{"updated":"2025-01-22T09:11:24.326485+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00047003","sets":["1164:4088:4113:4116"]},"path":["4116"],"owner":"1","recid":"47003","title":["プロトコル異常検知によるAレコード型DNSパケット分散サービス妨害攻撃の阻止"],"pubdate":{"attribute_name":"公開日","attribute_value":"2005-08-05"},"_buckets":{"deposit":"a2bd60f0-378a-46d4-8902-7418437bc9a8"},"_deposit":{"id":"47003","pid":{"type":"depid","value":"47003","revision_id":0},"owners":[1],"status":"published","created_by":1},"item_title":"プロトコル異常検知によるAレコード型DNSパケット分散サービス妨害攻撃の阻止","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"プロトコル異常検知によるAレコード型DNSパケット分散サービス妨害攻撃の阻止"},{"subitem_title":"Prevention of A-record based DNS Query Packets Distributed Denial-of-Service Attack by Protocol Anomaly Detection","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2005-08-05","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"熊本大学総合情報基盤センター"},{"subitem_text_value":"熊本大学総合情報基盤センター"},{"subitem_text_value":"熊本大学総合情報基盤センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Center for Multimedia and Information Technologies, Kumamoto University","subitem_text_language":"en"},{"subitem_text_value":" Center for Multimedia and Information Technologies, Kumamoto University","subitem_text_language":"en"},{"subitem_text_value":" Center for Multimedia and Information Technologies, Kumamoto University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/47003/files/IPSJ-DSM05038005.pdf"},"date":[{"dateType":"Available","dateValue":"2007-08-05"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-DSM05038005.pdf","filesize":[{"value":"187.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"8c121b93-c0e9-4632-a0e0-adbbd937e337","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2005 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"武蔵, 泰雄"},{"creatorName":"松葉龍一"},{"creatorName":"杉谷賢一"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yasuo, Musashi","creatorNameLang":"en"},{"creatorName":"RyuichiMatsuba","creatorNameLang":"en"},{"creatorName":"KenichiSugitani","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"ある大学のDNSサーバに対する大量のDNSアクセスがあり、そのアクセスに含まれるAレコード型DNS区エリパケットのコンテンツについて調査した。その結果、(1)大量のメール送信型ワーム(MMW)のワーム活動やspamメール発信活動に関するAレコード型のDNSクエリパケットのコンテンツには、主として”mail” ”smtp” “mx” “ns” “relay”および”gate” 等のキーワードが含まれていることが判明し、また、(2)スパイウェアやボットウィルスに乗っ取られているとPC端末からのAレコード型DNSクエリパケットのコンテンツには、IPアドレスがキーワードとして直接記述されていることが見い出された。以上の結果から、Aレコード型DNS区エリパケットのクエリコンテンツを監視することで、メール型ワームに感染している、また、ボットネットワークを構成単位としてのPC端末のIPアドレスを検知することが可能であることが判明した。","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"The contents of the A record based DNS query packets between the DNS server and DNS clients in a university were investigated when receiving a large amount of DNS resolution access. The interesting results are: (1) Keywords of “mail”. “smtp”. “mix”. “ns”, “relay”, and “gate” are mainly included in the contents of the A record based DNS query packets from the PC clients that are infected with the Mass Mailing Worm (MMW) and/or hijacked as a spam mail sender, and (2) the IP addresses are directly described in the contents of the A record based DNS query packets from the PC clients that are infected with the spyware or the bot network virus. Therefore, we can clearly detect IP addresses of the PC clients that are the MMW-infected and/or bot network virus by only monitoring the contents of the A record based DNS query packets.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"28","bibliographic_titles":[{"bibliographic_title":"情報処理学会研究報告インターネットと運用技術(IOT)"}],"bibliographicPageStart":"23","bibliographicIssueDates":{"bibliographicIssueDate":"2005-08-05","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"83(2005-DSM-038)","bibliographicVolumeNumber":"2005"}]},"relation_version_is_last":true,"weko_creator_id":"1"},"created":"2025-01-18T23:12:35.131513+00:00","id":47003,"links":{}}