{"id":203902,"updated":"2025-01-19T20:24:09.797673+00:00","links":{},"created":"2025-01-19T01:06:14.076157+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00203902","sets":["1164:2836:10118:10119"]},"path":["10119"],"owner":"44499","recid":"203902","title":["機械学習を用いたCVEからCAPECへの関連付け手法の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2020-03-05"},"_buckets":{"deposit":"09f3bf83-b283-44bf-af59-a462a5d59147"},"_deposit":{"id":"203902","pid":{"type":"depid","value":"203902","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"機械学習を用いたCVEからCAPECへの関連付け手法の提案","author_link":["503971","503958","503964","503963","503961","503959","503974","503965","503969","503975","503977","503962","503970","503976","503966","503973","503967","503968","503960","503972"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"機械学習を用いたCVEからCAPECへの関連付け手法の提案"},{"subitem_title":"Tracing CAPEC Attack Patterns from CVE Vulnerability Information by using Machine Learning","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2020-03-05","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"早稲田大学"},{"subitem_text_value":"早稲田大学"},{"subitem_text_value":"早稲田大学"},{"subitem_text_value":"早稲田大学"},{"subitem_text_value":"信州大学"},{"subitem_text_value":"情報セキュリティ大学院大学"},{"subitem_text_value":"日立製作所"},{"subitem_text_value":"日立製作所"},{"subitem_text_value":"東京学芸大学"},{"subitem_text_value":"国立情報学研究所"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Waseda University","subitem_text_language":"en"},{"subitem_text_value":"Waseda University","subitem_text_language":"en"},{"subitem_text_value":"Waseda University","subitem_text_language":"en"},{"subitem_text_value":"Waseda University","subitem_text_language":"en"},{"subitem_text_value":"Shinshu University","subitem_text_language":"en"},{"subitem_text_value":"Institute of Information Security","subitem_text_language":"en"},{"subitem_text_value":"Hitachi,Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Hitachi,Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Gakugei University","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Informatics","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/203902/files/IPSJ-DPS20182020.pdf","label":"IPSJ-DPS20182020.pdf"},"date":[{"dateType":"Available","dateValue":"2022-03-05"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-DPS20182020.pdf","filesize":[{"value":"1.0 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"34"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"6c80350a-4ae9-4a84-b9df-6bc3a13854cf","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2020 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"鹿子木, 健太"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"野寄, 祐樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"鷲崎, 弘宜"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"深澤, 良彰"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"小形, 真平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"大久保, 隆夫"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"加藤, 岳久"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"鹿糠, 秀行"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"櫨山, 淳雄"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"吉岡, 信和"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kenta, Kanakogi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yuki, Noyori","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hironori, Washizaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoshiaki, Fukazawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shinpei, Ogata","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takao, Okubo","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takehisa, Kato","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hideyuki, Kanuka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Atsuo, Hazeyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Nobukazu, Yoshioka","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN10116224","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8906","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"システム管理者が自組織に関係する脆弱性の調査や対処をする際,既知の脆弱性情報を参照するが,その数は非常に膨大であり脆弱性の対処に多くの時間を必要とする.脆弱性の対処を効率化するために,既知の情報を蓄積する Common Vulnerabilities and Exposures (CVE)や Common Attack Pattern Enumeration and Classification (CAPEC) は有用である.CVE は脆弱性情報を識別する共通識別子 (CVE-ID) のリストである.CAPEC は脆弱性に関係する攻撃をパターン化したアタックパターンの辞書であり,パターンごとに共通識別子 (CAPEC-ID) が付与されている.しかし CVE と CAPEC とは独立しているので,CVE の脆弱性の情報から関係した CAPEC の攻撃の情報を特定するのには経験を有する.そこで本論では CVE-ID に関連する CAPEC-ID を半自動的に特定する手法を提案する.最初に CVE-ID を CAPEC に記載の Impact ごとに機械学習の Random Forest を用いて分類する.次に分類された CVE-IDと,この Impact に該当する CAPEC-ID とを Doc2Vec を用いてそれぞれの文章の類似度を算出し,類似度が高い CAPEC-ID と CVE-ID とを関連付けする.実験を通じて,扱った CAPEC に記載されていた脆弱性合計 43 個の内の 17 個が,CVEID から直接特定できた.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"7","bibliographic_titles":[{"bibliographic_title":"研究報告マルチメディア通信と分散処理(DPS)"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2020-03-05","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"20","bibliographicVolumeNumber":"2020-DPS-182"}]},"relation_version_is_last":true,"weko_creator_id":"44499"}}