{"created":"2025-01-19T00:47:47.888010+00:00","updated":"2025-01-20T05:06:23.006831+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00178451","sets":["1164:6389:9100:9101"]},"path":["9101"],"owner":"11","recid":"178451","title":["ポットによるスキャン及びブルートフォース活動のクラスタリング手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2017-03-06"},"_buckets":{"deposit":"c6c2f5c1-f4c1-42fd-8105-82f666bd89e3"},"_deposit":{"id":"178451","pid":{"type":"depid","value":"178451","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"ポットによるスキャン及びブルートフォース活動のクラスタリング手法","author_link":["382198","382206","382209","382207","382202","382210","382200","382201","382205","382204","382211","382208","382203","382199"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ポットによるスキャン及びブルートフォース活動のクラスタリング手法"},{"subitem_title":"Clustering of Bot Port Scan and Brute-force Activities","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"Network Security","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2017-03-06","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"日本電信電話株式会社セキユアプラツトフオーム研究所"},{"subitem_text_value":"日本電信電話株式会社セキユアプラツトフオーム研究所"},{"subitem_text_value":"日本電信電話株式会社セキユアプラツトフオーム研究所"},{"subitem_text_value":"日本電信電話株式会社セキユアプラツトフオーム研究所"},{"subitem_text_value":"日本電信電話株式会社セキユアプラツトフオーム研究所"},{"subitem_text_value":"名古屋大学情報基盤センター"},{"subitem_text_value":"国立情報学研究所アーキテクチャ科学研究系"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Secure Platform Laboratories, Nippon Telegraph and Telephone Corporation","subitem_text_language":"en"},{"subitem_text_value":"Secure Platform Laboratories, Nippon Telegraph and Telephone Corporation","subitem_text_language":"en"},{"subitem_text_value":"Secure Platform Laboratories, Nippon Telegraph and Telephone Corporation","subitem_text_language":"en"},{"subitem_text_value":"Secure Platform Laboratories, Nippon Telegraph and Telephone Corporation","subitem_text_language":"en"},{"subitem_text_value":"Secure Platform Laboratories, Nippon Telegraph and Telephone Corporation","subitem_text_language":"en"},{"subitem_text_value":"Information Technology Center, Nagoya Univercity","subitem_text_language":"en"},{"subitem_text_value":"Information Systems Architecture Science Research Division, National Institute of Informatics","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/178451/files/IPSJ-SPT17022001.pdf","label":"IPSJ-SPT17022001.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SPT17022001.pdf","filesize":[{"value":"1.4 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"8a46bb01-e7c6-4875-93f3-4d4c45aa5f70","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2017 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"荒木, 翔平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"胡, 博"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"永渕, 幸雄"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"小山, 高明"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"三好, 潤"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"嶋田, 創"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高倉, 弘喜"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shohei, Araki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Bo, Hu","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yukio, Nagafuchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takaaki, Koyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Jun, Miyoshi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hajime, Shimada","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroki, Takakura","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12628305","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8671","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"IoT デバイスを狙った攻撃が急速に広まっており，2016 年 9 月には Mirai と呼ばれるマルウエアが猛威を振るった．このようなマルウェアの活動を抑止し，早期対策するためにはマルウェアの活動を把握することが重要である．そこで，本稿ではトラフィックデータに対して，前処理にて着目すべきポートを決定し，そのポートに関連したトラフイックデータのみに絞り込み，クラスタリングを行うことによって，ポットに感染してスキャンなどを行っているホスト群を抽出する手法を提案する．この提案手法によって，ポットごとの通信特徴を把握することが可能となり，優先的に対処すべきマルウェアの活動の判断を支援する．実験により，ホスト群の疑わしい活動を傭撒的に分析し，高精度にてポットの分類ができていることを示した．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Cyber-attacks targeting loT devices are rapidly spreading. In September 2016, malware called Mirai caused great damages onto the Internet. It is important to clarify malware activities for early-stage measures. In this paper, we propose a clustering method of extracting host groups suspected of similar malware infection. The proposed method decide a high priority port number for narrowing down traffic data efficiently, and then perform clustering for extracting malicious host groups behaving in similar ways. Our proposal can facilitate decision-making of security operators for counter measures in an early stage. In experiment, we showed a holistic view of malicious activities from different host groups and high accuracy achieved by our classification.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告セキュリティ心理学とトラスト（SPT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2017-03-06","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"1","bibliographicVolumeNumber":"2017-SPT-22"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":178451,"links":{}}