{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00192110","sets":["6164:6165:6462:9599"]},"path":["9599"],"owner":"44499","recid":"192110","title":["STIX2.0/TAXII2.0を用いたインディケータの自動収集と攻撃検知の自動化"],"pubdate":{"attribute_name":"公開日","attribute_value":"2018-10-15"},"_buckets":{"deposit":"e3291864-7ca6-473e-9db3-d2150fdc2700"},"_deposit":{"id":"192110","pid":{"type":"depid","value":"192110","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"STIX2.0/TAXII2.0を用いたインディケータの自動収集と攻撃検知の自動化","author_link":["446591","446593","446595","446592","446594","446596"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"STIX2.0/TAXII2.0を用いたインディケータの自動収集と攻撃検知の自動化"},{"subitem_title":"Automated Indicators Collection and Attack Detection Using STIX2.0/TAXII2.0","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"標的型攻撃，STIX，TAXII，Elastic Stack，インディケータ","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2018-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京大学情報学環セキュア情報化社会研究グループ"},{"subitem_text_value":"東京大学情報学環セキュア情報化社会研究グループ"},{"subitem_text_value":"東京大学情報学環セキュア情報化社会研究グループ"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"The University of Tokyo, Secure Information Society Research Group","subitem_text_language":"en"},{"subitem_text_value":"The University of Tokyo, Secure Information Society Research Group","subitem_text_language":"en"},{"subitem_text_value":"The University of Tokyo, Secure Information Society Research Group","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/192110/files/IPSJCSS2018015.pdf","label":"IPSJCSS2018015.pdf"},"date":[{"dateType":"Available","dateValue":"2020-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2018015.pdf","filesize":[{"value":"1.9 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"d980e24f-eb8f-4c83-8506-de23e7771b42","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2018 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"藤本, 万里子"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"松田, 亘"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"満永, 拓邦"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Mariko, Fujimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Wataru, Matsuda","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takuho, Mitsunaga","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"ドメイン名や IP アドレスなどの C2 サーバの情報は標的型攻撃を検知するための有用な手がかりとなる．近年，情報共有が世界中で進んでおり，インディケータの取り扱いの自動化のために，脅威情報の標準記述形式である STIX や，STXI を交換するための仕様である TAXII の普及が進んでいる．共有された情報，いわゆるインディケータの活用局面として，過去に発生した攻撃を検知すること，および将来的に発生しうる攻撃に備えて利用することが挙げられる．STIX を活用した効果的な検知のためには，適切なタイミングで STIX 形式のインディケータを受信し，組織のログを突合する必要がある．本研究では，TAXII を用いて，STIX 2.0 形式のインディケータを自動的に収集し，オープンソースのログ分析エンジンである Elastic Stack 上でプロキシログと突合することで，攻撃を効率的に検知する手法を提案する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In detection of targeted attacks, indicators such as C2 server and IP address information can be useful. Information sharing scheme has been developed globally during the past years. A standardized format for describing cyber threat information called STIX, and transport mechanism for STIX called TAXII are getting popular to automate indicator handling.Shared information, in other words practical use of indicators serves two purposes: detecting malicious communication that occurred in the past and preparing for future attacks. For effective detection utilizing STIX, it is necessary to collect STIX format indicators in a timely manner and compare them with logs in the organization.In this research, we propose an effective method which collects STIX 2.0 indicators automatically with TAXII,  compares indicators with proxy logs, and analyzes them on Elastic Stack, an open source log analysis engine.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"106","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2018論文集"}],"bibliographicPageStart":"101","bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2018"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":192110,"updated":"2025-01-20T00:18:09.715539+00:00","links":{},"created":"2025-01-19T00:57:52.258328+00:00"}