@techreport{oai:ipsj.ixsq.nii.ac.jp:00194813,
 author = {南, 辰典 and 青木, 茂樹 and 宮本, 貴朗 and Tatsunori, Minami and Shigeki, Aoki and Takao, Miyamoto},
 issue = {4},
 month = {Feb},
 note = {近年，標的型攻撃による被害が深刻化している．標的型攻撃はシグネチャベースによる事前対策だけでは検出が困難なため，マルウェアに感染した後の感染端末の早期発見が重要視されている．感染端末は感染前と感染後では異なる通信をするため，感染前の端末の通信ログを学習することで，動きの違いを検知できると考えられる．そこで本稿では，感染前の端末の通信ログを学習し，不審な動きを検出する手法を提案する．本手法では，端末毎の Firewall ログと Proxy ログに Doc2vec を適用してパラグラフベクトルを抽出し，そのベクトルを One-Class SVM で学習して外れ値を検出することで，不審な動きを検出する．, APT (Advanced Persistent Threat) attacks has become serious problem in the world. Attackers infect targeted hosts with malware and remotely control them. The Attackers investigate network to which the infected hosts belong using their hosts before stealing confidential information. The infected hosts that operated by the attackers behave differently than before malware infection. Such behaviors are recorded to network log. Thus, we thought that we can detect different behaviors by learning the network log of before infection. In this paper, we propose a method to detect malware infected hosts by learning the behaviors from the network log of the hosts before infection. In this method, we learn behaviors before infection from firewall log and proxy server log using Doc2vec. Further, we detect malware infected hosts by learning the vectors using One-Class SVM and detecting outliers.},
 title = {Doc2vecによるパラグラフベクトルを用いたマルウェア感染端末の検出},
 year = {2019}
}