{"links":{},"id":185864,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00185864","sets":["581:9322:9324"]},"path":["9324"],"owner":"11","recid":"185864","title":["多数のWebサイトを対象とした攻撃の共起性に基づく悪性アクセス検知手法とその評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2018-02-15"},"_buckets":{"deposit":"cd26c8c3-866d-458c-8d1c-abbbcab7cf0f"},"_deposit":{"id":"185864","pid":{"type":"depid","value":"185864","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"多数のWebサイトを対象とした攻撃の共起性に基づく悪性アクセス検知手法とその評価","author_link":["414694","414693","414695","414696","414698","414697"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"多数のWebサイトを対象とした攻撃の共起性に基づく悪性アクセス検知手法とその評価"},{"subitem_title":"Detecting Malicious Access Based on Co-occurrence among Multiple Websites","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集：ネットワークサービスと分散処理] Webアクセスログ，ログ分析，ネットワーク監視","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2018-02-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"横浜国立大学／株式会社富士通研究所"},{"subitem_text_value":"横浜国立大学環境情報研究院/横浜国立大学先端科学高等研究院"},{"subitem_text_value":"横浜国立大学環境情報研究院/横浜国立大学先端科学高等研究院"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Yokohama National University / FUJITSU LABORATORIES LTD.","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Environment and Information Sciences and Institute of Advanced Sciences, Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Environment and Information Sciences and Institute of Advanced Sciences, Yokohama National University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/185864/files/IPSJ-JNL5902043.pdf","label":"IPSJ-JNL5902043.pdf"},"date":[{"dateType":"Available","dateValue":"2020-02-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5902043.pdf","filesize":[{"value":"2.8 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"e6d6f637-675a-4c23-a5ec-a5382b2bcb35","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2018 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"齊藤, 聡美"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"吉岡, 克成"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"松本, 勉"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Satomi, Saito","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsunari, Yoshioka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsutomu, Matsumoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"インターネットに公開されているWebサイトには，正規ユーザによるアクセスや検索エンジンによる情報収集目的のアクセス，攻撃を目的とした悪意あるアクセス等が日々到達している．我々は，複数Webサイトのアクセスログから，複数Webサイトに送信された悪意あるリクエストを抽出する手法を提案する．本稿では，Webアプリケーションの脆弱性の探索を目的としたリクエストや悪意あるコード挿入を行うリクエストで，送信されるURIにパターンが存在するリクエストを悪意あるリクエストとして抽出する．提案手法は，複数のWebサイトを管理するWebホスティングサービス管理者が，アクセスログの分析を行う際に適用することを想定し，これらのログにおけるアクセスの送信元IPアドレス，送信先ドメイン，URIの関係性を分析し，しきい値数以上のWebサイトに対して同一のURIを送信した送信元IPアドレスを攻撃元として抽出する．提案手法を，実際のWebホスティングサービスのアクセスログに適用した結果，攻撃元となったIPアドレスを誤検知なく抽出できるしきい値が存在することを示した．さらに，既存のオープンソースのIDS（Intrusion Detection System）およびWAF（Web Application Firewall）ではシグネチャが登録されておらず，検知できない攻撃についても提案手法では検知できる事例を確認した．提案手法は単体では見逃し率が高いため，既存の攻撃検知技術と併用することで効果が期待できる．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Websites on the internet accept requests with many kinds of purposes today. For example, normal users for getting contents, search engines for collecting websites properties, attackers for intruding web servers and etc. In this paper, we propose a method for extracting malicious requests from access log collected from multiple websites. We aim to the malicious requests with sending specific URI patterns. Those requests aim to searching vulnerable web applications and inserting malicious codes in those headers. We assume that our method is applied on a website hosting service provider who monitors his websites. Our method analyzes relations among source IP address, destination domain and URI from access log and extracts source IP Addresses who have co-occurrence between destination domains and sent URIs. Those IP addresses sent requests for multiple domains and the URIs are shared among such domains. We apply our method for real access log collected from website hosting service on our university. As a result, our method succeeded extracting malicious source IP addresses without false positives under the specific thresholds. Furthermore, we show malicious requests that cannot be detected by other detecting tools such as IDs (Intrusion Detection System) and WAF (Web Application Firewall). These tools have no signatures that can detect those requests. Our proposal method has high false negative ratio, so we expect that our method performs effectively combined with other detecting systems.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"590","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"574","bibliographicIssueDates":{"bibliographicIssueDate":"2018-02-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"59"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:52:56.019494+00:00","updated":"2025-01-20T02:48:54.915165+00:00"}