{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00192155","sets":["6164:6165:6462:9599"]},"path":["9599"],"owner":"44499","recid":"192155","title":["リモート型シェルコードのエミュレーションによる攻撃成否判定手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2018-10-15"},"_buckets":{"deposit":"ee3af0f3-d33a-44fe-84be-37ee463546ba"},"_deposit":{"id":"192155","pid":{"type":"depid","value":"192155","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"リモート型シェルコードのエミュレーションによる攻撃成否判定手法","author_link":["446846","446856","446847","446854","446855","446849","446850","446848","446851","446845","446853","446844","446843","446852"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"リモート型シェルコードのエミュレーションによる攻撃成否判定手法"},{"subitem_title":"Detecting Successful Attacks Based on Emulation of Remote Shellcodes","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"アラート検証，シェルコード，IDS，エミュレーション","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2018-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"NTTセキュアプラットフォーム研究所／京都大学大学院情報学研究科"},{"subitem_text_value":"NTTセキュアプラットフォーム研究所"},{"subitem_text_value":"NTTセキュアプラットフォーム研究所"},{"subitem_text_value":"NTTセキュアプラットフォーム研究所"},{"subitem_text_value":"京都大学学術情報メディアセンター"},{"subitem_text_value":"国立情報学研究所アーキテクチャ科学研究系"},{"subitem_text_value":"京都大学学術情報メディアセンター"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"NTT Secure Platform Laboratories / Graduate School of Informatics, Kyoto University","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"Academic Center for Computing and Media Studies, Kyoto University","subitem_text_language":"en"},{"subitem_text_value":"Information Systems Architecture Science, National Institute of Informatics","subitem_text_language":"en"},{"subitem_text_value":"Academic Center for Computing and Media Studies, Kyoto University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/192155/files/IPSJCSS2018060.pdf","label":"IPSJCSS2018060.pdf"},"date":[{"dateType":"Available","dateValue":"2020-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2018060.pdf","filesize":[{"value":"547.0 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2dec1bed-2ecd-4e10-bdec-907f3fa4e475","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2018 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"鐘本, 楊"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"青木, 一史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岩村, 誠"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"三好, 潤"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"小谷, 大祐"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高倉, 弘喜"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岡部, 寿男"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yo, Kanemoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazufumi, Aoki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Makoto, Iwamura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Jun, Miyoshi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Kotani","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroki, Takakura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yasuo, Okabe","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"外部に公開しているサーバは攻撃者からアクセスしやすく，攻撃が頻発しているのが現状である．サーバ管理者や SOC アナリストは IDS から攻撃を示すアラートを受け取り，侵害があったか否かを確認する．攻撃が頻発する現在では通知されるアラートも大量にあるため，迅速に侵害があったアラートを発見することが難しい．本稿では攻撃に利用されるシェルコードに着目し，シェルコードをエミュレーションした際に発生する通信の挙動を基に攻撃の成否を判定する手法を提案する．攻撃の成否を判定することで，侵害につながる重要なアラートを迅速に発見する．実験により，通信機能を有するシェルコードに対して 60.0% 以上の精度で成否判定できること，およびセキュリティコンテストの通信に適用し，得られた効果を示す．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Public servers are easily accessible to attackers, and attacks occur frequently.Server administrators and SOC analysts receive alerts from IDS and check whether attacks are succeeded.However, due to the large number of alerts, it is difficult to handle them quickly.In this paper, we focus on the shellcodes used for attacks.We propose a method to determine the success or failure of an attack based on the behavior of communication of shellcodes.The proposed method discriminates important alerts that lead to compromise.Experiment shows that proposed method can deal with more than 60.0% of shellcodes and can handle practical attack cases.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"432","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2018論文集"}],"bibliographicPageStart":"425","bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2018"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"updated":"2025-01-20T00:16:56.156739+00:00","created":"2025-01-19T00:57:54.725237+00:00","links":{},"id":192155}