{"updated":"2025-01-20T06:36:19.660264+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00174660","sets":["581:8417:8427"]},"path":["8427"],"owner":"11","recid":"174660","title":["プロセス情報と関連づけた通信情報保全手法の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2016-09-15"},"_buckets":{"deposit":"f31bb510-6f34-46e4-bdbb-bd56d93842d7"},"_deposit":{"id":"174660","pid":{"type":"depid","value":"174660","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"プロセス情報と関連づけた通信情報保全手法の提案","author_link":["360348","360346","360347","360349"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"プロセス情報と関連づけた通信情報保全手法の提案"},{"subitem_title":"Proposal and Evaluation of the Preservation Method of the Network Packets Associated with Process Information","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集：社会の変革に挑戦するセキュリティ技術とプライバシー保護技術] WFP，Windows，Kernel Driver，Forensics，Logging","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2016-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京電機大学"},{"subitem_text_value":"東京電機大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/174660/files/IPSJ-JNL5709009.pdf","label":"IPSJ-JNL5709009.pdf"},"date":[{"dateType":"Available","dateValue":"2018-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5709009.pdf","filesize":[{"value":"906.9 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"ce8aa44b-4072-4e39-8e81-9715629740f7","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2016 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"三村, 聡志"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"佐々木, 良一"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Satoshi, Mimura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ryoichi, Sasaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"サイバー攻撃における原因調査では様々な情報を照らし合わせ，当時の状況を推測してタイムラインを作成し，原因の判定を行うことが必要となる．だが，情報には後から取得可能な情報以外に，揮発性情報と呼ばれる時間の経過にともなって情報の取得が困難になる情報が存在し，対象コンピュータの操作や電源断等によって簡単に消えてしまうという問題点がある．この問題に対処するために，著者らはプロセスの立ち上げや終了，そしてそのプロセスが接続を確立した接続先の情報を，安全にかつシステムにあまり負荷をかけずに記録する方式を提案する．さらに，著者らは，上記の手法を実現する等のために開発したOnmitsuと名付けたドライバプログラムについても報告する．このプログラムを実際の問題に適用することにより，このプログラムが目的を達成することが確認できた．本論文では，提案手法，開発したプログラム，適用結果，ならびにパフォーマンスに関する評価結果を報告する．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"For the cause investigation of cyber attack, the cause should be identified by using the timeline created from various information for estimating the status of the cyber attack moment. However, there is a problem that some information called “Volatile Information” will be lost easily by some operation to the computer or computer shutdown. To cope with the problem, the authors will propose a dedicated method for storing packet logs based on the communication, startup and closing log data of the process using Windows functions. In addition, we will report on a newly developed driver program called Onmitsu that can be used to implement the functions included in the proposed method. Based on the results of the application evaluation, it was confirmed that the program could effectively achieve the desired objectives. In this paper, the proposed method, the developed program, applied results, and the evaluation performance results are described.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1953","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1944","bibliographicIssueDates":{"bibliographicIssueDate":"2016-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"57"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:44:49.507735+00:00","id":174660,"links":{}}