{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00214543","sets":["6164:6165:6462:10749"]},"path":["10749"],"owner":"44499","recid":"214543","title":["安物に悪者が出る:構築コストに基づく悪性ウェブサイト検知手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-10-19"},"_buckets":{"deposit":"3306b29d-1103-4753-bcf7-0e6f71c50f45"},"_deposit":{"id":"214543","pid":{"type":"depid","value":"214543","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"安物に悪者が出る:構築コストに基づく悪性ウェブサイト検知手法","author_link":["551373","551377","551376","551375","551374","551378"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"安物に悪者が出る:構築コストに基づく悪性ウェブサイト検知手法"},{"subitem_title":"Detection Method of Malicious Websites Based on Building Cost","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"使い捨てウェブサイト，機械学習，フィッシング，マルウェア，フェイクニュース","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2021-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"デロイトトーマツ サイバー合同会社"},{"subitem_text_value":"デロイトトーマツ サイバー合同会社"},{"subitem_text_value":"デロイトトーマツ サイバー合同会社"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Deloitte Tohmatsu Cyber LLC","subitem_text_language":"en"},{"subitem_text_value":"Deloitte Tohmatsu Cyber LLC","subitem_text_language":"en"},{"subitem_text_value":"Deloitte Tohmatsu Cyber LLC","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/214543/files/IPSJCSS2021143.pdf","label":"IPSJCSS2021143.pdf"},"date":[{"dateType":"Available","dateValue":"2023-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2021143.pdf","filesize":[{"value":"511.9 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"b3cf9f81-32d6-4021-bcee-48656b84d84f","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"伊藤, 大貴"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高田, 雄太"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"神薗, 雅紀"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Daiki, Ito","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yuta, Takata","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masaki, Kamizono","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"悪性ウェブサイトは検知や対策から逃れるため，使い捨ての運用が行われることが多い．そのため，悪性ウェブサイトでは無料のドメイン名や証明書が使用される等ウェブサイトの構築にかけるコストが低くなると考えられる．そこで本稿では，ウェブサイトの構築コストに着目し，構築コストが低いウェブサイトを識別する手法を提案する．具体的には，対象サイトをドメイン名や DNS リソースレコード，証明書，インフラの 4 つの観点で分析し，機械学習によりその構築コストの高さを識別する．提案手法の評価には，従業員規模の異なる様々な企業のコーポレートサイトを使用するとともに，フィッシング，マルウェアホスト，フェイクニュースの三種類の悪性ウェブサイトを使用する．評価の結果，攻撃の種類やコンテンツに依存せず，8 割以上の精度で悪性ウェブサイトの構築コストを低いと識別できた．識別結果の分析により，攻撃の種類によって識別における特徴量の重要度が異なり，さらにその違いは各攻撃の特性に関連していることを示す．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Malicious websites tend to be disposable to evade our detection and analysis. Therefore, these websites utilize free domain names and certificates, and the building cost of websites is kept low. In this paper, we focus on the building cost and propose a method for classifying websites built with low cost. More precisely, our method analyzes target websites from the four perspectives of domain names, DNS resource records, certificates, and infrastructures, and classifies their cost using a machine learning. In our evaluation, we use various corporate websites of different employee scale and three types of malicious website: phishing, malware hosting, and fake news. Our evaluation shows the proposed method could classify the cost of over 80% malicious websites is low regardless of the attack types. We found that importance of features in classification differs depending on the type of attack, and we show the differences are related to each attack characteristic.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1076","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2021論文集"}],"bibliographicPageStart":"1069","bibliographicIssueDates":{"bibliographicIssueDate":"2021-10-19","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":214543,"updated":"2025-01-19T16:35:03.141752+00:00","links":{},"created":"2025-01-19T01:15:21.359320+00:00"}