{"created":"2025-01-19T01:45:27.926368+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00240970","sets":["6164:6165:6462:11854"]},"path":["11854"],"owner":"11","recid":"240970","title":["エントロピーの変化点に基づくネットワークパケットの異常検知"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2024-10-15"},"_buckets":{"deposit":"e27defa6-7c1c-4b50-91f6-0700b84e026a"},"_deposit":{"id":"240970","pid":{"type":"depid","value":"240970","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"エントロピーの変化点に基づくネットワークパケットの異常検知","author_link":["662511","662512","662513","662514","662515","662516"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"エントロピーの変化点に基づくネットワークパケットの異常検知","subitem_title_language":"ja"},{"subitem_title":"Anomaly detection in network packets based on entropy change points","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ネットワークの異常検知, エントロピー, ChangeFinder","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2024-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"大阪公立大学大学院情報学研究科"},{"subitem_text_value":"大阪公立大学大学院情報学研究科"},{"subitem_text_value":"大阪公立大学大学院情報学研究科"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Informatics, Osaka Metropolitan University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Informatics, Osaka Metropolitan University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Informatics, Osaka Metropolitan University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/240970/files/IPSJ-CSS2024224.pdf","label":"IPSJ-CSS2024224.pdf"},"date":[{"dateType":"Available","dateValue":"2026-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2024224.pdf","filesize":[{"value":"1.0 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"dd69e149-d59b-47de-bf1c-319a9206689c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"関, 晃太郎"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"青木, 茂樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"宮本, 貴朗"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kotaro, Seki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shigeki, Aoki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takao, Miyamoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年のサイバー攻撃の増加に伴って，組織内ネットワークに対するサイバー攻撃を検出する侵入検知システム(IDS:Intrusion Detection System) の研究が盛んに行われている．サイバー攻撃のパケットは通常のパケットとは異なり，特にフラグなどで表される特徴量の分布に変化が生じると考えられる．そこで本稿では，パケットから抽出した特徴量の出現割合を基にエントロピーを算出し，エントロピーの変化点に注目してサイバー攻撃を検知する手法を提案する．エントロピーは計算式が単純であるため計算コストが低く，特定の単位時間内で計算できるためリアルタイム処理が容易である．まず，パケットのヘッダからフラグやポート番号など複数の特徴量を抽出する．次に， 抽出した特徴量の出現割合を基にエントロピーを算出し，特徴量ごとのエントロピーの時系列データを作成する．その後，時系列データの変化点をChangeFinder で検出し，異常を検知する．実験では，CICIDS2017 データセットを用いて本手法の有効性を確認した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"With the rise in cyber attacks in recent years, research on intrusion detection systems (IDS) for detecting cyber attacks on internal networks has become increasingly active. When a cyber attack occurs, the packets received differ from regular packets, particularly in the distribution of features represented by flags and other indicators. This paper proposes a method to detect cyber attacks by calculating entropy based on the occurrence rates of features extracted from packets and focusing on changes in entropy. Entropy is computationally inexpensive due to its simple formula and can be calculated within specific time units, making real-time processing feasible. First, multiple features such as flags and port numbers are extracted from packet headers. Then, entropy is calculated based on the occurrence rates of the extracted features, and time-series data of the entropy for each feature is created. Subsequently, change points in the time-series data are detected using ChangeFinder to detect anomalies. The effectiveness of this method was confirmed through experiments using the CICIDS2017 dataset.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1688","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2024論文集"}],"bibliographicPageStart":"1683","bibliographicIssueDates":{"bibliographicIssueDate":"2024-10-15","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":240970,"updated":"2025-03-06T05:59:08.436397+00:00","links":{}}