{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00224956","sets":["1164:4088:11174:11243"]},"path":["11243"],"owner":"44499","recid":"224956","title":["複数OpenFlowスイッチ環境のフロー統計情報を用いた横展開検知手法の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-03-08"},"_buckets":{"deposit":"afd96b36-0d5a-4e80-8a18-e9d0da61a1f5"},"_deposit":{"id":"224956","pid":{"type":"depid","value":"224956","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"複数OpenFlowスイッチ環境のフロー統計情報を用いた横展開検知手法の提案","author_link":["594431","594432","594430","594433"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"複数OpenFlowスイッチ環境のフロー統計情報を用いた横展開検知手法の提案"},{"subitem_title":"Proposal for lateral movement detection method using flow statistics in multiple OpenFlow switches environments","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"IOTセッション","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2023-03-08","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"大分大学大学院工学研究科"},{"subitem_text_value":"大分大学理工学部"},{"subitem_text_value":"大分大学学術情報拠点情報基盤センター"},{"subitem_text_value":"大分大学学術情報拠点情報基盤センター"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/224956/files/IPSJ-IOT23060016.pdf","label":"IPSJ-IOT23060016.pdf"},"date":[{"dateType":"Available","dateValue":"2025-03-08"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT23060016.pdf","filesize":[{"value":"976.7 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"7c653f3c-6d7f-4191-af1a-926a5343a15a","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"福原, 悠真"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"池部, 実"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"吉崎, 弘一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"吉田, 和幸"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"我々は，OpenFlow スイッチが保持する統計情報から OpenFlow コントローラでインターネットからのスキャンを検知する手法を提案した．一方，ネットワーク内部にマルウェアが侵入した場合，前述の提案手法では LAN 内でのマルウェアによる横展開は防ぐことが難しい．そこで本研究では，複数のOpenFlow スイッチで構成された LAN を想定し，マルウェアによる横展開を検知する手法を提案する．横展開で狙われることが多い RPC (135/TCP) と SMB (445/TCP) を検知対象とし，スキャンでは，TCP スリーウェイハンドシェイクで用いられる SYN パケットの比率が高くなることを検知条件に用いた．送信元 IP アドレス・宛先 IP アドレス・対象の宛先ポート番号ごとに，TCP SYN フラグとそれ以外の TCP フラグで異なるマッチフィールドを定義した 2 種類のフローエントリを OpenFlow スイッチに設定して受信パケット数を取得し，SYN パケット数とそれ以外のパケット数の比率により横展開の初期活動であるスキャンを検知・遮断する．提案手法を仮想ネットワーク上で実装し，検知・遮断実験を実施し評価した．複数の条件で実験した結果，横展開の送信元 IP アドレスを攻撃者として検知・遮断できることを確認した．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2023-03-08","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"16","bibliographicVolumeNumber":"2023-IOT-60"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":224956,"updated":"2025-01-19T12:58:35.909234+00:00","links":{},"created":"2025-01-19T01:24:28.469569+00:00"}