{"links":{},"id":2008853,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02008853","sets":["6164:6165:6462:1754030301959"]},"path":["1754030301959"],"owner":"11","recid":"2008853","title":["SCAツールの精度評価に向けた標準データセットと評価手法の検討"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2025-10-20"},"_buckets":{"deposit":"78da47a8-ef81-4d2f-b571-7e18777b3759"},"_deposit":{"id":"2008853","pid":{"type":"depid","value":"2008853","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"SCAツールの精度評価に向けた標準データセットと評価手法の検討","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"SCAツールの精度評価に向けた標準データセットと評価手法の検討","subitem_title_language":"ja"},{"subitem_title":"Toward Accuracy Evaluation of SCA Tools: Standard Datasets and Evaluation Methodology","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2025-10-20","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"横浜国立大学大学院環境情報学府"},{"subitem_text_value":"横浜国立大学大学院環境情報学府"},{"subitem_text_value":"横浜国立大学/富士ソフト株式会社"},{"subitem_text_value":"横浜国立大学先端科学高等研究院"},{"subitem_text_value":"横浜国立大学先端科学高等研究院/横浜国立大学大学院環境情報研究院"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Environment and Information Sciences, Yokohama National University"},{"subitem_text_value":"Graduate School of Environment and Information Sciences, Yokohama National University"},{"subitem_text_value":"Yokohama National University / FUJI SOFT INCORPORATED"},{"subitem_text_value":"Institute of Advanced Sciences, Yokohama National University"},{"subitem_text_value":"Institute of Advanced Sciences, Yokohama National University / Graduate School of Environment and Information Sciences, Yokohama National University"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2008853/files/IPSJ-CSS2025082.pdf","label":"IPSJ-CSS2025082.pdf"},"date":[{"dateType":"Available","dateValue":"2027-10-20"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2025082.pdf","filesize":[{"value":"335.9 KB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"dbba2410-6c6d-4e06-b57a-d9f92d67163f","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2025 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"山本,遊大"}]},{"creatorNames":[{"creatorName":"木原,百々香"}]},{"creatorNames":[{"creatorName":"原,悟史"}]},{"creatorNames":[{"creatorName":"佐々木,貴之"}]},{"creatorNames":[{"creatorName":"吉岡,克成"}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yudai Yamamoto"}]},{"creatorNames":[{"creatorName":"Momoka Kihara"}]},{"creatorNames":[{"creatorName":"Satoshi Hara"}]},{"creatorNames":[{"creatorName":"Takayuki Sasaki"}]},{"creatorNames":[{"creatorName":"Katsunari Yoshioka"}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年,ソフトウェア開発において Open Source Software(OSS)の利用が一般的になっているが,ライセンス違反や脆弱性などのリスクが存在する.これらのリスクを検出するツールとして,Software Composition Analysis(SCA)ツールが注目されているが,検出精度を客観的に評価するための標準的な手法やデータセットは確立されておらず,適切なツール選択や性能比較が困難である.そこで本研究では,SCA ツール評価用データセットとそれに基づく評価手法の確立に向けた第一歩として,ルータファームウェアで使用される代表的な OSS を対象とした作成手法の異なる 2 種類の評価用バイナリデータセットを試作し,商用ツール 1 つとオープンソースツール Syft の精度評価を実施した.その結果,今回の実験においては,データセットに含まれる OSS の選定基準がツールの検出精度に最も大きな影響を与えること,同一 OSS においてはバイナリデータセット作成手法による検出結果への影響は限定的であることを確認した.最後に,SCA ツール評価用データセットの作成と利用におけるエコシステムについて検討し,公平性の観点から SCA ツールベンダーと適切な距離をとりながら,現場のユースケースを反映してデータセットを構築することが必要であることを考察した.","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In recent years, the use of open source software (OSS) has become commonplace in software development, but there are risks such as license violations and vulnerabilities. Software composition analysis (SCA) tools are attracting attention as a means of detecting these risks, but there are no established standard methods or datasets for objectively evaluating detection accuracy, making it difficult to select appropriate tools and compare their performance. In this study, as a first step toward establishing an evaluation dataset and evaluation methodology for SCA tools, we identified issues to be considered based on use cases and created two types of evaluation datasets of representative OSS used in router firmware, created with different methods. Furthermore, we evaluated the accuracy of one commercial tool and the open-source tool Syft using datasets. In this experiment, we confirmed that the selection criteria for OSS included in datasets have the greatest impact on tool detection accuracy, and that the influence of binary dataset creation methods on detection results was limited when using identical OSS. Finally, we examined the ecosystem for creating and using SCA tool evaluation datasets and concluded that it is necessary to maintain an appropriate distance from SCA tool vendors from the perspective of fairness while updating datasets to reflect real-world use cases.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"622","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2025論文集"}],"bibliographicPageStart":"615","bibliographicIssueDates":{"bibliographicIssueDate":"2025-10-20","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2026-03-25T04:59:35.927310+00:00","updated":"2026-03-26T04:35:05.216971+00:00"}