{"created":"2026-02-16T07:18:36.284562+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02007392","sets":["1164:4088:1771221559804:1771221642894"]},"path":["1771221642894"],"owner":"80578","recid":"2007392","title":["コモディティ技術による動的ネットワーク分離制御方式"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2026-02-24"},"_buckets":{"deposit":"50941972-5a52-4ff5-94bc-f3103393bb36"},"_deposit":{"id":"2007392","pid":{"type":"depid","value":"2007392","revision_id":0},"owners":[80578],"status":"published","created_by":80578},"item_title":"コモディティ技術による動的ネットワーク分離制御方式","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"コモディティ技術による動的ネットワーク分離制御方式","subitem_title_language":"ja"},{"subitem_title":"Dynamic Network Isolation Control Based on Commodity Technologies","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"IA","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2026-02-24","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"大阪大学D3センター"},{"subitem_text_value":"京都大学学術情報メディアセンター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"D3 Center, The University of Osaka","subitem_text_language":"en"},{"subitem_text_value":"Academic Center for Computing and Media Studies, Kyoto University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2007392/files/IPSJ-IOT26072015.pdf","label":"IPSJ-IOT26072015.pdf"},"date":[{"dateType":"Available","dateValue":"9999-01-01"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT26072015.pdf","filesize":[{"value":"1.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"5d1267ba-2b77-433c-8a5b-a705d1818c21","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2026 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大平,健司"}]},{"creatorNames":[{"creatorName":"小谷,大祐"}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kenji Ohira","creatorNameLang":"en"}]},{"creatorNames":[{"creatorName":"Daisuke Kotani","creatorNameLang":"en"}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"サイバー攻撃発生時に「完全遮断」だけを行うと，被害拡大は抑えられても業務停止に直結する．一方で，攻撃状況を見誤って過度に通信を許容すると，横展開（lateral movement）等により被害が連鎖する．本稿では，コモディティ技術のみを用いて，攻撃下での業務継続性を高めるためのネットワーク制御方式を検討する．コモディティ技術のみを用いることで，既設ネットワークへの影響を抑えた導入，マルチベンダ環境での相互運用，運用要員に求めるスキルセットの抑制，挙動の追跡や説明などが可能になるものと考えられる．具体的には，端末・機器単位で仮想ネットワーク（典型的にはVLAN）を割り当てる構成を前提に，IEEE 802.1X認証とRADIUSによるDynamic VLANで対象機器を隔離用VLANへ即時に接続変更し，隔離ネットワークと通常ネットワーク間の通信を802.1Qタグ書換え（VLAN変換）機能を持つVLANブリッジで選択的に橋渡しする段階的制御を提案する．GNS3上にPoC環境を構築し，FreeRADIUSにより端末識別（ユーザ名・パスワード・MACアドレス）とVLAN割当を行い，VLANブリッジでは通常側VLANを収容するインタフェースと隔離側VLANを収容するインタフェースを分離し，隔離VLAN側にL2/L3/L4 ACLを適用して必要最小通信のみを許可する試作を実装した．提案方式の設計思想，制御の粒度，運用上の要点，ならびに今後の評価方針を示す．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Naive “full isolation” upon cyber incidents often prevents damage propagation but may immediately halt essential operations. Conversely, excessive connectivity under uncertainty can accelerate lateral movement and cascading failures. This paper studies a practical network control scheme to enhance operational continuity under cyber attacks, considering limited budget and scarcity of expert operators. Assuming per-device virtual networks (typically VLANs), we propose staged isolation control: (1) instant reattachment of suspicious devices to a pre-provisioned quarantine VLAN via IEEE 802.1X authentication and RADIUS-based Dynamic VLAN, and (2) selective bridging between quarantine and original segments through a VLAN-bridge device. We implement a proof-of-concept on GNS3 where FreeRADIUS performs device identification (username/password/MAC) and VLAN assignment, while IEEE 802.1Q tag translation and L2/L3/L4 ACLs on the bridge switch control permitted communications (ingress ACLs on the quarantine side). We describe the design rationale, control granularity, operational considerations, and an evaluation plan.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2026-02-24","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"15","bibliographicVolumeNumber":"2026-IOT-72"}]},"relation_version_is_last":true,"weko_creator_id":"80578"},"id":2007392,"updated":"2026-02-16T07:50:06.463425+00:00","links":{}}