{"created":"2025-01-19T01:45:30.612664+00:00","updated":"2025-03-06T06:12:15.128081+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00240998","sets":["6164:6165:6462:11854"]},"path":["11854"],"owner":"11","recid":"240998","title":["機械学習を用いた異常ログ可視化のための誤検知された正常ログ対策の検討"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2024-10-15"},"_buckets":{"deposit":"776798c0-db53-4ceb-98b4-a045a17e78a8"},"_deposit":{"id":"240998","pid":{"type":"depid","value":"240998","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"機械学習を用いた異常ログ可視化のための誤検知された正常ログ対策の検討","author_link":["662728","662729","662730","662731","662732","662733","662734","662735","662736","662737","662738","662739","662740","662741"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"機械学習を用いた異常ログ可視化のための誤検知された正常ログ対策の検討","subitem_title_language":"ja"},{"subitem_title":"A Consideration of Countermeasures False Detection Normal Logs for Visualization of Abnormal Logs using Machine Learning","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"セキュリティ，フォレンジック，ログ解析","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2024-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京情報大学大学院"},{"subitem_text_value":"日立システムズサイバーセキュリティリサーチセンタ"},{"subitem_text_value":"日立システムズサイバーセキュリティリサーチセンタ"},{"subitem_text_value":"日立システムズ セキュリティ・コアバリュー本部"},{"subitem_text_value":"東京情報大学総合情報学部"},{"subitem_text_value":"東京情報大学総合情報学部"},{"subitem_text_value":"東京情報大学総合情報学部"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Informatics, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Systems, Ltd. Cyber Security Research Center","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Systems, Ltd. Cyber Security Research Center","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Systems, Ltd. Security Core Value Office","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Informatics, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Informatics, Tokyo University of Information Sciences","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Informatics, Tokyo University of Information Sciences","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/240998/files/IPSJ-CSS2024252.pdf","label":"IPSJ-CSS2024252.pdf"},"date":[{"dateType":"Available","dateValue":"2026-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2024252.pdf","filesize":[{"value":"880.7 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"aed84490-27e6-47e0-a4c3-1505da96439c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"磯野, 怜"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"中野, 心太"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"関谷, 信吾"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"折田, 彰"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岸本, 頼紀"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"早稲田, 篤志"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"花田, 真樹"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Rei, Isono","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shinta, Nakano","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shingo, Sekiya","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akira, Orita","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yorinori, Kishimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Atsushi, Waseda","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masaki, Hanada","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"デジタルフォレンジックの攻撃日時調査において，異常ログが含まれる期間をイベントID の文章類似度で分析する方法が提案されている．しかし，この方法では攻撃されていない期間のログが異常と判別されてしまう問題がある．そこで，ログの量とイベントID の出現周期によるフィルタリングを検討する．休日などでログの量が少ない場合に異常と検出される場合はログ数も可視化をすることで対応できる．出現頻度の低い正常なイベントはアップデートや業務における保守などのように一定周期で出現すると考えられる．そこで，出現頻度の低いイベントを無視した場合の変化ついても検討する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In digital forensic attack date and time investigations, a method has been proposed to analyze periods containing abnormal logs using the text similarity of event IDs. However, this method has the problem that logs from periods when there were no attacks may be determined to be abnormal. Therefore, filtering based on the amount of logs and the frequency with which event IDs appear will be considered. If an abnormality is detected when the amount of logs is low, such as on holidays, this can be addressed by visualizing the number of logs. Normal events that occur infrequently are thought to occur at regular intervals, such as during updates or business maintenance. Therefore, we will also consider changes that occur when infrequent events are ignored. ","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1887","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2024論文集"}],"bibliographicPageStart":"1884","bibliographicIssueDates":{"bibliographicIssueDate":"2024-10-15","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":240998,"links":{}}