{"updated":"2025-01-20T13:15:40.931433+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00157724","sets":["1164:4088:8487:8488"]},"path":["8488"],"owner":"11","recid":"157724","title":["NAT環境に対応したDNS・SDN連携型動的ファイアウォールシステム"],"pubdate":{"attribute_name":"公開日","attribute_value":"2016-02-25"},"_buckets":{"deposit":"ad4187a4-3b2e-4577-99cc-f560666fbf5f"},"_deposit":{"id":"157724","pid":{"type":"depid","value":"157724","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"NAT環境に対応したDNS・SDN連携型動的ファイアウォールシステム","author_link":["299030","299035","299031","299034","299032","299033","299036","299028","299029","299027"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"NAT環境に対応したDNS・SDN連携型動的ファイアウォールシステム"},{"subitem_title":"Proactive firewall system in cooperation with DNS and SDN applicable to NAT environment","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"セキュリティ・障害・キャンパスネットワーク","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2016-02-25","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京農工大学工学部情報工学科"},{"subitem_text_value":"岡山大学大学院自然科学研究科"},{"subitem_text_value":"東京農工大学大学院工学研究院"},{"subitem_text_value":"東京農工大学大学院工学研究院"},{"subitem_text_value":"岡山大学大学情報統括センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Department of Computer and Information Sciences, Tokyo University of Agriculture and Technology","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Natural Science and Technology, Okayama University","subitem_text_language":"en"},{"subitem_text_value":"Institute of Engineering, Tokyo University of Agriculture and Technology","subitem_text_language":"en"},{"subitem_text_value":"Institute of Engineering, Tokyo University of Agriculture and Technology","subitem_text_language":"en"},{"subitem_text_value":"Center for Information Technology and anagement, Okayama University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/157724/files/IPSJ-IOT16032039.pdf","label":"IPSJ-IOT16032039.pdf"},"date":[{"dateType":"Available","dateValue":"2018-02-25"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT16032039.pdf","filesize":[{"value":"906.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"523314d1-0140-480f-a586-eb8c1e3247e0","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2016 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"藤巻, 伶緒"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"大塚, 友和"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"山井, 成良"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"北川, 直哉"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岡山, 聖彦"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Reo, Fujimaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tomokazu, Otsuka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Nariyoshi, Yamai","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Naoya, Kitagawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kiyohiko, Okayama","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，組織外ネットワークから組織内ホストへ不正アクセスが後を絶たず，その対策は急務である．対策の一つとしてファイアウォール製品が広く用いられているが，線密な検査を行うと負荷が高くなり，スループットの低下を招く．これを回避するためには，管理者が信頼できる通信相手とそれ以外の相手を手動で設定する必要がある．我々はこれまでに，問い合わせ元のクライアントに応じて，動的にファイアウォールの検査内容を決定するシステムを提案した．この手法は，通信の殆どが，事前にDNSによる名前解決を行う点に着目し，DNSキャッシュサーバにクライアントのIPアドレスを通知する機構を組み込むことで実現した．しかし，NATルータを用いた環境では，クライアントのIPアドレスがグローバルIPアドレスに変換されて通信を行った場合，検査内容の決定が不可能になるという問題があった．本論文では，DNSキャッシュサーバから通知されるクライアントのIPアドレスを，変換後のグローバルIPアドレスに書換える機能を実装することで，NATルータを用いた環境に対応する手法について述べる．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Recent years, unauthorized accesses from the external network to the internal host are sharply increasing. Although many firewall products are widely utilized as one of the countermeasures, its throughput decreases when it perform detailed inspection of packets. In order to prevent this problem, administrator must configure manually whether the communication partner is reliable or not. In the past, we have proposed a system for determining the dynamic examination content in accordance with the inquiring client. This method focused on the point that the most kinds of communication performs a name resolution using DNS in advance, and this system has achieved by notifying the client IPaddress to the DNS cache server. However, this system cannot determine the inspection content when a client IPaddress is converted into a global IP address. In this paper, we describe about a system that corresponds to the environment using a NAT router by using the function of rewriting from the client IPaddress to the converted global IPaddress.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2016-02-25","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"39","bibliographicVolumeNumber":"2016-IOT-32"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:31:36.004715+00:00","id":157724,"links":{}}