{"updated":"2025-01-22T10:10:10.393896+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00045077","sets":["1164:3925:3951:3955"]},"path":["3955"],"owner":"1","recid":"45077","title":["DNSトラフィックとメールサーバのログ解析"],"pubdate":{"attribute_name":"公開日","attribute_value":"2003-02-27"},"_buckets":{"deposit":"5961f763-48fe-41d4-98a9-3c07159e1906"},"_deposit":{"id":"45077","pid":{"type":"depid","value":"45077","revision_id":0},"owners":[1],"status":"published","created_by":1},"item_title":"DNSトラフィックとメールサーバのログ解析","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"DNSトラフィックとメールサーバのログ解析"},{"subitem_title":"Statistical Analysis in Logs of DNS Traffic and E - mail Server","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2003-02-27","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"熊本大学総合情報基盤センター"},{"subitem_text_value":"熊本大学総合情報基盤センター"},{"subitem_text_value":"熊本大学総合情報基盤センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Center for Multimedia and Information Technologies, Kumamoto University","subitem_text_language":"en"},{"subitem_text_value":"Center for Multimedia and Information Technologies, Kumamoto University","subitem_text_language":"en"},{"subitem_text_value":"Center for Multimedia and Information Technologies, Kumamoto University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/45077/files/IPSJ-CSEC02020033.pdf"},"date":[{"dateType":"Available","dateValue":"2005-02-27"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC02020033.pdf","filesize":[{"value":"164.0 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"1851a001-68e9-47d8-8ceb-064e2ebdec26","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2003 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"武藏, 泰雄"},{"creatorName":"松葉, 龍一"},{"creatorName":"杉谷, 賢一"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yasuo, Musashi","creatorNameLang":"en"},{"creatorName":"Ryuichi, Matsuba","creatorNameLang":"en"},{"creatorName":"Kenichi, Sugitani","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Frethem.K等の大量メール送信型ワーム(MMW)の感染拡大が進行している時に、DNS及びE-mailサーバ間のドメイン名前解決UDPパケットの流量およびメールサーバにおけるSMTP access logに関する統計的調査を行なった。我々の得た興味深い結果は以下の通りである:(1) MMWの感染したPC端末が増加すると、配送延期されたE-mail(stat=Deferred)数が増加する。(2) 配送延期されたE-mail数が増加すると見掛け上DNS名前解決(Dq)流量が増加する。これらは未知のMMWが検知されると、多くのE-mailサーバにおいてE-mailの受信を拒否することがしばしば行われるためであると考えられる。その結果、E-mailサーバのDNSサーバに対するDqおよびSMTP syslogを監視することにより、MMWの感染の拡がりを検知可能であることが示唆された。)","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"The DNS query (Dq) traffic between the DNS and E-mail servers of Kumamoto University was statistically investigated when a lot of PC terminal were infected by the mass mailing worm (MMW) like Frethem. K. The interesting results are: (1) The number of the deferred E-mail (stat=Deferred) increases when the MMW infected-PC terminal increases. (2) The Dq traffic increases in appearance when the number of the deferred E-mail increases. This is because a lot of E-mail servers are frequently closed to the E-mail receiving after detection of an unknown MMW. Therefore, we can detect an increase in MMW-infection by monitoring the Dq traffic from the E-mail server to the DNS server and the SMTP syslog of the E-mail server.)","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"190","bibliographic_titles":[{"bibliographic_title":"情報処理学会研究報告コンピュータセキュリティ(CSEC)"}],"bibliographicPageStart":"185","bibliographicIssueDates":{"bibliographicIssueDate":"2003-02-27","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"18(2002-CSEC-020)","bibliographicVolumeNumber":"2003"}]},"relation_version_is_last":true,"weko_creator_id":"1"},"created":"2025-01-18T23:11:06.170216+00:00","id":45077,"links":{}}