{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00234263","sets":["1164:4088:11480:11609"]},"path":["11609"],"owner":"44499","recid":"234263","title":["eBPFを用いたアプリケーション別パケットキャプチャツールの試作と応用"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-05-23"},"_buckets":{"deposit":"887ee4e5-86dc-4559-929f-c033d52bcd99"},"_deposit":{"id":"234263","pid":{"type":"depid","value":"234263","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"eBPFを用いたアプリケーション別パケットキャプチャツールの試作と応用","author_link":["638076","638078","638075","638077"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"eBPFを用いたアプリケーション別パケットキャプチャツールの試作と応用"},{"subitem_title":"eBPF-based application-wise packet capture: a prototype and its application","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ICM3","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2024-05-23","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東北工業大学大学院工学研究科"},{"subitem_text_value":"東北工業大学工学部情報通信工学科"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Tohoku Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Tohoku Institute of Technology","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/234263/files/IPSJ-IOT24065026.pdf","label":"IPSJ-IOT24065026.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT24065026.pdf","filesize":[{"value":"1.8 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"5fcf86fe-3547-478f-8866-0a12fd65b442","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"岡部, 将也"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"角田, 裕"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Masaya, Okabe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroshi, Tsunoda","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"セキュリティインシデントの原因究明においてパケットキャプチャは貴重な情報源である．ホスト上でパケットをキャプチャする際にその送受信元のアプリケーションを併せて把握しておくことができれば，インシデント発生のきっかけとなったアプリケーションの特定を効率化できる．しかし，既存のパケットアナライザはプロトコル解析に特化しているため，直接的にパケットを送受信したアプリケーションを特定できない．そこで，我々はカーネルからユーザ空間までの広範囲の情報を取得可能な技術である eBPF (extended Berkeley Packet Filter) を利用してパケット情報とプロセス情報を関連付けることにより，パケットにアプリケーション名をマッピングした．本稿では，この機能をアプリ別パケットキャプチャツールとして実装し，アプリの通信行動監視と通信アプリの識別の 2 つのユースケースを想定したパケットキャプチャにより有用性を確認する．また，パケット単位のアプリケーション識別の応用について議論する．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Packet capture provides a valuable source of information for investigating the causes of security incidents. If we can identify the applications sending and receiving packets while capturing them on a host, we can streamline the process of determining which application triggered the incident. In this paper, we propose an application-wise packet capture technique based on the eBPF (extended Berkeley Packet Filter) technology. Using the eBPF, we can obtain a wide range of information from the kernel to the user space, associate packet information with process information, and map application names to packets. We developed a prototype of the proposed packet capture tool and confirmed its usefulness through two use cases: monitoring a targeted application’s behavior and identifying the source or destination applications of captured packets. We also discuss the application of packet-level application identification.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2024-05-23","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"26","bibliographicVolumeNumber":"2024-IOT-65"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":234263,"updated":"2025-01-19T09:50:42.846373+00:00","links":{},"created":"2025-01-19T01:36:00.261349+00:00"}