{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00228738","sets":["6164:6165:6462:11379"]},"path":["11379"],"owner":"44499","recid":"228738","title":["機械学習を用いた痕跡情報自動収集システムの試作"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-10-23"},"_buckets":{"deposit":"ab3a7ec8-c315-49e1-8f6d-9fe9ad3ce3a3"},"_deposit":{"id":"228738","pid":{"type":"depid","value":"228738","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"機械学習を用いた痕跡情報自動収集システムの試作","author_link":["613609","613608","613610","613605","613607","613611","613616","613604","613603","613615","613614","613606","613613","613612"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"機械学習を用いた痕跡情報自動収集システムの試作"},{"subitem_title":"An experiment of automatic collection system for log data using machine learning","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"耐タンパーソフトウェア, 自己破壊, Return-Oriented Programming (ROP), 間接ジャンプ，データメモリ, ソフトウェア保護","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2023-10-23","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京情報大学大学院 総合情報学研究科"},{"subitem_text_value":"株式会社日立システムズ サイバーセキュリティリサーチセンタ"},{"subitem_text_value":"株式会社日立システムズ サイバーセキュリティリサーチセンタ"},{"subitem_text_value":"株式会社日立システムズ サイバーセキュリティリサーチセンタ"},{"subitem_text_value":"東京情報大学 総合情報学部"},{"subitem_text_value":"東京情報大学 総合情報学部"},{"subitem_text_value":"東京情報大学 総合情報学部"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Informatics, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Hitachi System, Ltd. Cyber Security Research Center","subitem_text_language":"en"},{"subitem_text_value":"Hitachi System, Ltd. Cyber Security Research Center","subitem_text_language":"en"},{"subitem_text_value":"Hitachi System, Ltd. Cyber Security Research Center","subitem_text_language":"en"},{"subitem_text_value":"Department of Information Sciences, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Department of Information Sciences, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Department of Information Sciences, Tokyo University of Information Sciences","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/228738/files/IPSJ-CSS2023125.pdf","label":"IPSJ-CSS2023125.pdf"},"date":[{"dateType":"Available","dateValue":"2025-10-23"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2023125.pdf","filesize":[{"value":"515.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"942dd05f-2a6c-44ea-8fb0-8e1f73e356c7","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"岩崎, 晃大"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"折田, 彰"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"関谷, 信吾"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"中野, 心太"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"花田, 真樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"布広, 永示"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岸本, 頼紀"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Koudai, Iwasaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akira, Orita","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shingo, Sekiya","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shinta, Nakao","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masaki, Hanada","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Eiji, Nunohiro","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yorinori, Kishimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"デジタルフォレンジックにおいて，痕跡情報の収集と可視化は初動調査において重要である．これには迅速に対応するために自動化が求められ，CDIR Collector をはじめ様々なシステムが提案されている．しかし，これらはOS の基本的なログに加えて，一般的と想定されるログの収集はできるが，対象のPC に独自にインストールされたプログラムのログなどの情報を自動取得できないという問題がある．そこで，機械学習によりPC のファイルから自動でログと判別されるファイルを自動収集するシステムを提案する．本システムはファイルのバイナリデータの先頭部分を対象として機械学習によりログファイルを判別し自動収集する．また，収集した多様なログファイルの形式に対して，日付時刻やメッセージなど必要なものを抽出し，共通のフォーマットに変換し，一葉に可視化することで自動的に攻撃の全体像を把握することができる．本報告では機械学習を用いた痕跡情報自動収集システムの試作と，ラテラルムーブメントを含めた標的型攻撃の模擬攻撃実験データに対して本システムを適用した場合の効果について報告する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In digital forensics, log collection and visualization are important in initial investigations. Since this requires automation, various systems have been proposed, including the CDIR Collector. However, these can only collect basic OS logs and general application logs. Also, they cannot automatically acquire log files of other applications installed on the PC. Therefore, we propose a system that collects files that are automatically identified as logs from PC files by machine learning. This system uses machine learning to identify and automatically collect log files from the beginning of binary data in files. In addition, it extracts only necessary items such as date and time and messages from various formats of collected log files. Then, they are converted into a common format and visualized. This makes it possible to automatically check the overall outline of the attack. In this report, we report the prototype of the automatic log file collection system using machine learning and the effect of applying this system to simulated attack data.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"918","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2023論文集"}],"bibliographicPageStart":"916","bibliographicIssueDates":{"bibliographicIssueDate":"2023-10-23","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":228738,"updated":"2025-01-19T11:44:25.838041+00:00","links":{},"created":"2025-01-19T01:27:52.650119+00:00"}