{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00225468","sets":["1164:2036:11089:11180"]},"path":["11180"],"owner":"44499","recid":"225468","title":["セキュリティ脆弱性評価の時間依存性に関する一検討"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-03-16"},"_buckets":{"deposit":"fe5fdd94-ba1c-4c2a-93f2-0ef3872aaf14"},"_deposit":{"id":"225468","pid":{"type":"depid","value":"225468","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"セキュリティ脆弱性評価の時間依存性に関する一検討","author_link":["596634","596635","596637","596636"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"セキュリティ脆弱性評価の時間依存性に関する一検討"},{"subitem_title":"A Preliminary Study on Time-Dependency of Cyber Security Vulnerability Assessment","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"セキュリティおよびプロセッサシステム","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2023-03-16","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"拓殖大学工学部情報工学科"},{"subitem_text_value":"拓殖大学工学部情報工学科"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Department of Computer Science, Takushoku University","subitem_text_language":"en"},{"subitem_text_value":"Department of Computer Science, Takushoku University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/225468/files/IPSJ-SLDM23202021.pdf","label":"IPSJ-SLDM23202021.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SLDM23202021.pdf","filesize":[{"value":"1.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"10"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"867fc9bc-6f3a-49aa-a334-00f9140fb98c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"蓑原, 隆"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"窪田, 直宏"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takashi, Minohara","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Naohiro, Kubota","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11451459","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8639","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"情報システムの管理者は，管理対象のシステムに対するセキュリティ攻撃に対応するために，システムの脆弱性情報に注意を払い，適切な対応を行わなければならない．しかし，セキュリティ脆弱性の報告件数の増加に伴い対策実施に必要な時間も増大しており，効率的な対策を行うためには，脆弱性のリスクを評価し，優先順位をつけなければならない．特にゼロデイ攻撃など脆弱性発見の初期段階では，攻撃と対策の確立に時間が必要だと考えられるためリスク評価は時間経過に対する変化を考慮する必要がある．脆弱性のリスク評価として共通脆弱性評価システム (CVSS) などが使われているが，リスクの時間的な変化に十分対応しているとは言えない．本稿では脆弱性リスクの時間依存性を評価するモデルについて検討した結果について報告する．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Information system administrators must pay attention to system vulnerability information and take appropriate measures against security attacks on the systems they manage. However, as the number of security vulnerability reports increases, the time required to implement vulnerability remediation also increases, therefore vulnerability risks must be assessed and prioritized. Especially in the early stages of vulnerability discovery, such as zero-day attacks, the risk assessment must consider changes over time，since it takes time for the attack and countermeasures to spread. The Common Vulnerability Scoring System (CVSS) is used widely for vulnerability risk assessment, but it cannot be said that it can sufficiently cope with temporal changes of risk of attaks. In this paper, we report a preliminary study on the time dependency model for vulnerability risk assessment.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告システムとLSIの設計技術（SLDM）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2023-03-16","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"21","bibliographicVolumeNumber":"2023-SLDM-202"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":225468,"updated":"2025-01-19T12:48:02.892572+00:00","links":{},"created":"2025-01-19T01:24:58.665227+00:00"}