@article{oai:ipsj.ixsq.nii.ac.jp:00214341,
 author = {山下, 智也 and 宮本, 大輔 and 関谷, 勇司 and 中村, 宏 and Tomoya, Yamashita and Daisuke, Miyamoto and Yuji, Sekiya and Hiroshi, Nakamura},
 issue = {12},
 journal = {情報処理学会論文誌},
 month = {Dec},
 note = {ネットワーク上の攻撃者は，攻撃を行う準備としてまずスキャン攻撃を行い，ネットワーク上のホストが持つ脆弱性に関する情報の収集を試みる．したがってスキャン攻撃の検知は，さらなる本格的な攻撃を未然に防ぐための重要な課題といえる．スキャン攻撃を検知するシステムとして侵入検知システム（IDS）が提案，利用されている．しかし，通信の時間間隔を大きくしてスキャンを行うスロースキャン攻撃や，複数のホストを利用してスキャンを行う分散スキャン攻撃の検知は容易ではない．そこで本論文では，スキャン攻撃を行うホストと正常な通信を行うホストの通信挙動の違いをとらえることのできる特徴量を提案し，この特徴量を用いたスキャン攻撃の検知手法を提案する．実験により，提案手法がスロースキャン攻撃や分散スキャン攻撃の検知に有効であることを確認する．, Cyberattacks often begin with a port scan attack, which is used to find exploitable vulnerabilities on targeted systems. Therefore, quick detection of scanning attacks is by far important to avoid further attacks. Intrusion detection systems (IDS) have been proposed to detect scanning attacks. However, it is difficult to detect slow scan attacks, in which the time interval between successive communications is increased, or distributed scan attacks, in which multiple hosts are used for scanning. Therefore, in this paper, we propose a method for detecting scan attacks that focuses on the difference in communication behavior between scanning hosts and hosts that perform normal communication. Through experiments, we confirm that the proposed method is effective in detecting slow scan attacks and distributed scan attacks.},
 pages = {1904--1914},
 title = {通信挙動に基づいたスキャン攻撃検知},
 volume = {62},
 year = {2021}
}