A Combinatorics Proliferation Model with Threshold for Malware Countermeasure
スポンサーリンク
概要
- 論文の詳細を見る
Security software such as anti-virus software and personal firewall are usually installed in every host within an enterprise network. There are mainly two kinds of security software: signature-based software and anomaly-based software. Anomaly-based software generally has a “threshold” that discriminates between normal traffic and malware communications in network traffic observation. Such a threshold involves the number of packets used for behavior checking by the anomaly-based software. Also, it indicates the number of packets sent from an infected host before the infected host is contained. In this paper, we propose a mathematical model that uses discrete mathematics known as combinatorics, which is suitable for situations in which there are a small number of infected hosts. Our model can estimate the threshold at which the number of infected hosts can be suppressed to a small number. The result from our model fits very well with the result of computer simulation using typical existing scanning malware and a typical network.
著者
-
Omote Kazumasa
Japan Advanced Inst. Of Sci. And Technol.
-
SHIMOYAMA Takeshi
FUJITSU LABORATORIES Ltd
-
Torii Satoru
Fujitsu Laboratories, Ltd.
関連論文
- Extending Bleichenbachers Forgery Attack
- Practical and Secure Recovery of Disk Encryption Key Using Smart Cards
- A Strict Evaluation on the Number of Conditions for SHA-1 Collision Search
- A Second-price Sealed-bid Auction with Public Verifiability
- An Anonymous Sealed-bid Auction with a Feature of Entertainment
- A Combinatorics Proliferation Model with Threshold for Malware Countermeasure
- Theoretical Analysis of x^2 Attack on RC6 (Symmetric Cipher) (Cryptography and Information Security)
- An Efficient Interpolation Attack(Special Section on Cryptography and Information Security)
- Efficient and Secure Aggregation of Sensor Data against Multiple Corrupted Nodes
- Preimage Attacks on the Step-Reduced RIPEMD-128 and RIPEMD-160
- Methods for Restricting Message Space in Public-Key Encryption
- Improvement of Network coding-based System for Ensuring Data Integrity in Cloud Computing
- Improvement of Network coding-based System for Ensuring Data Integrity in Cloud Computing
- Key Length Estimation of Pairing-Based Cryptosystems Using ηT Pairing over GF(3n)
- Extending Bleichenbacher's Forgery Attack
- Preimage Attacks on the Step-Reduced RIPEMD-128 and RIPEMD-160