{"updated":"2025-01-19T20:31:29.717715+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00203497","sets":["1164:4088:10109:10110"]},"path":["10110"],"owner":"44499","recid":"203497","title":["マイニングマルウェアの通信の特徴抽出の試行"],"pubdate":{"attribute_name":"公開日","attribute_value":"2020-02-24"},"_buckets":{"deposit":"d1250c26-3825-4a3d-a6a0-eebb7768ec5a"},"_deposit":{"id":"203497","pid":{"type":"depid","value":"203497","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"マイニングマルウェアの通信の特徴抽出の試行","author_link":["501847","501845","501844","501846"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"マイニングマルウェアの通信の特徴抽出の試行"},{"subitem_title":"Attempt to extract network traffic feature of mining malware","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ネットワーク,運用,他","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2020-02-24","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"福山大学"},{"subitem_text_value":"福山大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Fukuyama University","subitem_text_language":"en"},{"subitem_text_value":"Fukuyama University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/203497/files/IPSJ-IOT20048006.pdf","label":"IPSJ-IOT20048006.pdf"},"date":[{"dateType":"Available","dateValue":"2022-02-24"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT20048006.pdf","filesize":[{"value":"974.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"fbc0cd53-a38a-41ba-9b22-091d5298c946","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2020 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"村上, 順也"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"山之上, 卓"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Junya, Murakami","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takashi, Yamanoue","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マイニングマルウェアが増加し,感染すると利用者が知らないうちに CPU リソースを奪われることから,これを検知して除去する必要がある.ウイルス対策ソフトでは,ゼロデイアタックは検知できないため,通信の観測によってマイニングマルウェアを検知したい.本稿では,マイニングウェアによってマイニングしているホストの通信を Wireshark でパケットキャプチャし,IP アドレスごとに毎秒の通信量をグラフ化して,マイニングウェアの通信の特徴を抽出したことについて述べる.マイニングウェアの TCP 通信は通常の TCP 通信と比べて単位時間当たりの同じパケット数を継続して確認できることや TCP のストリームの送受信に偏りがあることなどの特徴があった.","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"As the number of mining malware increases and infections take away CPU resources without the user's knowledge, it is necessary to detect and remove this.Since anti-virus software cannot detect zero-day attacks, we want to detect mining malware by observing communications. In this paper, we describe that we capture the communication of the host that is mining by the miningware using Wireshark, and graph the traffic per second for each IP address to extract the characteristics of the miningware communication. Compared with normal TCP communication, miningware TCP communication has features such as the ability to continuously check the same number of packets per unit time and the uneven transmission and reception of TCP streams.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術(IOT)"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2020-02-24","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"6","bibliographicVolumeNumber":"2020-IOT-48"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:05:54.656691+00:00","id":203497,"links":{}}