{"created":"2026-02-16T07:18:49.074181+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02007397","sets":["1164:4088:1771221559804:1771221642894"]},"path":["1771221642894"],"owner":"80578","recid":"2007397","title":["AIと人間の協調を前提としたDNS通信ログに基づく異常通信検知の試行"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2026-02-24"},"_buckets":{"deposit":"55167921-ea5c-413c-b1f3-34ae1966a6cf"},"_deposit":{"id":"2007397","pid":{"type":"depid","value":"2007397","revision_id":0},"owners":[80578],"status":"published","created_by":80578},"item_title":"AIと人間の協調を前提としたDNS通信ログに基づく異常通信検知の試行","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"AIと人間の協調を前提としたDNS通信ログに基づく異常通信検知の試行","subitem_title_language":"ja"},{"subitem_title":"A Trial of DNS-Based Anomaly Detection with Human-AI Collaboration","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"IOT","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2026-02-24","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"大阪大学"},{"subitem_text_value":"大阪大学"},{"subitem_text_value":"大阪大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"The University of Osaka","subitem_text_language":"en"},{"subitem_text_value":"The University of Osaka","subitem_text_language":"en"},{"subitem_text_value":"The University of Osaka","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2007397/files/IPSJ-IOT26072020.pdf","label":"IPSJ-IOT26072020.pdf"},"date":[{"dateType":"Available","dateValue":"2028-02-24"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT26072020.pdf","filesize":[{"value":"2.5 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"ac410075-b8bd-4993-8a18-f8e1468219ad","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2026 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"植田,啓斗"}]},{"creatorNames":[{"creatorName":"大平,健司"}]},{"creatorNames":[{"creatorName":"猪俣,敦夫"}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Keito Ueda","creatorNameLang":"en"}]},{"creatorNames":[{"creatorName":"Kenji Ohira","creatorNameLang":"en"}]},{"creatorNames":[{"creatorName":"Atsuo Inomata","creatorNameLang":"en"}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"サイバー攻撃の高度化に伴い，マルウェアの指令通信や情報流出の経路としてDNS通信が悪用される可能性が指摘されており，DNS通信ログの分析が重要となっている．しかし，実運用ではログ件数が膨大であるため人手で精査することは困難であり，さらに機械学習を用いた手法では検知理由が分かりにくいという課題がある．本研究では，DNS通信ログを対象として，Isolation Forestによる異常通信の抽出と，決定木によるルール化を組み合わせた分析手法を提案する．異常度の高い通信の傾向を決定木によりIf-Then形式で整理することで，検知結果を運用担当者が理解しやすい形で提示することを狙いとした．公開データセットおよび実環境の通信ログを用いた試行を通じて，本手法がセキュリティ運用における調査対象の優先度付けや分析負荷の軽減に寄与する可能性を示す．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"DNS traffics are indicated as a possible for malware command-and-control (C&C) communication and data exfiltration, so the analysis of DNS logs becomes important. However, it is difficult to manually examine suspicious traffic because the volume of these logs are very large especially in practical operations. It is also difficult for the decision process based on machine-learning-based detection methods to understand. In this research, we proposed an analysis method that it combines the extraction of candidate anomalous traffic using Isolation Forest with rule generation using decision trees. For our method, the characteristics of highly anomalous traffic are organized into if-then rules using the decision trees so that the detection results can be presented in a form that is easier for operators to interpret. As a result, we showed some evaluations using both public datasets and real-world DNS traffic logs, particularly in prioritizing investigation targets and reducing the analysis workload.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2026-02-24","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"20","bibliographicVolumeNumber":"2026-IOT-72"}]},"relation_version_is_last":true,"weko_creator_id":"80578"},"id":2007397,"updated":"2026-02-16T07:50:20.161503+00:00","links":{}}