intensively perform scans on a particular target and some hosts scan uniformly over IP address blocks. In this paper we propose a new automated worm classification scheme from distributed observations. Our proposed scheme can detect some statistics of behavior with a simple decision tree consisting of some nodes to classify source addresses with optimal threshold values. The choice of thresholds is automated to minimize the entropy gain of the classification. Once a tree has been constructed the classification can be done very quickly and accurately. In this paper we analyze a set of source addresses observed by the distributed 30 sensors in ISDAS for a year in order to clarify a primary statistics of worms. Based on the statistical characteristics we present the proposed classification and show the performance of the proposed scheme*1.
Computer worms randomly perform port scans to find vulnerable hosts to intrude over the Internet. Malicious software varies its port-scan strategy, e.g., some hosts intensively perform scans on a particular target and some hosts scan uniformly over IP address blocks. In this paper, we propose a new automated worm classification scheme from distributed observations. Our proposed scheme can detect some statistics of behavior with a simple decision tree consisting of some nodes to classify source addresses with optimal threshold values. The choice of thresholds is automated to minimize the entropy gain of the classification. Once a tree has been constructed, the classification can be done very quickly and accurately. In this paper, we analyze a set of source addresses observed by the distributed 30 sensors in ISDAS for a year in order to clarify a primary statistics of worms. Based on the statistical characteristics, we present the proposed classification and show the performance of the proposed scheme*1.
収録刊行物
-
- 情報処理学会論文誌
-
情報処理学会論文誌 49 (9), 3146-3156, 2008-09-15
東京 : 情報処理学会
- Tweet
詳細情報 詳細情報について
-
- CRID
- 1050001337881240832
-
- NII論文ID
- 110007970203
-
- NII書誌ID
- AN00116647
-
- ISSN
- 18827764
- 18827837
- 03875806
-
- NDL書誌ID
- 024266970
-
- 本文言語コード
- en
-
- 資料種別
- journal article
-
- データソース種別
-
- IRDB
- NDL
- CiNii Articles