{"created":"2025-01-19T01:27:56.037548+00:00","updated":"2025-01-19T11:42:58.815369+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00228797","sets":["6164:6165:6462:11379"]},"path":["11379"],"owner":"44499","recid":"228797","title":["RATを用いる攻撃者の人的資源を枯渇させる攻撃の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-10-23"},"_buckets":{"deposit":"b2890a09-7533-4478-a9aa-39fb6452763d"},"_deposit":{"id":"228797","pid":{"type":"depid","value":"228797","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"RATを用いる攻撃者の人的資源を枯渇させる攻撃の提案","author_link":["614029","614028","614030","614027"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"RATを用いる攻撃者の人的資源を枯渇させる攻撃の提案"},{"subitem_title":"Human Resources Depletion attacks against RAT commanders","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルチエージェントシミュレーション，標的型攻撃，RAT","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2023-10-23","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"警察庁／情報セキュリティ大学院大学"},{"subitem_text_value":"情報セキュリティ大学院大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"National Police Agency / Institute of Information Security","subitem_text_language":"en"},{"subitem_text_value":"Institute of Information Security","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/228797/files/IPSJ-CSS2023184.pdf","label":"IPSJ-CSS2023184.pdf"},"date":[{"dateType":"Available","dateValue":"2025-10-23"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2023184.pdf","filesize":[{"value":"600.9 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"4369292a-f51a-484d-9fb7-e0dc1173b1dc","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大坪, 雄平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"大塚, 玲"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yuhei, Otsubo","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akira, Otsuka","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"機密情報の摂取やランサムウェアによる二重恐喝を目的とした標的型攻撃は，多くの組織にとって脅威である．標的型攻撃の初期段階では，攻撃者はメールを起点にRAT（Remote Access Trojan）と呼ばれマルウェアを感染させ，端末の遠隔操作を試みることが多い．これまでは，防御側はRATを認知しても攻撃側への行動を控えていたため，攻撃者が直接的な攻撃コストを実感する場面はなかった．そこで我々は，攻撃者が無視することが困難にになるように工夫した偽の感染通知を送信することで，攻撃側の人的資源を枯渇させる手法を提案する．マルチエージェントシミュレーションを用いた効果推定では，提案手法の導入が進めば，攻撃機会の損失により被害の減少が見込まれ，感染端末を販売するアクセスブローカの評判低下にも繋がることが判明した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Targeted attacks are a threat to many organizations, as they aim to ingest sensitive information or double extort through ransomware. In the early stages of a targeted attack, attackers often start with an e-mail message, infect it with malware called a RAT (Remote Access Trojan), and attempt to remotely control the terminal. Currently, even if the target notices the RAT, the target does not take any particular action, and thus there is no situation in which the attacker realizes the direct cost of the attack. Therefore, we propose a method to exhaust the attacker's human resources by sending false infection notifications that are difficult for the attacker to ignore. Experiments using multi-agent simulations show that if our method is adopted, it is expected to reduce the damage due to lost attack opportunities, and it is also expected to reduce the reputation of access brokers who sell infected terminals.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1356","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2023論文集"}],"bibliographicPageStart":"1349","bibliographicIssueDates":{"bibliographicIssueDate":"2023-10-23","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":228797,"links":{}}