{"updated":"2025-01-19T16:37:40.997667+00:00","links":{},"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00214448","sets":["6164:6165:6462:10749"]},"path":["10749"],"owner":"44499","recid":"214448","title":["遺伝的アルゴリズムに基づいた広域スキャンのフィンガープリント特定技術の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-10-19"},"_buckets":{"deposit":"ed0ba7c6-faf3-41e7-b522-2e7ba93f713f"},"_deposit":{"id":"214448","pid":{"type":"depid","value":"214448","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"遺伝的アルゴリズムに基づいた広域スキャンのフィンガープリント特定技術の提案","author_link":["550664","550667","550661","550666","550665","550668","550662","550663"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"遺伝的アルゴリズムに基づいた広域スキャンのフィンガープリント特定技術の提案"},{"subitem_title":"Proposing a Genetic Algorithm Approach for Unveiling Fingerprint of Internet-Wide Scanner","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ダークネットトラフィック，遺伝的アルゴリズム，フィンガープリント","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2021-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"国立研究開発法人情報通信研究機構／九州大学"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"九州大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"National Institute of Information and Communications Technology / Kyushu University","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Kyushu University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/214448/files/IPSJCSS2021048.pdf","label":"IPSJCSS2021048.pdf"},"date":[{"dateType":"Available","dateValue":"2023-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2021048.pdf","filesize":[{"value":"759.6 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"a72a0ea8-920a-47f0-b403-6d7f22e18e1a","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"田中, 智"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"韓, 燦洙"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高橋, 健志"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"藤澤, 克樹"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Akira, Tanaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Chansu, Han","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takeshi, Takahashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsuki, Fujisawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"インターネット上の到達可能かつ未使用の IP アドレス空間（ダークネット）を利用し，新興のマルウェア活動を検知することは，迅速なサイバーセキュリティ対策を行うために必要不可欠である．しかし，巧妙な攻撃者による分散スキャンと調査目的スキャンを区別することは非常に難しい．既存研究では，スキャン対象のポートや送信元ホストの分布に着目することで，攻撃者によるスキャン活動の検知を試みているが，緻密に組織化されたスキャン活動の特定には至っていない．一方，スキャンパケットには他の通信と区別するための特徴（フィンガープリント）が埋め込まれていることが既存研究で知られている．本稿ではフィンガープリントを論理式で表現し，遺伝的アルゴリズムを応用することで，複雑な特徴（論理式）を捉える手法を初めて提案する．ダークネットトラフィックを用いた実験では，既存及び未知の論理式の特定に成功した．論理式を満たすパケットを分析することで，複数の脆弱性を狙った複数ホストによるスキャン活動を確認するとともに，それらは中規模以下のスキャナ郡によって行われることを確認した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Detection of malware activities using darknet traffic is essential to perform prompt cybersecurity measures. However, distributed malware scans are indistinguishable from scan activities for investigative purposes. On the other hand, existing research has revealed that scan packets have their identifier to specify their scan packets from other traffic data. Therefore, this paper represents an identifier as a boolean formula and specifies the identifier based on the genetic algorithm, which is the first research to the best of our knowledge. Numerical experiments using darknet traffic revealed both existing and unknown boolean formulas. We also confirmed some middle- or low-rate port scans targeting multiple vulnerabilities by analyzing packets satisfying the boolean formulas.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"356","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2021論文集"}],"bibliographicPageStart":"349","bibliographicIssueDates":{"bibliographicIssueDate":"2021-10-19","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":214448,"created":"2025-01-19T01:15:15.939144+00:00"}