{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00175762","sets":["6164:6165:6462:8948"]},"path":["8948"],"owner":"11","recid":"175762","title":["リクエスト間隔とレスポンスのボディサイズに基づくマルウェア感染由来のHTTPトラフィック検知"],"pubdate":{"attribute_name":"公開日","attribute_value":"2016-10-04"},"_buckets":{"deposit":"77e21c1d-e208-4016-a43a-2d3020a081da"},"_deposit":{"id":"175762","pid":{"type":"depid","value":"175762","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"リクエスト間隔とレスポンスのボディサイズに基づくマルウェア感染由来のHTTPトラフィック検知","author_link":["367635","367643","367633","367637","367639","367640","367634","367636","367641","367644","367638","367642"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"リクエスト間隔とレスポンスのボディサイズに基づくマルウェア感染由来のHTTPトラフィック検知"},{"subitem_title":"Malware Originated HTTP Traffic Detection Based on Request Interval and Response Body Size","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア，感染検知，トラフィック解析，機械学習","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2016-10-04","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"名古屋大学 大学院 情報科学研究科"},{"subitem_text_value":"名古屋大学 情報基盤センター"},{"subitem_text_value":"名古屋大学 情報基盤センター"},{"subitem_text_value":"国立情報学研究所"},{"subitem_text_value":"NTTセキュアプラットフォーム研究所"},{"subitem_text_value":"NTTセキュアプラットフォーム研究所"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Information Science, Nagoya University","subitem_text_language":"en"},{"subitem_text_value":"Information Technology Center, Nagoya University","subitem_text_language":"en"},{"subitem_text_value":"Information Technology Center, Nagoya University","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Informatics","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/175762/files/IPSJCSS2016062.pdf","label":"IPSJCSS2016062.pdf"},"date":[{"dateType":"Available","dateValue":"2018-10-04"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2016062.pdf","filesize":[{"value":"466.6 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"4504d029-c6f1-43a9-a28e-d81c79a8ba15","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2016 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"小川, 秀貴"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"山口, 由紀子"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"嶋田, 創"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高倉, 弘喜"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"秋山, 満昭"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"八木, 毅"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hideki, Ogawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yukiko, Yamaguchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hajime, Shimada","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroki, Takakura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Mitsuaki, Akiyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takeshi, Yagi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"昨今のサイバー攻撃は巧妙化しており，マルウェア感染を未然に防ぐことが困難となっている．したがって早期のマルウェア感染検知技術が重要となっている．昨今のマルウェアはファイアウォールやプロキシでの検知を回避するために，C&C 通信に業務等で使われている HTTP を使用したものが多く，検知が困難である．そこで本研究では，特に HTTP トラフィックを対象としたアノマリ型の検知手法を提案する．提案手法では HTTP の各通信先ごとにリクエスト送信間隔とレスポンスのボディサイズから特徴量を抽出し，SVM を用いてマルウェア感染由来かどうかの判定を行う．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Recent cyber attacks are sophisticated so that it is difficult to prevent malware infection. Therefore, early malware infection detection becomes more important. Moreover, latest malware utilizes HTTP which is widely used on business for avoiding detection by firewalls and proxies. It further makes malware infection detection harder with typical traffic analysis. In this study, we propose an anomaly detection method for malware originated HTTP traffic. In proposal, we judge HTTP traffic by SVM with utilizing newly extracted features such as HTTP request interval and response body size.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"415","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2016論文集"}],"bibliographicPageStart":"408","bibliographicIssueDates":{"bibliographicIssueDate":"2016-10-04","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2016"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":175762,"updated":"2025-01-20T06:11:13.767278+00:00","links":{},"created":"2025-01-19T00:45:29.941104+00:00"}