{"links":{},"id":2007395,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02007395","sets":["1164:4088:1771221559804:1771221642894"]},"path":["1771221642894"],"owner":"80578","recid":"2007395","title":["振る舞いに着目したダークネット上の調査目的スキャナの判定手法の提案"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2026-02-24"},"_buckets":{"deposit":"1f5f5d3d-554d-4c6e-90f4-9bbd7c39cce2"},"_deposit":{"id":"2007395","pid":{"type":"depid","value":"2007395","revision_id":0},"owners":[80578],"status":"published","created_by":80578},"item_title":"振る舞いに着目したダークネット上の調査目的スキャナの判定手法の提案","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"振る舞いに着目したダークネット上の調査目的スキャナの判定手法の提案","subitem_title_language":"ja"},{"subitem_title":"Identifying Internet Research Scanners in Darknet Based on Their Behavior","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"IOT","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2026-02-24","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東北工業大学大学院工学研究科"},{"subitem_text_value":"東北工業大学工学部情報通信工学課程"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Engineering, Tohoku Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Department of Information and Communication Engineering, Tohoku Institute of Technology","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2007395/files/IPSJ-IOT26072018.pdf","label":"IPSJ-IOT26072018.pdf"},"date":[{"dateType":"Available","dateValue":"2028-02-24"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT26072018.pdf","filesize":[{"value":"2.6 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"48fdf5dd-76d1-4b2e-8b97-1fb5b2ef92fe","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2026 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"鹿内,嵩天"}]},{"creatorNames":[{"creatorName":"角田,裕"}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"ダークネットで観測されるトラフィックは，サイバー攻撃の分析における重要な情報源である．近年，セキュリティ機関等による調査目的スキャンが増加傾向にあり，これらが分析の障害となる問題がある．そこで，スキャンを除去するため，調査目的スキャナを特定する判定指標が提案されている．しかし，既存手法は主に活動量が大規模な送信元を対象としており，小規模なスキャナが見過ごされるという課題があった．本研究では，各送信元の振る舞いに着目した新たな判定手法を提案する．具体的には，スキャン対象ポート数などの従来の量的指標に加え，質的指標である「どのポートへのスキャンか」という情報を用いる．これにより，既存手法では捉えられなかった，活動量が小規模でも調査目的スキャナの振る舞いをする送信元の判定が可能となった","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Darknet traffic is a vital source of information for analyzing cyber attacks. However, the recent increase in Internet research scanners employed by security organizations has become a significant obstacle to effective analysis. While existing metrics have been proposed to identify and filter out these scanners, they primarily focus on large-scale sources, leaving small-scale scanners undetected. To address this issue, we propose a novel identification method that focuses on the behavioral patterns of each source. Specifically, in addition to conventional quantitative features such as the number of targeted ports, we incorporate qualitative features―specifically, the selection of targeted ports. This approach enables the identification of small-scale sources that exhibit access patterns characteristic of Internet Research Scanners, which existing methods fail to capture.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2026-02-24","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"18","bibliographicVolumeNumber":"2026-IOT-72"}]},"relation_version_is_last":true,"weko_creator_id":"80578"},"created":"2026-02-16T07:18:44.672453+00:00","updated":"2026-02-16T07:50:15.661852+00:00"}