{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00061460","sets":["1164:3925:5646:5647"]},"path":["5647"],"owner":"10","recid":"61460","title":["AIDにおける異常フロー発信元特定方式"],"pubdate":{"attribute_name":"公開日","attribute_value":"2009-02-26"},"_buckets":{"deposit":"659702aa-60dc-4bca-8945-bc24d4af9baa"},"_deposit":{"id":"61460","pid":{"type":"depid","value":"61460","revision_id":0},"owners":[10],"status":"published","created_by":10},"item_title":"AIDにおける異常フロー発信元特定方式","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"AIDにおける異常フロー発信元特定方式"},{"subitem_title":"A Method for Identifying a Source of Anomalous Flow in Anomaly Intrusion Detection","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2009-02-26","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"三菱電機株式会社情報技術総合研究所"},{"subitem_text_value":"三菱電機株式会社情報技術総合研究所"},{"subitem_text_value":"三菱電機株式会社情報技術総合研究所"},{"subitem_text_value":"三菱電機株式会社情報技術総合研究所"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Information Technology R&D Center , Mitsubishi Electric Corporation","subitem_text_language":"en"},{"subitem_text_value":"Information Technology R&D Center , Mitsubishi Electric Corporation","subitem_text_language":"en"},{"subitem_text_value":"Information Technology R&D Center , Mitsubishi Electric Corporation","subitem_text_language":"en"},{"subitem_text_value":"Information Technology R&D Center , Mitsubishi Electric Corporation","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":10,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/61460/files/IPSJ-CSEC09044028.pdf","label":"IPSJ-CSEC09044028"},"date":[{"dateType":"Available","dateValue":"2011-02-26"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC09044028.pdf","filesize":[{"value":"893.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"f25493ac-7e36-4069-a868-36139950f53a","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2009 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"河内, 清人"},{"creatorName":"北澤, 繁樹"},{"creatorName":"榊原, 裕之"},{"creatorName":"藤井, 誠司"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kiyoto, Kawauchi","creatorNameLang":"en"},{"creatorName":"Shigeki, Kitazawa","creatorNameLang":"en"},{"creatorName":"Hiroyuki, Sakakibara","creatorNameLang":"en"},{"creatorName":"Seiji, Fujii","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"異常検知型のネットワーク侵入検知技術(AID)によって企業内部ネットワークで発生する機密情報の不正なアップロード等を監視する場合、異常検出した後に原因となっている端末の隔離等、即座に対策を打つために異常なトラフィックを発生させている端末が正確に特定できる必要がある。端末数が少数ならば、単純に端末からの通信を個別に異常監視することも可能であるが、ネットワーク規模が大きくなり、端末数が増大するにつれ、このアプローチは計算リソース上困難になる。本稿では上記課題に着目し、観測対象をグループ化して監視対象を削減しつつ異常の発生した端末を特定する方式を提案する。実在するネットワークから収集されたトラフィックデータをもとに評価を行ったところ90%を超える精度で端末の特定に成功した。","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"When using anomaly detection techniques for monitoring enterprise network, it must not only detect anomalous network events, but also identify the cause of them, especially their source terminal in order to react them rapidly. However, it costs too much computational resource to monitor network traffic occurred from each terminal individually. In this paper, we propose a method for solve this challenge. We evaluated our method by a simulation using real traffic data, it resulted more than 90% identification accuracy.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"168","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"163","bibliographicIssueDates":{"bibliographicIssueDate":"2009-02-26","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"20(2009-CSEC-44)","bibliographicVolumeNumber":"2009"}]},"relation_version_is_last":true,"weko_creator_id":"10"},"id":61460,"updated":"2025-01-21T22:37:02.582918+00:00","links":{},"created":"2025-01-18T23:23:39.127807+00:00"}