{"updated":"2025-01-20T06:00:51.766906+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00176062","sets":["1164:3925:8483:8975"]},"path":["8975"],"owner":"11","recid":"176062","title":["エントロピーを用いた初期侵入段階におけるRATの通信検知手法の考察"],"pubdate":{"attribute_name":"公開日","attribute_value":"2016-11-24"},"_buckets":{"deposit":"7ed0dd23-a342-4a33-adbd-b4ba9fc33cf4"},"_deposit":{"id":"176062","pid":{"type":"depid","value":"176062","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"エントロピーを用いた初期侵入段階におけるRATの通信検知手法の考察","author_link":["369273","369272","369274","369270","369271","369276","369277","369269","369268","369275"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"エントロピーを用いた初期侵入段階におけるRATの通信検知手法の考察"},{"subitem_title":"A RAT detection method by using packet entropy on early intrusion stage","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2016-11-24","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"奈良先端科学技術大学院大学情報科学研究科"},{"subitem_text_value":"東京工業大学情報理工学院"},{"subitem_text_value":"奈良先端科学技術大学院大学情報科学研究科／東京電機大学"},{"subitem_text_value":"奈良先端科学技術大学院大学総合情報基盤センター"},{"subitem_text_value":"奈良先端科学技術大学院大学総合情報基盤センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of information, Nara Institute of Science and Technology","subitem_text_language":"en"},{"subitem_text_value":"School of Computing, Tokyo Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of information, Nara Institute of Science and Technology / Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Information Initiative Center, Nara Institute of Science and Technology","subitem_text_language":"en"},{"subitem_text_value":"Information Initiative Center, Nara Institute of Science and Technology","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/176062/files/IPSJ-CSEC16075006.pdf","label":"IPSJ-CSEC16075006.pdf"},"date":[{"dateType":"Available","dateValue":"2018-11-24"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC16075006.pdf","filesize":[{"value":"741.3 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"1cc58a74-1b88-4ad4-a2c9-92eb28718321","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2016 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"宇野, 真純"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"石井, 将大"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"猪俣, 敦夫"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"新井, イスマイル"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"藤川, 和利"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Masumi, Uno","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masahiro, Ishii","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Atsuo, Inomata","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ismail, Arai","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazutoshi, Fujikawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Remote Access Trojan / Tool (RAT) とは標的型攻撃の初期侵入段階においてまず用いられる遠隔操作を可能にするツールである．標的型攻撃の検知においては，情報探索から端末制御段階までに RAT の通信を検知することが有用とされている．先行研究 [1] では，抽出された特徴が短期間の通信パケットであることから正常なアプリケーションとの区別が困難であることや，特定の通信プロトコルを使うことのみ想定した場合など環境に依存することがあるため，検知の条件を回避するための偽装が容易であること等の問題が存在する．本研究では，ある特定の通信プロトコルを用いるなどの制約された環境に依存せず，初期の侵入段階における RAT 通信の検知を目的とする．具体的には，先行研究で用いられた In / Out bound 通信のパケット数やバイト数などの複数の特徴に加え，通信パケットから新たにエントロピーを計算して特徴とした検知手法を提案する．エントロピーを用いることにより，限定された環境に依存しないなどの理由から限定した条件の回避による偽装が困難となる．さらに，本研究では RAT が確立した C & C サーバとの通信トラフィックのパケットの特徴より，攻撃者が行動を開始するまでの間の RAT 通信のエントロピーは小さくなると仮定し，検知においてエントロピーが示す情報が有用であることを示す．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Confidential information leaked accidentally by targetted attacks causes a serious social issue. In targeted attacks, Remote Access Trojan / tool (RAT) is mainly used. It is important to detect the RAT activity on intrusion stage to minimize damage by the attack. The detection of the RAT is getting more and more difficult with technological advance. Previous studies can not detect RAT which uses various kinds of protocols and they cannot detect advanced RAT. In this study, we aim to detect an early intrusion stage of RAT communication. This study uses packet entropy of the communication.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2016-11-24","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"6","bibliographicVolumeNumber":"2016-CSEC-75"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:45:46.529396+00:00","id":176062,"links":{}}