{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00074778","sets":["6164:6165:6462:6463"]},"path":["6463"],"owner":"5","recid":"74778","title":["TCPフィンガープリントによる悪意のある通信の分析"],"pubdate":{"attribute_name":"公開日","attribute_value":"2009-10-19"},"_buckets":{"deposit":"1e08319e-b0c0-4061-99e6-9302787d81e9"},"_deposit":{"id":"74778","pid":{"type":"depid","value":"74778","revision_id":0},"owners":[5],"status":"published","created_by":5},"item_title":"TCPフィンガープリントによる悪意のある通信の分析","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"TCPフィンガープリントによる悪意のある通信の分析"},{"subitem_title":"Analysis of malicious traffic based on TCP fingerprinting","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"攻撃通信データ","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2009-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"早稲田大学理工学術院基幹理工学研究科"},{"subitem_text_value":"早稲田大学理工学術院基幹理工学研究科"},{"subitem_text_value":"NTT サービスインテグレーション基盤研究所"},{"subitem_text_value":"早稲田大学理工学術院基幹理工学研究科"},{}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"School of Science and Engineering,Waseda University","subitem_text_language":"en"},{"subitem_text_value":"School of Science and Engineering,Waseda University","subitem_text_language":"en"},{"subitem_text_value":"NTT Service Integration Laboratories","subitem_text_language":"en"},{"subitem_text_value":"School of Science and Engineering,Waseda University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/74778/files/IPSJ-CSS2009A62.pdf"},"date":[{"dateType":"Available","dateValue":"2011-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2009A62.pdf","filesize":[{"value":"370.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"88f19c95-6b3c-45ec-827e-dbf2171d477e","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2009 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"木佐森, 幸太"},{"creatorName":"下田, 晃弘"},{"creatorName":"森, 達哉"},{"creatorName":"後藤, 滋樹"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kota, Kisamori","creatorNameLang":"en"},{"creatorName":"Akihiro, Shimoda","creatorNameLang":"en"},{"creatorName":"Tatsuya, Mori","creatorNameLang":"en"},{"creatorName":"Shigeki, Goto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Trojan.Srizbi に代表されるフルカーネル・マルウェア(FKM) は独自のネットワークドライバを実装し，カーネルモードの通信を行うことで監視ツールからの隠匿を試みる．これらのネットワークドライバは独自の実装であるため，既存 OS とは異なる TCP ヘッダの特徴 (フィンガープリント，以下 FP) を有することが知られている．本研究では CCC DATAset の攻撃通信データを分析対象とし，FKM の可能性が高い独自なFP を抽出する．また，その中で出現頻度の高い FP を有する IP アドレス発の通信を詳細に分析する．さらに，発見した FP を他の実ネットワーク計測データに適用し，FKM 感染ホストの実態調査および通信パターン分析を行い，提案した技法の有効性を検討する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Modern full-kernel malware (FKM) such as Trojan.Srizbi is known to have its ownnetwork functionality and use it directly from kernel-mode for evasion purpose, concealing fromrecent alert tools. These network drivers tend to have its own implementation which exhibitsintrinsic TCP fingerprints. We first attempt to extract FKM-possible TCP fingerprints usingCCC (Cyber Clean Center) data sets, then we analyze traffic sequences which have frequretlyoccuredsource IP addresses. We then study the properties of the fingerprints and the activitiesof the hosts that are likely infected with FKM through the analysis of CCC data sets and othertraffic data sets of several production networks.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2009　(CSS2009) 論文集"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2011-10-12","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2009"}]},"relation_version_is_last":true,"weko_creator_id":"5"},"updated":"2025-01-21T21:23:29.355656+00:00","created":"2025-01-18T23:32:09.326376+00:00","links":{},"id":74778}