Hirofumi Nakakoji

Enhancing Network Based Bot Detection with Contextual Information

In this paper, we propose a bot detection method that enhances traffic analysis of Network based IDS (NIDS) by using process contextual information obtained from monitored machines. Existing NIDS classifies hosts suspected of doing both of the Command and Control (C&C) communication and infection activities as bots. However, this approach cannot conduct finer-grained analysis than IP address level, and which leads to false positives and negatives. To address this problem, this proposed method enables NIDS to achieve process-grained detection by feeding the contextual information of the processes that perform network activities. Through experiments using a prototype implementation on Xen and a bot sample, we demonstrate that the proposed method enables to detect bots appropriately.

Detection and control system for Peer-to-Peer file exchange application

As P2P (Peer-to-Peer) file sharing software is widely deployed, it causes some serious problems, such as network traffic congestion, unwanted file sharing by computer viruses that abuse P2P software, and so on. Detecting and controlling traffic of P2P software is an important issue to solve these problems. In this paper, we propose a basic architecture to observe large-scale network traffic, identify the P2P traffic and control them. This architecture consists of four units, the observation unit, the analysis unit, the control unit and the managing unit. We evaluate the architecture using lOGbps full duplex traffic, and demonstrate that this system can control the P2P traffic properly.