{"id":61838,"created":"2025-01-18T23:23:54.795675+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00061838","sets":["1164:4088:5648:5649"]},"path":["5649"],"owner":"10","recid":"61838","title":["TCPコネクション確立の偽装とその計数によるscan攻撃検知について"],"pubdate":{"attribute_name":"公開日","attribute_value":"2009-02-26"},"_buckets":{"deposit":"59e970e4-8f2e-4f4d-897b-c7be4f61f45a"},"_deposit":{"id":"61838","pid":{"type":"depid","value":"61838","revision_id":0},"owners":[10],"status":"published","created_by":10},"item_title":"TCPコネクション確立の偽装とその計数によるscan攻撃検知について","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"TCPコネクション確立の偽装とその計数によるscan攻撃検知について"},{"subitem_title":"Scan attack detection using the number of TCP connection establishment by camouflage syn-ack repl","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2009-02-26","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"大分大学大学院工学研究科"},{"subitem_text_value":"大分大学大学院工学研究科"},{"subitem_text_value":"大分大学工学部"},{"subitem_text_value":"大分大学学術情報拠点情報基盤センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Oita University","subitem_text_language":"en"},{"subitem_text_value":"Oita University","subitem_text_language":"en"},{"subitem_text_value":"Oita University","subitem_text_language":"en"},{"subitem_text_value":"Oita University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":10,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/61838/files/IPSJ-IOT09004035.pdf","label":"IPSJ-IOT09004035"},"date":[{"dateType":"Available","dateValue":"2011-02-26"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT09004035.pdf","filesize":[{"value":"631.0 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"328d976c-3f40-4d78-8c44-9f24f101b4fc","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2009 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大塚, 賢治"},{"creatorName":"衣笠, 雄気"},{"creatorName":"兒玉, 清幸"},{"creatorName":"吉田, 和幸"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kenji, Otsuka","creatorNameLang":"en"},{"creatorName":"Yuuki, Kinugasa","creatorNameLang":"en"},{"creatorName":"Kiyoyuki, Kodama","creatorNameLang":"en"},{"creatorName":"Kazuyuki, Yoshida","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"サーバの使用状況や動作しているサービスの調査を行うscan攻撃が後を絶たない｡scan攻撃の場合，宛先のアドレスをランダムに設定しコネクション要求を送るため､応答がないことが多い。このため、存在しないｐアドレスに対してコネクション要求を行なう回数を数えることでscan攻撃を検知することができる．しかしながら,検知したｐアドレスを単純にファイアウォールなどで止めた場合,TCPhalfopen攻鑿のように送信元のIＰアドレスを偽装する可能性が高い攻撃に対して，問題が起こる可能性がある．そこで，ＴＣＰコネクション要求に対して送信元アドレスが偽装されていないか確認するとともに、コネクションが確立したか否かでscan攻撃を検知するシステムを試作した．本稿では、攻撃検知手法と送信元の確認の効果について述べる.","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"There are a lot of scan attacks which look for state of the server or check on service. Scan attacker send TCP connection request to random destination address, so there are seldom answer for them. For this reason, we can detect scan attack by count the number of failed connection request. However if we refuse detected IP address with firewall etc, a problem may occur for attacks like TCP half open attack with fake source IP address. We implement the system which detected scan attacks that we confirm source IP address is not camouflaged for TCP connection demand, and connection successfully or not establishes. In this paper, we describe this attack detection technique and its effect.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"208","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"203","bibliographicIssueDates":{"bibliographicIssueDate":"2009-02-26","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"21(2009-IOT-4)","bibliographicVolumeNumber":"2009"}]},"relation_version_is_last":true,"weko_creator_id":"10"},"updated":"2025-01-21T22:28:29.576488+00:00","links":{}}