{"created":"2025-01-19T01:24:25.035741+00:00","updated":"2025-01-19T12:59:48.397297+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00224856","sets":["1164:6389:11170:11171"]},"path":["11171"],"owner":"44499","recid":"224856","title":["脆弱性情報とMITRE ATT&CKを関連付けるオントロジー"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-03-06"},"_buckets":{"deposit":"04fbb271-0b95-47a2-8dc4-7b2aaa35ddf0"},"_deposit":{"id":"224856","pid":{"type":"depid","value":"224856","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"脆弱性情報とMITRE ATT&CKを関連付けるオントロジー","author_link":["593927","593929","593926","593930","593923","593921","593933","593928","593932","593925","593920","593924","593931","593922"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"脆弱性情報とMITRE ATT&CKを関連付けるオントロジー"},{"subitem_title":"Ontology for Discovering Relations between Vulnerability Information and MITRE ATT&CK","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"SPT","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2023-03-06","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"神戸大学"},{"subitem_text_value":"神戸大学"},{"subitem_text_value":"国際電気通信基礎技術研究所"},{"subitem_text_value":"国際電気通信基礎技術研究所"},{"subitem_text_value":"近畿大学"},{"subitem_text_value":"神戸大学"},{"subitem_text_value":"神戸大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Advanced Telecommunications Research Institute International","subitem_text_language":"en"},{"subitem_text_value":"Advanced Telecommunications Research Institute International","subitem_text_language":"en"},{"subitem_text_value":"Kindai University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/224856/files/IPSJ-SPT23050042.pdf","label":"IPSJ-SPT23050042.pdf"},"date":[{"dateType":"Available","dateValue":"2025-03-06"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SPT23050042.pdf","filesize":[{"value":"1.4 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2535920f-cb2b-4de8-8b19-5b039d16133c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"平薮, 将志"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"白石, 善明"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"小津, 喬"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"松中, 隆志"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"毛利, 公美"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"葛野, 弘樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"森井, 昌克"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Masayuki, Hirayabu","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoshiaki, Shiraishi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takashi, Ozu","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takashi, Matsunaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masami, Mohri","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroki, Kuzuno","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masakatu, Morii","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12628305","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8671","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"サイバー攻撃が発生する要因の一つは利用している製品の脆弱性の悪用である．NVD や MITRE ATT&CK がリスクアセスメントやスレットインテリジェンスなどの調査で参照される．本研究では，NVD と MITRE ATT&CK を連係するオントロジーを構築し，脆弱性情報から攻撃手法や攻撃者集団などの情報を取得できる検索システムを実装している．CVE-ID を入力して検索された出力は，一定の割合で有用な情報を絞り込むことができることと，ATT&CK オブジェクトが追加されてから 1 年ほど経過すると出力結果の精度が向上することを確認している．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"One of the reasons for cyber attacks is the exploitation of vulnerabilities in the products used, and NVD and MITRE ATT&CK are referred to in risk assessment and threat intelligence investigations. In this study, we build an ontology linking NVD and MITRE ATT&CK, and implement a search system that can retrieve information such as attack techniques and attacker groups from vulnerability information; the output retrieved by entering CVE-IDs can narrow down useful information by a certain percentage, and the output can be used to identify the attacker groups in ATT&CK. We have confirmed that the accuracy of the output improves about one year after the ATT&CK object is added.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告セキュリティ心理学とトラスト（SPT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2023-03-06","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"42","bibliographicVolumeNumber":"2023-SPT-50"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":224856,"links":{}}