{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00074785","sets":["6164:6165:6462:6463"]},"path":["6463"],"owner":"5","recid":"74785","title":["侵入挙動の反復性によるボット検知方式"],"pubdate":{"attribute_name":"公開日","attribute_value":"2009-10-19"},"_buckets":{"deposit":"9fcc0e1c-af3c-4789-ab78-bdd4f62e0f86"},"_deposit":{"id":"74785","pid":{"type":"depid","value":"74785","revision_id":0},"owners":[5],"status":"published","created_by":5},"item_title":"侵入挙動の反復性によるボット検知方式","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"侵入挙動の反復性によるボット検知方式"},{"subitem_title":"A bot detection based on the repetitiveness of intrusion","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア検体","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2009-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"静岡大学大学院情報学研究科"},{"subitem_text_value":"株式会社KDDI研究所"},{"subitem_text_value":"独立行政法人情報通信研究機構情報通信セキュリティ研究センター"},{"subitem_text_value":"静岡大学創造科学技術大学院"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate school of Informatics","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"KDDI R&D Laboratories, Inc.","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communication Technology","subitem_text_language":"en"},{"subitem_text_value":"Tracable Network Group","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Science and Technology","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/74785/files/IPSJ-CSS2009A81.pdf"},"date":[{"dateType":"Available","dateValue":"2011-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2009A81.pdf","filesize":[{"value":"437.3 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"0d6d48cc-6c07-46d6-8ba2-91a10ec27dfc","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2009 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"酒井, 崇裕"},{"creatorName":"竹森, 敬祐"},{"creatorName":"安藤, 類央"},{"creatorName":"西垣, 正勝"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takahiro, Sakai","creatorNameLang":"en"},{"creatorName":"Keisuke, Takemori","creatorNameLang":"en"},{"creatorName":"Ruo, Ando","creatorNameLang":"en"},{"creatorName":"Masakatsu, Nishigaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"ボットは巧妙な手段で PC 内に潜伏するため正規プロセスとの切り分けが難しく， ボット検知のためにはボットの本質を捉えたビヘイビアの発見が求められる．ほとんどのボットにとって，システムフォルダ内に侵入し，自身を OS の自動実行リストに登録すること （以下，侵入挙動） は非常に重要なアクションとなっている．このため，環境に応じて侵入挙動と攻撃挙動を使い分けるボットであれば，実行環境を感染初期の状態に戻してやることによって，侵入挙動が再び観測される．また，単純に侵入挙動と攻撃挙動を行い続けるボットであれば，侵入挙動が常に観測される．そこで本研究では，このボットの「侵入挙動の反復性」をボットの本質的なビヘイビアと定義し，これを利用してボットを検出する方式を提案する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Due to bot’s sophisticated techniques for hiding itself, it is difficult to distinguish the bot's malicious process from legitimate process. Hence it is quite essential for bot detection to find bot’s inevitable behaviors. For almost all bots, intrusion into system directory and registration themselves to auto run list are key function which they should equip to stay alive themselves in PC. Therefore, a clever bot, which has both intrusion and attack behaviors and separate them according to the execution environment, will exhibit again its intrusion behavior as long as its environment is restored to pre-intrusion state. Needless to add, a naive bot, which simply iterates intrusion and attack behaviors, will always show its intrusion behavior. Therefore in this paper, we focus on this characteristic of “the repetitiveness of intrusion” as a bot’s inevitable behavior and propose a bot detection scheme to utilize the characteristic.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2009　(CSS2009) 論文集"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2011-10-12","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2009"}]},"relation_version_is_last":true,"weko_creator_id":"5"},"id":74785,"updated":"2025-01-21T21:23:42.324198+00:00","links":{},"created":"2025-01-18T23:32:09.658689+00:00"}