{"updated":"2025-01-21T11:18:33.266314+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00101260","sets":["1164:4088:7458:7587"]},"path":["7587"],"owner":"11","recid":"101260","title":["権威DNSサーバのクエリログの可視化による攻撃の発見と分析"],"pubdate":{"attribute_name":"公開日","attribute_value":"2014-05-15"},"_buckets":{"deposit":"1a0b3f95-829e-414b-8645-6d369cc33d4f"},"_deposit":{"id":"101260","pid":{"type":"depid","value":"101260","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"権威DNSサーバのクエリログの可視化による攻撃の発見と分析","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"権威DNSサーバのクエリログの可視化による攻撃の発見と分析"},{"subitem_title":"Visualization of query log of authoritative DNS server for attack analysis and detection","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ネットワーク管理分析・計算機応用","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2014-05-15","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"大分大学大学院工学研究科知能情報システム工学専攻"},{"subitem_text_value":"大分大学大学院工学研究科知能情報システム工学専攻"},{"subitem_text_value":"大分大学工学部知能情報システム工学科"},{"subitem_text_value":"大分大学学術情報拠点情報基盤センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Course of Computer Science and Intelligent Systems, Graduate School of Engineering, Oita University","subitem_text_language":"en"},{"subitem_text_value":"Course of Computer Science and Intelligent Systems, Graduate School of Engineering, Oita University","subitem_text_language":"en"},{"subitem_text_value":"Department of Computer Science and Intelligent Systems, Faculty of Engineering, Oita University","subitem_text_language":"en"},{"subitem_text_value":"Center for Academic Information and Library Services, Oita University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/101260/files/IPSJ-IOT14025005.pdf"},"date":[{"dateType":"Available","dateValue":"2016-05-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT14025005.pdf","filesize":[{"value":"1.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2b851bb0-6127-47e3-8519-ad88df5be512","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2014 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"渡辺, 拳竜"},{"creatorName":"松井, 一乃"},{"creatorName":"池部, 実"},{"creatorName":"吉田, 和幸"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kenryu, Watanabe","creatorNameLang":"en"},{"creatorName":"Kazuno, Matsui","creatorNameLang":"en"},{"creatorName":"Minoru, Ikebe","creatorNameLang":"en"},{"creatorName":"Kazuyuki, Yoshida","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"ボットなどからの攻撃は，その多くが攻撃対象ネットワークの探索から始まる．例えば，spam 送信の際にはその送信先を決定するために MX レコードを問合せる．また，PTR レコードを用いてホストの存在を確認するホスト探索攻撃がある．これらの攻撃は攻撃対象ネットワーク内の権威 DNS サーバに対して問合せをする．本研究では，権威 DNS サーバのクエリログを用いて spam 送信やホスト探索攻撃を検知することを目的とする．特定のレコードについて分析することは攻撃発見の手がかりとなる可能性がある．そこで，本論文ではこれらの攻撃を検知するための前段階として，MX レコードと PTR レコードに着目した分析をする．権威 DNS サーバに対して MX レコードを問合わせた送信元 IP アドレスと同時期のメールサーバに対する spam の送信元 IP アドレスの上位 16 ビットについてヒルベルト曲線を用いて可視化し，比較した結果や，PTR レコードを問合わせた IP アドレスを集計し，問合せ数上位 5 件の IP アドレスについて分析した結果について報告する．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Attackers sweep networks and look for target hosts. For example, the attacker queries MX record to authoritative DNS server for spam sending. Moreover, the attacker queries PTR record to the DNS server for host sweep. In this paper, we aim to detect some attack using queries-log of the authoritative DNS server. Therefore, we analyzed MX and PTR records of queries-log in Oita University. We use a Hilbert curve to map the first and second octets of source IP addresses that sent spam and queried MX record. And, we counted up the daily PTR records of queries-log.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2014-05-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"5","bibliographicVolumeNumber":"2014-IOT-25"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-18T23:46:53.578167+00:00","id":101260,"links":{}}