{"updated":"2025-01-20T00:02:52.450827+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00192677","sets":["6164:6165:6244:9615"]},"path":["9615"],"owner":"44499","recid":"192677","title":["ブラックリストに基づく検出の効率化に向けた悪性DNSクエリ分類手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2018-11-29"},"_buckets":{"deposit":"fc7b4acc-50db-4148-a025-77f1ea44fa19"},"_deposit":{"id":"192677","pid":{"type":"depid","value":"192677","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"ブラックリストに基づく検出の効率化に向けた悪性DNSクエリ分類手法","author_link":["450291","450294","450297","450292","450295","450293","450296","450299","450298","450300"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ブラックリストに基づく検出の効率化に向けた悪性DNSクエリ分類手法"},{"subitem_title":"A Malicious DNS Query Clustering Approach for Blacklists based Detection","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"セキュリティ検知・分析","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2018-11-29","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"九州工業大学"},{"subitem_text_value":"九州工業大学"},{"subitem_text_value":"九州工業大学"},{"subitem_text_value":"九州工業大学"},{"subitem_text_value":"九州工業大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kyushu Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Kyushu Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Kyushu Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Kyushu Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Kyushu Institute of Technology","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/192677/files/IPSJ-IOTS2018021.pdf","label":"IPSJ-IOTS2018021.pdf"},"date":[{"dateType":"Available","dateValue":"2020-11-29"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOTS2018021.pdf","filesize":[{"value":"1.4 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"593c62ff-30ed-4b4a-9370-a93a473ac756","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2018 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"佐藤, 彰洋"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"中村, 豊"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"小倉, 光貴"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"野林, 大起"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"池永, 全志"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Akihiro, Satoh","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yutaka, Nakamura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Mitsutaka, Ogura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daiki, Nobayashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takeshi, Ikenaga","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェアはインターネットにおける重大な脅威のひとつである．ネットワーク内の感染端末を検出するためには，ブラックリストを利用した通信の監視が一般的である．しかしながら，ブラックリストに基づく検出は，(1) ブラックリストは必ず幾つかの誤りを含むこと，(2) 検出結果の正誤の判断が困難であることが問題となる．本稿では，ブラックリストによる検出結果の効率的な分析のため，悪性 DNS クエリ分類手法を提案する．本手法は，従来のドメイン文字列による表層的な類似性に基づく分類とは異なり，悪性クエリとそれに付随するクエリ群が潜在的に示す原因に基づく分類を実現する．実験により，ブラックリストにより検出された 388 のクエリを 3 のクラスタに分類できること，各クラスタが共通の原因のクエリのみで構成されることを確認した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Malware is some of the most serious threats to network security. One common way for detecting infected machines in a network is by monitoring communications based on blacklists. However, the detection is problematic in that (1) none of the blacklists is completely reliable, and (2) a blacklist doesn't provide the sufficient evidence to determine the validity and accuracy of detection results. In this paper, we propose a malicious DNS query clustering approach for blacklists based detection. Unlike conventional classification based on the superficial similarity of character strings in domain names, our approach realizes cause-based classifications latently indicated by malicious queries and their accompanying queries. In experiments, we confirmed that this approach could classify the 388 malicious queries detected through blacklists into the 3 clusters consisting of queries with common cause.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"105","bibliographic_titles":[{"bibliographic_title":"インターネットと運用技術シンポジウム論文集"}],"bibliographicPageStart":"100","bibliographicIssueDates":{"bibliographicIssueDate":"2018-11-29","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2018"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T00:58:22.408471+00:00","id":192677,"links":{}}