{"created":"2025-01-19T01:39:42.439467+00:00","updated":"2025-01-19T08:57:32.721123+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00237207","sets":["1164:6389:11481:11662"]},"path":["11662"],"owner":"44499","recid":"237207","title":["脆弱性情報の関連製品情報を介した接続関係に基づく深刻度予測"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-07-15"},"_buckets":{"deposit":"27de2d75-964f-4d1e-811c-3912049f8f85"},"_deposit":{"id":"237207","pid":{"type":"depid","value":"237207","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"脆弱性情報の関連製品情報を介した接続関係に基づく深刻度予測","author_link":["648935","648934","648936","648933","648942","648939","648940","648938","648941","648937"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"脆弱性情報の関連製品情報を介した接続関係に基づく深刻度予測"},{"subitem_title":"Severity Prediction Based on Connectivity of Vulnerability Information via Related Product Information","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"SPT","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2024-07-15","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"神戸大学"},{"subitem_text_value":"神戸大学"},{"subitem_text_value":"神戸大学"},{"subitem_text_value":"神戸大学"},{"subitem_text_value":"神戸大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/237207/files/IPSJ-SPT24056086.pdf","label":"IPSJ-SPT24056086.pdf"},"date":[{"dateType":"Available","dateValue":"2026-07-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SPT24056086.pdf","filesize":[{"value":"974.6 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"738c4484-9574-4e50-98a5-cec6d05b9ba5","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"平岩, 渉"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"葛野, 弘樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"瀧田, 愼"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"白石, 善明"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"森井, 昌克"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Wataru, Hiraiwa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroki, Kuzuno","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Makoto, Takita","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoshiaki, Shiraishi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masakatu, Morii","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12628305","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8671","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"攻撃目標への侵入を攻撃者が試みる際において，一つの脆弱性のみを攻撃対象とするだけではなく，複数の脆弱性を組み合わせた脆弱性チェイニングと呼ばれる攻撃手法が存在する．したがって，ある製品の脆弱性情報を確認する場合には，一つの脆弱性のみを確認するだけでは不十分な場合がある．我々は，関連した脆弱性情報や製品情報に対するオントロジーを構築することにより，複数の脆弱性情報を網羅的に取得できる検索システムを構築してきている．当該システムでは，脆弱性とそれに紐付く製品情報を任意の範囲まで網羅的に取得することができる．本論文では，当該システムを用いて，新しく発見された脆弱性に関連のあるソフトウェアが持つ CVE の基本スコアから新しい脆弱性の深刻度を予測する手法を提案している．構築した深刻度予測モデルを用いることで深刻度の分類を 55%～64% の Accuracy で予測可能なことを確認した．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"There is a technique called vulnerability chaining, where an attacker does not just target a single vulnerability but combines multiple vulnerabilities to infiltrate a target. Therefore, when checking the vulnerability information of a product, it may be insufficient to check only one vulnerability. We have been constructing a search system that can comprehensively obtain multiple vulnerability information by building an ontology for related vulnerability and product information. This system can comprehensively obtain vulnerability and linked product information to any desired extent. In this paper, we propose a method to predict the severity of newly discovered vulnerabilities using the basic CVE scores of software that has related vulnerabilities, utilizing this system. Using the constructed severity prediction model, we have confirmed that it can predict the severity with an accuracy of 55% to 64% for a classification.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告セキュリティ心理学とトラスト（SPT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2024-07-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"86","bibliographicVolumeNumber":"2024-SPT-56"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":237207,"links":{}}