{"links":{},"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00034031","sets":["1164:2836:2837:2841"]},"path":["2841"],"owner":"1","recid":"34031","title":["DNS ログに注目した詐称 IP 探索"],"pubdate":{"attribute_name":"公開日","attribute_value":"2008-03-06"},"_buckets":{"deposit":"3f5abf6b-eb3b-4c6f-a5b8-bf85a45ddcae"},"_deposit":{"id":"34031","pid":{"type":"depid","value":"34031","revision_id":0},"owners":[1],"status":"published","created_by":1},"item_title":"DNS ログに注目した詐称 IP 探索","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"DNS ログに注目した詐称 IP 探索"},{"subitem_title":"IP Traceback using DNS Log","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2008-03-06","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"KDDI 研究所"},{"subitem_text_value":"KDDI 研究所"},{"subitem_text_value":"静岡大学創造科学技術大学院"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"KDDI R&D Laboratories Inc.","subitem_text_language":"en"},{"subitem_text_value":"KDDI R&D Laboratories Inc.","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/34031/files/IPSJ-DPS08134011.pdf"},"date":[{"dateType":"Available","dateValue":"2010-03-06"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-DPS08134011.pdf","filesize":[{"value":"632.4 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"34"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"e5716109-fe04-4fe3-867d-8feeb3c58e42","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2008 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"竹森, 敬祐"},{"creatorName":"藤長, 昌彦"},{"creatorName":"西垣, 正勝"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Keisuke, Takemori","creatorNameLang":"en"},{"creatorName":"Masahiko, Fujinaga","creatorNameLang":"en"},{"creatorName":"Masakatsu, Nishigaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN10116224","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Source IP を詐称した攻撃対策として，ネットワークを通過する攻撃パケットを被害者側 (Destination) から加害者側 (Source) へと遡って追跡する IP トレースバックが注目されている．しかし，トレースバックに必要な機能を，通信経路上の多数のルータに組み込むこと，もしくは専用の装置を多数設置することが導入への障壁となっている．そこで本研究では，既存の DNS サーバのログ，もしくは，DNS 通信のみをキャプチャする装置だけで Source IP を探し出す，詐称 IP 探索方式を提案する．これは，攻撃の直前に被害者ホストの Fully Qualified Domain Name (FQDN)に該当する Destination IP を DNS サーバに問い合わせたログから，Source IP を探し出す手法である．また，Source IP が詐称されていることを，通信に関与しないドメインに漏洩しないように，Source IP と FQDN のハッシュ値を用いて確認する手法と，複数の DNS ログを照合することで探索結果の信頼性を向上させる手法についても検討する．本手法の有効性を確認するために，Bot から発信されるパケットを収集することで，DNS 検索型の攻撃割合を調査する．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"An IP traceback system that tracks a spoofing packet from a victim (destination host) to an attacker (source host) has been active researched against IP spoofing attacks. However, it is hard to implement a tracking function or probe on many routers that connect the source host to the destination host on the Internet. In this research, we propose a simple IP traceback scheme that finds a victim FQDN event with attacker IP on DNS server or DNS probe logs. It assumes that most source hosts retrieve destination FQDN before spoofing attacks. The spoofing attacks are confirmed with a hash function calculated with the source IP and the victim FQDN to prevent leakage of communication record. We also consider that the reliability of traceback results can be gained to check multiple traceback results. Efficiency of our scheme is confirmed to investigate bot communication patterns that include DNS queries.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"66","bibliographic_titles":[{"bibliographic_title":"情報処理学会研究報告マルチメディア通信と分散処理（DPS）"}],"bibliographicPageStart":"61","bibliographicIssueDates":{"bibliographicIssueDate":"2008-03-06","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"21(2008-DPS-134)","bibliographicVolumeNumber":"2008"}]},"relation_version_is_last":true,"weko_creator_id":"1"},"updated":"2025-01-22T15:24:06.188240+00:00","created":"2025-01-18T23:02:43.115867+00:00","id":34031}