{"created":"2025-01-19T01:11:24.681216+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00210146","sets":["1164:3925:10503:10504"]},"path":["10504"],"owner":"44499","recid":"210146","title":["ダークネットにおける大規模調査パケットを考慮したポート番号埋め込みベクトルによるスキャンパケット解析"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-03-08"},"_buckets":{"deposit":"c4553ad0-e750-4888-8616-832fd1eee8aa"},"_deposit":{"id":"210146","pid":{"type":"depid","value":"210146","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"ダークネットにおける大規模調査パケットを考慮したポート番号埋め込みベクトルによるスキャンパケット解析","author_link":["531379","531377","531378","531376"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ダークネットにおける大規模調査パケットを考慮したポート番号埋め込みベクトルによるスキャンパケット解析"},{"subitem_title":"Scan Packet Analysis by Port-number Embedding Vector Considering Large-scale Survey Packets in Darknet","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"情報収集・分析","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2021-03-08","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"神戸大学"},{"subitem_text_value":"神戸大学"},{"subitem_text_value":"情報通信研究機構"},{"subitem_text_value":"神戸大学"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/210146/files/IPSJ-CSEC21092049.pdf","label":"IPSJ-CSEC21092049.pdf"},"date":[{"dateType":"Available","dateValue":"2023-03-08"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC21092049.pdf","filesize":[{"value":"1.8 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"855f47cb-03bf-4313-8853-a45f3999ef0d","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"石川, 真太郎"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"中藤, 大暉"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"班, 涛"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"小澤, 誠一"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，IoT デバイスの脆弱性を利用したサイバー攻撃による被害が深刻になっており，対策が求められている．本研究では，機械学習を用いてダークネットで観測されたマルウェア感染デバイスによる攻撃と，その変化を追跡する手法を提案する．最初に，ダークネット観測において，ノイズとなっている大規模調査パケットを除外する．次に，FastText による特徴抽出を行い，スキャンパケットの宛先ポート番号から，ターゲットとなっているネットワークサービス間の相関関係を捉える．最後に，UMAP と DBSCAN を用いてホストの可視化と，同じ攻撃パターンを持つホストのクラスタリングを行い，マルウェアの傾向把握や新たなマルウェア亜種の出現の検知を行う．実験では，同手法で大規模調査パケットを削除した場合としない場合を比較し，大規模調査パケット削除の有効性を示し，また，既知の大規模調査を行う組織情報などを利用し大規模調査パケットを正しく分離できていることを示した．その上で 1 日ごとの解析情報を追跡することにより，宛先ポート番号だけに着目した解析では判断できない，ホストの時間的な活動情報に基づいたマルウェア判定を行うことができることを示した．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In this research, we propose a method for tracking the attacks by malware-infected devices observed in the darknet and their changes using machine learning. First, we exclude large-scale survey packets that are noisy in darknet observations. Then, feature extraction using FastText is executed, and the correlation among targeted network services is captured from the destination port numbers of scan packets. Finally, UMAP and DBSCAN are used to cluster hosts with the same attack pattern as host visualization, to grasp malware trends and detect the emergence of new malware variants. In the experiment, we study the effectiveness of the proposed method where large-scale scanners are identified and ignored their traffic. By tracking the cluster transitions, we verify that the time transient of malware activity can be captured by tracking the portset clusters.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2021-03-08","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"49","bibliographicVolumeNumber":"2021-CSEC-92"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":210146,"updated":"2025-01-19T18:15:17.940227+00:00","links":{}}