{"id":178459,"updated":"2025-01-20T05:06:32.036551+00:00","links":{},"created":"2025-01-19T00:47:48.332868+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00178459","sets":["1164:6389:9100:9101"]},"path":["9101"],"owner":"11","recid":"178459","title":["HTTP通信に着目したDeepLearningに基づくマルウェア感染端末検知手法と検知性能評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2017-03-06"},"_buckets":{"deposit":"3a1333bc-ad82-43ff-9d11-868b384df2a3"},"_deposit":{"id":"178459","pid":{"type":"depid","value":"178459","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"HTTP通信に着目したDeepLearningに基づくマルウェア感染端末検知手法と検知性能評価","author_link":["382268","382264","382261","382272","382271","382273","382267","382263","382265","382269","382262","382266","382274","382270"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"HTTP通信に着目したDeepLearningに基づくマルウェア感染端末検知手法と検知性能評価"},{"subitem_title":"Deep Learning approach for Detecting Malware Infected Host and Detection Performance Evaluation with HTTP Traffic","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"Network Security","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2017-03-06","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"NTTセキユアプラツトフオーム研究所"},{"subitem_text_value":"NTTセキユアプラツトフオーム研究所"},{"subitem_text_value":"NTTセキユアプラツトフオーム研究所"},{"subitem_text_value":"NTTセキユアプラツトフオーム研究所"},{"subitem_text_value":"NTTセキユアプラツトフオーム研究所"},{"subitem_text_value":"東京大学情報基盤センター"},{"subitem_text_value":"東京大学情報基盤センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"Information Technology Center, The University of Tokyo","subitem_text_language":"en"},{"subitem_text_value":"Information Technology Center, The University of Tokyo","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/178459/files/IPSJ-SPT17022009.pdf","label":"IPSJ-SPT17022009.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SPT17022009.pdf","filesize":[{"value":"1.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"6d3dc7e3-be54-423c-b704-4d3d3e77a368","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2017 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"西山, 泰史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"熊谷, 充敏"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岡野, 靖"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"神谷, 和憲"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"谷川, 真樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岡田, 和也"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"関谷, 勇司"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Taishi, Nishiyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Atsutoshi, Kumagai","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yasushi, Okano","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazunori, Kamiya","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masaki, Tanikawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazuya, Okada","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yuji, Sekiya","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12628305","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8671","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェア感染に起因するインシデントを防ぐためには事前に感染を防ぐことが最善策である． しかし，現実には攻撃者の手により様々な新種 ・ 亜種のマルウェアが大量に生産されているため，対策が追いついていないのが現状である．そのため，マルウェア感染を防ぐ入口対策だけでなく，感染後できるだけすみやかに感染した端末を発見し，被害を拡大させない出口対策の重要性が高まっている．出口対策の手段としては，機械学習を用いて HTTP 通信ログを分析することで，マルウェアに感染した端末を検知する方式が有効である．本稿では，機械学習手法の一つである Deep Learning に着目し，それを実際の HTTP 通信ログに適用して評価実験を行った．また，その結果を従来の機械学習手法である LogisticRegression を用いた場合と比較した．その結果，誤検知率が 1% 以下となるように閾値を調整したときの検知率の値を約7％改善するなど，Deep Learning による手法の優位性を示すことができた．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Preventive measures are generally important to stop the occurrence of a security incident caused by malware. However, it is common case that unknown malware slip through the preventive measures, because new or variant type of malware are produced on a large scale by attackers. Therefore, second-best way is to correctly detect malware infected-hosts, and to block malicious communication as soon as possible- in fact, the importance of detecting infected terminal strategy is thus increasing. For detecting infected-hosts, it is important to analyze logs taken inside the network to trace malware activity. In this paper, we propose a method of detecting infected hosts using Deep Learning and analyzing HTTP traffic logs. Through our evaluations, we demonstrate the superiority of Deep Learning based approach in comparison to a conventional Logistic Regression based approach. Especially, our evaluation result shows that TPR1%- TPR when threshold is adjusted so that FPR is less than 1%- of our Deep Learning based approach is better in 7% than Logistic Regression based approach.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告セキュリティ心理学とトラスト（SPT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2017-03-06","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"2017-SPT-22"}]},"relation_version_is_last":true,"weko_creator_id":"11"}}