{"id":66485,"updated":"2025-01-22T01:02:46.909475+00:00","links":{},"created":"2025-01-18T23:27:14.119012+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00066485","sets":["581:582:5904"]},"path":["5904"],"owner":"11","recid":"66485","title":["ボットおよび指令サーバのホスト型追跡"],"pubdate":{"attribute_name":"公開日","attribute_value":"2009-09-15"},"_buckets":{"deposit":"f982bedd-ef0c-485e-9376-7deb5a3faab6"},"_deposit":{"id":"66485","pid":{"type":"depid","value":"66485","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"ボットおよび指令サーバのホスト型追跡","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ボットおよび指令サーバのホスト型追跡"},{"subitem_title":"Host-based Traceback against Bot and C&C Server","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"一般論文","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2009-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"株式会社KDDI研究所"},{"subitem_text_value":"株式会社KDDI研究所"},{"subitem_text_value":"株式会社KDDI研究所"},{"subitem_text_value":"静岡大学創造科学大学院"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"KDDI R&D Laboratories","subitem_text_language":"en"},{"subitem_text_value":"KDDI R&D Laboratories","subitem_text_language":"en"},{"subitem_text_value":"KDDI R&D Laboratories","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Science and Technology, Shizuoka University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/66485/files/IPSJ-JNL5009036.pdf"},"date":[{"dateType":"Available","dateValue":"2011-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5009036.pdf","filesize":[{"value":"3.0 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"c133adfd-1e5a-4625-8d19-26c4d1be8a9c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2009 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"竹森, 敬祐"},{"creatorName":"藤長, 昌彦"},{"creatorName":"佐山, 俊哉"},{"creatorName":"西垣, 正勝"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Keisuke, Takemori","creatorNameLang":"en"},{"creatorName":"Masahiko, Fujinaga","creatorNameLang":"en"},{"creatorName":"Toshiya, Sayama","creatorNameLang":"en"},{"creatorName":"Masakatsu, Nishigaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"昨今，指令サーバに制御される多数のボットを踏み台にした送信元IPアドレス詐称パケットによるDDoS攻撃が脅威となっている．ボットは未知のコードが多数あること，感染PCに直接的な被害を及ぼさないことで，その感染が見過ごされてしまう傾向がある．これまで，攻撃の発信源を特定する技術として，インターネット上に専用のプローブを設置して，被害者PCから加害者PCを特定するIP追跡方式が提案されている．しかしボットネットの場合，指令サーバからボットへの制御とボットからの攻撃は，異なる通信アプリケーションで非同期的に行われており，単一の通信プロトコルを想定した既存方式では，指令サーバやボットの追跡を行えないという問題がある．そこで本研究では，(i) 被害者PCからボットへと，(ii) ボットから指令サーバへの両者に対応したホスト型の追跡方式を提案する．(i) は，被害者PCからの申告情報を基に，自身が加害者であることを自己認識するクレームドリブンなボットの追跡方式である．(ii) は，各地のボットの通信履歴から共通する宛先情報を抽出して，活発な指令サーバを特定する連携的な追跡方式である．実際にホスト型追跡システムの実装を行い，感染PC上の異常な通信の特定と，インターネット上の活発な指令サーバの特定を行える様子を示す．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Recently, DDoS attacks involving source IP spoofing have now become critical issues on the Internet. These attacks are considered to be sent from bots that are controlled by command and control (C&C) servers. As many types of unknown bots that only affects the PC slightly are released, users tend to leave them infected. There has been active research into IP traceback systems that probe packets on the Internet. However, efforts to determine traceback from victims' PCs to bots and from bots to C&C servers have not yet been achieved. Because control and attack packets are sent asynchronously, it is hard to grasp the relation between bots and C&C servers. In this research, we propose host-based traceback schemes that track (i) from a victim PC to a bot, and (ii) from the bot to a C&C server. In the case of (i), the victim PC notifies its IP address to another PCs in order to inspect their access records. The notification is considered to be a claim driven traceback scheme. In the case of (ii), bot access records are gathered and compared in order to extract the active IP address considered to be a significant C&C server. The comparison is considered to be a cooperative traceback scheme. We implement our proposed model and evaluate the tracking ability against the bot process on the infected PC and the active C&C servers on the Internet.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"2370","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"2360","bibliographicIssueDates":{"bibliographicIssueDate":"2009-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"50"}]},"relation_version_is_last":true,"weko_creator_id":"11"}}