{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00177497","sets":["581:8997:8999"]},"path":["8999"],"owner":"11","recid":"177497","title":["マルウェアによるネットワーク内の挙動を利用した標的型攻撃における感染経路検知ツールの開発と評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2017-02-15"},"_buckets":{"deposit":"3330f945-d2c4-4a35-a5bc-63a68730999a"},"_deposit":{"id":"177497","pid":{"type":"depid","value":"177497","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"マルウェアによるネットワーク内の挙動を利用した標的型攻撃における感染経路検知ツールの開発と評価","author_link":["376775","376774","376772","376779","376780","376773","376776","376781","376777","376778"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"マルウェアによるネットワーク内の挙動を利用した標的型攻撃における感染経路検知ツールの開発と評価"},{"subitem_title":"A Development and Evaluation of an Infection Route Detecting Tool for Targeted Attacks Using Malware Behaviors in the Network","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集：ネットワークサービスと分散処理] セキュリティ，標的型メール攻撃，ログ分析，RDF","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2017-02-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京電機大学"},{"subitem_text_value":"株式会社日立製作所"},{"subitem_text_value":"株式会社日立製作所"},{"subitem_text_value":"株式会社日立製作所"},{"subitem_text_value":"東京電機大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/177497/files/IPSJ-JNL5802012.pdf","label":"IPSJ-JNL5802012.pdf"},"date":[{"dateType":"Available","dateValue":"2019-02-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5802012.pdf","filesize":[{"value":"2.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"986cc23f-3dce-4787-b464-70bab0d842f5","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2017 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"佐藤, 信"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"杉本, 暁彦"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"林, 直樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"磯部, 義明"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"佐々木, 良一"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Makoto, Sato","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akihiko, Sugimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Naoki, Hayashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoshiaki, Isobe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ryoichi, Sasaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"標的型攻撃は攻撃対象のネットワーク内のすべての端末に影響を及ぼしうる．攻撃検知時には，その感染原因の調査を迅速に行わないと感染が拡大していく恐れがある．そのためには，一端末内の挙動解析だけでなく各端末の挙動を組み合わせて解析する必要がある．その際には内部侵入・調査段階における攻撃挙動が重要だが，これに着目した研究は少ない．そこで，本論文では標的型攻撃の内部侵入・調査段階の攻撃挙動に焦点をあて，プロセスレベルで感染経路を検知する手法を提案する．これにより従来のような不審ファイルの移動の検知だけでは明らかにならなかったマルウェアの挙動も含めた追跡が可能となると考えられる．そのために，内部侵入・調査段階で用いられるツールのプロセスと通信試行をプロセスログ記録ツールOnmitsuで解析し，その特徴を調査する．また，各端末の挙動を組み合わせて解析するために，ログと端末間の関係をオントロジで表現し統合化した．実験により，5次感染までの感染経路がプロセスレベルで追跡でき，オントロジを用いることで従来の場合と比べ検知時間が約1/24となることを確認した．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"A targeted attack affects all terminals in an attacked network. When the attack was detected, it is necessarily to quickly investigate the cause of infection because the infection is likely to expand. Therefore, it is necessary to analyze the event information for each terminal in the network as well as all event information within the terminal. Moreover, it is important that observables of the attack in the penetration/exploration phase of targeted attacks, but few studies have focused on the observables. In the present paper, we propose a method for detecting the route of infection at the process level that focus on the observables. Thereby, we expected that it is possible to tracing of the infection route considering observables of a malware that did not reveal just conventional detection method of suspicious file transfer. Then, we investigate the characteristic of the attack tools used in the penetration/exploration phase by analyzing the process and a communication attempt associated with the process using the Onmitsu of the process logging tool. We integrate logs and relationships between terminals with ontology to analyze the event information for each terminal. We confirmed the ability to detect the infection route at the process level in five primary infection, and the detection time is about 1/24 compared to the conventional method.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"374","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"366","bibliographicIssueDates":{"bibliographicIssueDate":"2017-02-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"58"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":177497,"updated":"2025-01-20T05:26:38.488729+00:00","links":{},"created":"2025-01-19T00:47:03.168721+00:00"}