{"updated":"2025-01-20T17:49:18.302695+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00146824","sets":["6164:6165:6462:8443"]},"path":["8443"],"owner":"11","recid":"146824","title":["マルウェア通信検知手法におけるUser-Agentの有効性の一考察"],"pubdate":{"attribute_name":"公開日","attribute_value":"2015-10-14"},"_buckets":{"deposit":"171502e5-c3ef-455b-90a8-7eea52b63722"},"_deposit":{"id":"146824","pid":{"type":"depid","value":"146824","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"マルウェア通信検知手法におけるUser-Agentの有効性の一考察","author_link":["230644","230643"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"マルウェア通信検知手法におけるUser-Agentの有効性の一考察"},{"subitem_title":"A Study for Effectiveness of User-Agent for Malware Communication Traffic Detection","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"MWS，FFRI Dataset，User-Agent，マルウェア通信","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2015-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"株式会社リクルートテクノロジーズ"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Recruit Technologies Co.,Ltd.","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/146824/files/IPSJ-CSS2015032.pdf","label":"IPSJ-CSS2015032.pdf"},"date":[{"dateType":"Available","dateValue":"2017-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2015032.pdf","filesize":[{"value":"566.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"1f0f4af8-059c-4fe2-8fd9-ce1c578ecbbc","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2015 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"市田, 達也"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Tatsuya, Ichida","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"サイバー攻撃に用いられるマルウェアは，バックドアやボットなど感染後に外部サーバーと通信を行うことが一般であり，特に HTTP 等の一般的なプロトコルにて行う場合が多い．近年，HTTP の User-Agent ヘッダを用いてマルウェア通信を識別する (UA 監査) 機能が実装されているセキュリティ製品もあるが，User-Agent をブラウザに偽装することでその検知を逃れようとするマルウェアも確認されている．本考察では，UA 監査機能を持つ製品の有用性向上のため，マルウェア通信で利用された User-Agent の正常との逸脱度を算出し，User-Agent の有効性の評価および今後に向けた考察を行う．評価には FFRI データセットおよび独自環境にて取得したマルウェアを用いた．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"A lot of malware communicate with their C&C servers via HTTP protocol． So some security appliances implement User-Agent inspection. However some malware pretend to be the browser agent and therefore its effectiveness is not clear today．In this study, I focused on User-Agent feature and evaluate the effectiveness for malware communication traffic detection using FFRI Datasets and our original captured malware．","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"241","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2015論文集"}],"bibliographicPageStart":"234","bibliographicIssueDates":{"bibliographicIssueDate":"2015-10-14","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"3","bibliographicVolumeNumber":"2015"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:22:09.754696+00:00","id":146824,"links":{}}