{"updated":"2025-01-20T05:21:59.251707+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00177798","sets":["1164:4088:9073:9074"]},"path":["9074"],"owner":"11","recid":"177798","title":["エントロピーを用いた初期潜入段階におけるRemote Access Trojanの通信検知"],"pubdate":{"attribute_name":"公開日","attribute_value":"2017-02-24"},"_buckets":{"deposit":"841cd3c8-156f-4478-aee2-1ac17b8cbca7"},"_deposit":{"id":"177798","pid":{"type":"depid","value":"177798","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"エントロピーを用いた初期潜入段階におけるRemote Access Trojanの通信検知","author_link":["378463","378471","378469","378464","378470","378465","378468","378472","378467","378466"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"エントロピーを用いた初期潜入段階におけるRemote Access Trojanの通信検知"},{"subitem_title":"Network based detection of Remote Access Trojan communication by using packet entropy on early instruction stage","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"Security","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2017-02-24","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"奈良先端科学技術大学院大学情報科学研究科"},{"subitem_text_value":"東京工業大学情報理工学院"},{"subitem_text_value":"東京電機大"},{"subitem_text_value":"奈良先端科学技術大学院大学総合情報基盤センター"},{"subitem_text_value":"奈良先端科学技術大学院大学総合情報基盤センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Information Science, Nara Institute of Science and Technology","subitem_text_language":"en"},{"subitem_text_value":"School of Computing, Tokyo Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Information Initiative Center, Nara Institute of Science and Technology","subitem_text_language":"en"},{"subitem_text_value":"Information Initiative Center, Nara Institute of Science and Technology","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/177798/files/IPSJ-IOT17036009.pdf","label":"IPSJ-IOT17036009.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT17036009.pdf","filesize":[{"value":"391.4 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"e30170f2-7c1c-4790-a583-908545522a4e","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2017 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"宇野, 真純"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"石井, 将大"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"猪俣, 敦夫"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"新井, イスマイル"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"藤川, 和利"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Masumi, Uno","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masahiro, Ishii","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Atsuo, lnomta","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ismail, Arai","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazutoshi, Fujikawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"標的型攻撃の検知においては，初期侵入段階から端末制御段階までに Remote Access Trojan / Tool (RAT) の通信を検知することが有用とされている．しかし，標的型攻撃の検知における先行研究は，制御段階までに得られる情報を用いて検知が出来ないことや，抽出された特徴が短期間の通信パケットであるために正常なアプリケーションとの区別が困難であること，特定の通信プロトコルを使うことのみ想定した場合など環境に依存するために検知の条件を回避する偽装が容易であること等の問題が存在する．本研究では初期侵入段階から端末制御段階までの間に RAT の通信を検知することを目的とする．先行研究で用いられた In / Out-bound 通信のパケット数やバイト数などの複数の特徴に加え，RAT が通信を確立した際の C&C サーバとの通信トラフイックの通信パケットから新たにエントロピーを計算して新たに特徴とした検知手法を提案する．提案手法に対して k- 分割交差検定を行い，RAT の通信と正常なアプリケーションの通信の分類実験を行った結果，96.2% の高い精度と 1.6% の低い偽陽性を得られた．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Confidential information have been leaked accidentally by targetted attacks. Remote Access Trojan/tool (RAT) is mainly used in such attacks. It is therefore important to detect the RAT activity on intrusion stage to minimize damage by the attack. The detection of the RAT is getting more and more difficult with technological advance. Advanced RATs which use various kinds of protocols cannot be detected with conventional methods. In this study, we provide a method to detect an early intrusion stage of RAT communication by using network features of packet entropy of the communication. We use several supervised machine learning algorithms and K-fold cross validation technique to validate using features of packet entropy. From our experimental results, we report that our approach cant detect RAT sessions with the high accuracy 96.2% and the low false positive rate of 1.6%.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2017-02-24","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"2017-IOT-36"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:47:13.563402+00:00","id":177798,"links":{}}