機械学習を用いたDNSクエリ/応答のログ解析による悪性端末検出手法の提案

仲宗根 一成; 北口 善明; 山岡 克式

Publication Information

Title

Japanese:	機械学習を用いたDNSクエリ/応答のログ解析による悪性端末検出手法の提案
English:	Proposal of malicious device detection method by DNS query/response log analysis using machine learning

Author

Japanese:	仲宗根一成, 北口善明, 山岡克式.
English:	Issei Nakasone, Yoshiaki Kitaguchi, KATSUNORI YAMAOKA.

Language

Japanese

Journal/Book name

Japanese:	電子情報通信学会技術研究報告
English:	IEICE technical report

Volume, Number, Page

Vol. 118 No. 466 pp. 271-276

Published date

Mar. 2019

Publisher

Japanese:	一般社団法人電子情報通信学会
English:	The Institute of Electronics, Information and Communication Engineers

Conference name

Japanese:	情報ネットワーク (IN) 2019年3月研究会
English:

Conference site

Japanese:
English:

Official URL

https://ken.ieice.org/ken/paper/20190305o1lj/

Abstract

One common way for detecting malware devices in a network is to use a blacklist based on signature detection.However, in the near future, this detection method will become difficult because of the variety of malwares.In this paper, we propose the method of detecting malicious devices by using machine learning to identify unknown malware.We extract the time series data of feature vectors from logs of DNS query/response, then we transform them into distributed representation by using Recurrent neural network (RNN). We also performed the cluster analysis to explore their relation.The experiment shows that the behavior of the source IP address is classified into two classes; moreover, the some minority clusters transmit to the specific queries.

Home

Search

Support

About T2R2

Related Links

Publication Information