{"created":"2025-01-19T01:34:38.323885+00:00","updated":"2025-01-19T10:08:47.735785+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00233287","sets":["1164:2836:11471:11524"]},"path":["11524"],"owner":"44499","recid":"233287","title":["IoT向けのSecurity Operation Centerにおける大規模言語モデルと集合間類似度を用いたレポートの再利用"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-03-11"},"_buckets":{"deposit":"79587527-5e76-4ddf-aa08-d6c1cf3d3f63"},"_deposit":{"id":"233287","pid":{"type":"depid","value":"233287","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"IoT向けのSecurity Operation Centerにおける大規模言語モデルと集合間類似度を用いたレポートの再利用","author_link":["633343","633344","633346","633345"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"IoT向けのSecurity Operation Centerにおける大規模言語モデルと集合間類似度を用いたレポートの再利用"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"セキュリティマネジメント・SoC","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2024-03-11","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"NTTセキュリティホールディングス株式会社"},{"subitem_text_value":"NTT社会情報研究所"},{"subitem_text_value":"NTTセキュリティホールディングス株式会社"},{"subitem_text_value":"NTTセキュリティホールディングス株式会社"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"NTT Security Holdings Corporation","subitem_text_language":"en"},{"subitem_text_value":"NTT Social Informatics Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Security Holdings Corporation","subitem_text_language":"en"},{"subitem_text_value":"NTT Security Holdings Corporation","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/233287/files/IPSJ-DPS24198003.pdf","label":"IPSJ-DPS24198003.pdf"},"date":[{"dateType":"Available","dateValue":"2026-03-11"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-DPS24198003.pdf","filesize":[{"value":"745.7 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"34"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2d13e08f-ec15-4a6e-b0a3-5c639aeb8abe","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"松林, 勝"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"芝原, 俊樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"小山, 卓麻"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"田中, 政志"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN10116224","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8906","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"莫大な数の Internet of Things (IoT) 機器に対して同様のサイバー攻撃を行う大規模攻撃が脅威となっている．大規模攻撃が発生した場合，IoT 機器を監視している Security Operation Center の分析官は，莫大な数の IoT 機器のアラートを分析し，類似したレポートを大量に作成する必要がある．このとき，最初に作成したレポートが，他の IoT 機器のレポートとしても再利用可能か自動的に判定（再利用判定）できれば，アラート分析とレポート作成の大部分を効率化できる．しかし，レポートの再利用判定に既存手法を応用するには，教師データの不足や精度の低さといった課題がある．そこで本稿では，大規模言語モデルと集合間類似度を組み合わせた手法を提案し，教師データが少量でも高精度なレポートの再利用判定を実現する．提案手法では，少量の教師データで fine-tuningしたSentence ALBERT を活用して，レポートとの関連度合いに基づいた重みをアラートに付与する．そして，レポートの根拠となったアラートの集合と判定対象のアラートの集合の重み付き Jaccard 係数が閾値以上であれば，レポートを再利用可能と判定する．本稿では，IoT 機器を模擬した環境で攻撃を実行しながら収集したアラートと人手で作成したレポートを用いて提案手法を評価した．その結果，教師データが少量でも提案手法の True Positive Rate (TPR) と False Positive Rate (FPR) が 80.79% と 3.00% となることを示した．また，FPR ≈ 3.0% のカットオフでは，提案手法の TPR が既存手法よりも 19% 以上高くなることを示した．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告マルチメディア通信と分散処理（DPS）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2024-03-11","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"3","bibliographicVolumeNumber":"2024-DPS-198"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":233287,"links":{}}