{"id":201321,"updated":"2025-01-19T21:05:37.970557+00:00","links":{},"created":"2025-01-19T01:04:35.735859+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00201321","sets":["6164:6165:6462:10022"]},"path":["10022"],"owner":"44499","recid":"201321","title":["外部から不正侵入されたシステムのログ解析支援ツールの開発"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-10-14"},"_buckets":{"deposit":"a877e00f-0e4d-4969-85c4-8acb83bc7f26"},"_deposit":{"id":"201321","pid":{"type":"depid","value":"201321","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"外部から不正侵入されたシステムのログ解析支援ツールの開発","author_link":["491850","491845","491856","491860","491853","491857","491847","491854","491855","491858","491852","491849","491846","491851","491859","491848"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"外部から不正侵入されたシステムのログ解析支援ツールの開発"},{"subitem_title":"Development of Log Analysis Support Tool for a System Which Was Invaded Illegally from Outside","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア，デジタル・フォレンジック，ログ解析","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2019-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京情報大学大学院総合情報学研究科"},{"subitem_text_value":"東京情報大学総合情報学部"},{"subitem_text_value":"東京情報大学総合情報学部"},{"subitem_text_value":"東京情報大学総合情報学部"},{"subitem_text_value":"東京情報大学総合情報学部"},{"subitem_text_value":"東京情報大学総合情報学部"},{"subitem_text_value":"株式会社日立システムズ サイバーセキュリティリサーチセンタ"},{"subitem_text_value":"株式会社日立システムズ サイバーセキュリティリサーチセンタ"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Informatics, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Department of Information Sciences, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Department of Information Sciences, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Department of Information Sciences, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Department of Information Sciences, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Department of Information Sciences, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Systems, Ltd. Cyber Security Research Center","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Systems, Ltd. Cyber Security Research Center","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/201321/files/IPSJCSS2019028.pdf","label":"IPSJCSS2019028.pdf"},"date":[{"dateType":"Available","dateValue":"2021-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2019028.pdf","filesize":[{"value":"894.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"ac8e0e53-be1d-409f-a456-02b7fc7dbcd2","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"中野, 心太"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"早稲田, 篤志"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"村上, 洋一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岸本, 頼紀"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"花田, 真樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"布広, 永示"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"関口, 竜也"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"折田, 彰"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shinta, Nakano","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Atsushi, Waseda","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoichi, Murakami","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yorinori, Kishimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masaki, Hanada","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Eiji, Nunohiro","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tatsuya, Sekiguchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akira, Orita","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェアは，セキュリティサービスの無効化や，自身の動作に関連する痕跡情報を改ざんするなどの機能を用いて，ユーザ及びアンチマルウェアプログラムによる検知を免れようとしている．しかし，ファイルを作成または変更するマルウェアは，ファイル管理テーブル，レジストリ，イベントログ，および通信ログに痕跡情報を残すことがよく知られている．本研究では，システム上に残された痕跡情報から，マルウェアがシステムに侵入した後の挙動パターンを調べ，その調査結果を用いてマルウェアによる改ざん内容や攻撃者の目的などを解析するためのツールを開発している．本発表では，痕跡情報を人手で抽出する際の判断基準とその判断基準をログ解析支援ツールとして実装する開発内容について説明する．さらに，通常の作業中でも記録されているログ情報のフィルタリング処理，改ざん等の不正な操作が行われたと思われるログを抽出する痕跡情報抽出処理について報告する.","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Malware tries to evade detection by users and anti-malware programs using its functions such as disabling security services and falsifying traces of its activities. However, it is well known that the malware which creates or modifies files leaves some trace in the file management table, registry, event log and communication log. In this study, we are analyzing the behavior pattern of malware based on the trace information left on the system. Also, based on the results of this analysis, we are developing a tool to analyze the contents of falsification by malware and the purpose of the attacker. In this presentation, we will explain the criteria of judgement for manually extracting the trace information and the details of the analysis tool which implements it. Furthermore, we will report the filtering process of the log information recorded even during normal work and the extraction process of the trace information which extracts logs of unauthorized operations such as falsification.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"199","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2019論文集"}],"bibliographicPageStart":"194","bibliographicIssueDates":{"bibliographicIssueDate":"2019-10-14","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2019"}]},"relation_version_is_last":true,"weko_creator_id":"44499"}}