@inproceedings{oai:ipsj.ixsq.nii.ac.jp:00240998,
 author = {磯野, 怜 and 中野, 心太 and 関谷, 信吾 and 折田, 彰 and 岸本, 頼紀 and 早稲田, 篤志 and 花田, 真樹 and Rei, Isono and Shinta, Nakano and Shingo, Sekiya and Akira, Orita and Yorinori, Kishimoto and Atsushi, Waseda and Masaki, Hanada},
 book = {コンピュータセキュリティシンポジウム2024論文集},
 month = {Oct},
 note = {デジタルフォレンジックの攻撃日時調査において，異常ログが含まれる期間をイベントID の文章類似度で分析する方法が提案されている．しかし，この方法では攻撃されていない期間のログが異常と判別されてしまう問題がある．そこで，ログの量とイベントID の出現周期によるフィルタリングを検討する．休日などでログの量が少ない場合に異常と検出される場合はログ数も可視化をすることで対応できる．出現頻度の低い正常なイベントはアップデートや業務における保守などのように一定周期で出現すると考えられる．そこで，出現頻度の低いイベントを無視した場合の変化ついても検討する．, In digital forensic attack date and time investigations, a method has been proposed to analyze periods containing abnormal logs using the text similarity of event IDs. However, this method has the problem that logs from periods when there were no attacks may be determined to be abnormal. Therefore, filtering based on the amount of logs and the frequency with which event IDs appear will be considered. If an abnormality is detected when the amount of logs is low, such as on holidays, this can be addressed by visualizing the number of logs. Normal events that occur infrequently are thought to occur at regular intervals, such as during updates or business maintenance. Therefore, we will also consider changes that occur when infrequent events are ignored.},
 pages = {1884--1887},
 publisher = {情報処理学会},
 title = {機械学習を用いた異常ログ可視化のための誤検知された正常ログ対策の検討},
 year = {2024}
}