{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00106546","sets":["6164:6165:6462:7729"]},"path":["7729"],"owner":"11","recid":"106546","title":["プロセスの通信手続きに基づくフォレンジック手法の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2014-10-15"},"_buckets":{"deposit":"9a8e9bf2-ff5b-4a74-a5b3-065862af2463"},"_deposit":{"id":"106546","pid":{"type":"depid","value":"106546","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"プロセスの通信手続きに基づくフォレンジック手法の提案","author_link":["12543","12541","12546","12544","12545","12536","12538","12542","12540","12537","12539","12535"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"プロセスの通信手続きに基づくフォレンジック手法の提案"},{"subitem_title":"Proposal of Forensics Method Based on Communication Procedure of Process","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"標的型攻撃，フォレンジクス，情報保全ツール，プロセス，通信","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2014-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"独立行政法人情報通信研究機構／株式会社セキュアブレイン"},{"subitem_text_value":"独立行政法人情報通信研究機構"},{"subitem_text_value":"独立行政法人情報通信研究機構"},{"subitem_text_value":"独立行政法人情報通信研究機構"},{"subitem_text_value":"株式会社セキュアブレイン"},{"subitem_text_value":"独立行政法人情報通信研究機構"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"National Institute of Information and Communications Technology / Securebrain Corporation","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Securebrain Corporation","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/106546/files/IPSJCSS2014023.pdf"},"date":[{"dateType":"Available","dateValue":"2016-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2014023.pdf","filesize":[{"value":"593.0 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"97eb5722-dfce-44df-a106-c0ee1b545009","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2014 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"神薗, 雅紀"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"遠峰, 隆史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"津田, 侑"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"衛藤, 将史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"星澤, 裕二"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"井上, 大介"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Masaki, Kamizono","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takashi, Tomine","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yu, Tsuda","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masashi, Eto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yuji, Hoshizawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Inoue","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"標的型攻撃対策として様々なセキュリティ製品が登場している．例えばネットワーク監視製品のアラートから対象ホスト内のどのプロセスによる通信であるかツール等を用いて解析するが，これらのツールは主にプロセスの通信先情報を提供するのみであり，通信手続きであるDNSクエリ等によって挙ったアラートの際は，その情報が保全されていないため対象プロセスを特定できない．そこで本稿ではプロセスの一連の通信手続きを保全し，アラートと突合するフォレンジック手法を提案し評価する．今回は，特に通信手続きの一つであるDNSクエリに着目し，さらに本手法がホストならびにネットワーク監視製品のアラートの結び付けに有効であることを考察する．","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"174","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2014論文集"}],"bibliographicPageStart":"167","bibliographicIssueDates":{"bibliographicIssueDate":"2014-10-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2014"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":106546,"updated":"2025-01-21T09:21:33.049029+00:00","links":{},"created":"2025-01-18T23:49:55.919070+00:00"}