{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00047151","sets":["1164:4088:4122:4129"]},"path":["4129"],"owner":"1","recid":"47151","title":["DNSサーバのsyslog解析による大量メール送信型ワーム感染端末IPアドレスの特定"],"pubdate":{"attribute_name":"公開日","attribute_value":"2004-03-29"},"_buckets":{"deposit":"7d6833bc-780f-492f-9edb-aa137e31dd26"},"_deposit":{"id":"47151","pid":{"type":"depid","value":"47151","revision_id":0},"owners":[1],"status":"published","created_by":1},"item_title":"DNSサーバのsyslog解析による大量メール送信型ワーム感染端末IPアドレスの特定","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"DNSサーバのsyslog解析による大量メール送信型ワーム感染端末IPアドレスの特定"},{"subitem_title":"Detection of Mass Mailing Worm - infected IP address by Analysis of Syslog for DNS server","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2004-03-29","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"熊本大学総合情報基盤センター"},{"subitem_text_value":"熊本大学総合情報基盤センター"},{"subitem_text_value":"熊本大学総合情報基盤センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Center for Multimedia and Information Technologies, Kumamoto University.","subitem_text_language":"en"},{"subitem_text_value":"Center for Multimedia and Information Technologies, Kumamoto University.","subitem_text_language":"en"},{"subitem_text_value":"Center for Multimedia and Information Technologies, Kumamoto University.","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/47151/files/IPSJ-DSM03032012.pdf"},"date":[{"dateType":"Available","dateValue":"2006-03-29"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-DSM03032012.pdf","filesize":[{"value":"180.0 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2851980e-3438-4fff-9008-20ff55e490a6","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2004 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"松葉, 龍一"},{"creatorName":"武藏, 泰雄"},{"creatorName":"杉谷, 賢一"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Ryuichi, Matsuba","creatorNameLang":"en"},{"creatorName":"Yasuo, Musashi","creatorNameLang":"en"},{"creatorName":"Kenichi, Sugitani","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"熊本大学のトップドメイン-セカンダリDNSサーバのsyslogについて統計解析を行った。我々の得た興味深い結果は以下の通りである: (1)大量メール送信型ワームに感染したPC端末はワーム活動中にAおよびMXレコードパケットをDNSサーバへ送信する。(2)乗っとられたUNIX系のPC端末等はspamリレー活動中にA、MXおよびPTRレコードをDNSサーバへ送信する。以上の結果、DNSサーバのログを監視するだけで大量メール送信型ワームに感染したPC端末を検知可能であることが示された。)","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"The syslog messages of the topdomain-secondary DNS server in Kumamoto University were statistically investigated when infection of mass mailing worm (MMW) like W32/Sobig, W32/Mydoom, and W32/Netsky were increased worldwidely. The interesting results are: (1) The MMW-infected PC terminal sends packets including only both A and MX records to the DNS server when going on MMW-infection. (2) The hijacked/UNIX-like PC terminal transmits packets including A, MX, and PTR records to the DNS server in a spam relay. Therefore, we can detect MMW-infected PC terminals by only monitoring the DNS query traffic from the DNS clients like PC terminals.)","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"72","bibliographic_titles":[{"bibliographic_title":"情報処理学会研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"67","bibliographicIssueDates":{"bibliographicIssueDate":"2004-03-29","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"37(2003-DSM-032)","bibliographicVolumeNumber":"2004"}]},"relation_version_is_last":true,"weko_creator_id":"1"},"id":47151,"updated":"2025-01-22T09:07:35.223869+00:00","links":{},"created":"2025-01-18T23:12:41.896434+00:00"}