{"created":"2025-01-18T23:49:55.131240+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00106530","sets":["6164:6165:6462:7729"]},"path":["7729"],"owner":"11","recid":"106530","title":["通信プロトコルのヘッダの特徴に基づく不正通信の検知・分類手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2014-10-15"},"_buckets":{"deposit":"96d23b68-4d3a-4804-9369-28271e37b1d2"},"_deposit":{"id":"106530","pid":{"type":"depid","value":"106530","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"通信プロトコルのヘッダの特徴に基づく不正通信の検知・分類手法","author_link":["12413","12422","12431","12420","12416","12423","12428","12424","12419","12415","12426","12421","12414","12429","12425","12418","12432","12430","12417","12427"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"通信プロトコルのヘッダの特徴に基づく不正通信の検知・分類手法"},{"subitem_title":"Detection and Classification Method for Malicious Packets with Characteristic Network Protocol Header","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"TCP/IPヘッダ，ネットワークスタック，ダークネット，マルウェア動的解析","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2014-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"横浜国立大学"},{"subitem_text_value":"横浜国立大学"},{"subitem_text_value":"横浜国立大学／情報通信研究機構"},{"subitem_text_value":"KDDI株式会社"},{"subitem_text_value":"情報通信研究機構"},{"subitem_text_value":"株式会社クルウィット"},{"subitem_text_value":"情報通信研究機構"},{"subitem_text_value":"情報通信研究機構"},{"subitem_text_value":"横浜国立大学／情報通信研究機構"},{"subitem_text_value":"横浜国立大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University / National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"KDDI Corporation","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"clwit Inc.","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University / National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/106530/files/IPSJCSS2014007.pdf"},"date":[{"dateType":"Available","dateValue":"2016-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2014007.pdf","filesize":[{"value":"629.9 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"e93f9da0-6a08-43bd-b20b-09e0ff0d644b","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2014 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"小出, 駿"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"鈴木, 将吾"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"牧田, 大佑"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"村上, 洸介"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"笠間, 貴弘"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"島村, 隼平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"衛藤, 将史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"井上, 大介"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"吉岡, 克成"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"松本, 勉"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takashi, Koide","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shogo, Suzuki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Makita","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kosuke, Murakami","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takahiro, Kasama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Jumpei, Shimamura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masashi, Eto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Inoue","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsunari, Yoshioka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsutomu, Matsumoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"OSの機能を使わずに独自のネットワークスタックを用いた通信を行うマルウェアやツールはTCP/IPヘッダやアプリケーションプロトコルヘッダに固有の特徴を持つ場合がある．本稿では，TCP初期シーケンス番号，IPヘッダのID値，DNSヘッダのIDなどに固有値が設定されている通信パケットを抽出することで，ネットワーク上で観測される通信を分類する手法を提案する．ダークネット・ハニーポット観測とマルウェア動的解析によって得られた通信の分析に提案手法を適用することで，マルウェアやツールによる不正な通信の特定が可能であることを確認し，新規のマルウェア発見にも応用できることを示す．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Since some malware and network tools have their own implementation of network stack, the packets from them may have characteristic TCP/IP headers and application protocol headers. In this paper, we propose a technique for packet classification by generating signatures using initial sequence number in the TCP header, identification in the IP header, ID in the DNS header and so on. By analyzing darknet traffic, honeypot traffic, and packets from malware sandbox analysis with this method, we show that it is possible to identify packets from these software and possibly detect new malware.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"55","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2014論文集"}],"bibliographicPageStart":"48","bibliographicIssueDates":{"bibliographicIssueDate":"2014-10-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2014"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":106530,"updated":"2025-01-21T09:21:04.259093+00:00","links":{}}