{"created":"2025-01-18T23:39:40.681132+00:00","updated":"2025-01-21T16:15:01.662346+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00089986","sets":["6164:6165:7006:7065"]},"path":["7065"],"owner":"5","recid":"89986","title":["統計的手法を用いたDoS/DDoS検出手法とその特性"],"pubdate":{"attribute_name":"公開日","attribute_value":"2010-09-06"},"_buckets":{"deposit":"ebaae4db-1005-4c73-a450-309a95ddbb64"},"_deposit":{"id":"89986","pid":{"type":"depid","value":"89986","revision_id":0},"owners":[5],"status":"published","created_by":5},"item_title":"統計的手法を用いたDoS/DDoS検出手法とその特性","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"統計的手法を用いたDoS/DDoS検出手法とその特性"},{"subitem_title":"Dos/DDos Detection Scheme and its Characteristics using Statistical Methods","subitem_title_language":"en"}]},"item_type_id":"18","publish_date":"2010-09-06","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"熊本大学自然科学研究科:八代工業高等専門学校情報電子工学科"},{"subitem_text_value":"東海大学電子知能システム工学科"},{"subitem_text_value":"熊本大学自然科学研究科"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kumamoto University, Graduate School of Science and Technology:Yatsushiro National College of Technology, Department of Information and Electronics Engineering","subitem_text_language":"en"},{"subitem_text_value":"Tokai University, Department of Electronics and Intelligent Systems Engineering","subitem_text_language":"en"},{"subitem_text_value":"Kumamoto University, Graduate School of Science and Technology","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/89986/files/IPSJ-DPSWS2009030.pdf","label":"IPSJ-DPSWS2009030"},"date":[{"dateType":"Available","dateValue":"2010-10-04"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-DPSWS2009030.pdf","filesize":[{"value":"1.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"26f52e7a-b1f2-4330-aa8a-8b874b272d9e","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2009 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"小島, 俊輔"},{"creatorName":"中嶋, 卓雄"},{"creatorName":"末吉, 敏則"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shunsuke, Oshima","creatorNameLang":"en"},{"creatorName":"Takuo, Nakashima","creatorNameLang":"en"},{"creatorName":"Toshinori, Sueyoshi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"DoS（Denial of Service）/DDoS（Distributed DoS）攻撃によるサーバのシステムダウンや踏台などの不正利用を防ぐためには、攻撃が行われていることを早期に検出するための仕組みが必要となる。本研究では、攻撃が行われているか否かの判定について、統計的な手法を用いることで実際に我々の組織に到達したパケットデータを用いて検討を行っている。本稿では、パケット数一定の窓を用いたエントロピーとＸ二乗値によるDoS/DdoS検出を試みる。まず、予備実験によりエントロピーのパラメータである窓幅の攻撃の種類に依存した異なる値を持つ最適値を抽出した。次に、エントロピーおよび差分エントロピーを用いて攻撃検出を試みた。結果、DdoS攻撃では両者、DoS攻撃では前者の値に基づいて攻撃の検出ができた。さらに、擬似的に生成した攻撃パケットを平常時の通信に加えて同様の計算を行ったとろ、窓幅500においてDdoS 20%、DoS 50%の攻撃率でエントロピー値に有意な差が見られた。","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"The early detection mechanism is required to prevent and deter the system down or anomaly access to hijack the host using the DoS (Denial of Service) / DDoS(Distributed DoS) attacks. Our previous work adopted the statistical method to decide whether the target host was under attacks or not analyzing the all incoming packets to our College. In this paper, we propose the DoS/DdoS early detection method using the entropy and the chi-square method with the fixed packet number window. Firstly, pre-experiment was conducted to decide the most effective window size depending on the type of attacks in the calculation of entropy. Secondly, the detection method using the entropy and differential entropy mechanisms were applied to the real data leading that both methods can detect DDoS attacks and the entropy methods can detect DoS attacks. In addition, when pseudo attacking packets were generated in the middle of the normal condition, the entropy value with 500 window size had a significant difference under the 20% attack rate of DDoS and 50% attack rate of DoS.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"214","bibliographic_titles":[{"bibliographic_title":"マルチメディア通信と分散処理ワークショップ論文集"},{"bibliographic_title":"Multimedia Communication and Distributed Processing System Workshop","bibliographic_titleLang":"en"}],"bibliographicPageStart":"209","bibliographicIssueDates":{"bibliographicIssueDate":"2009-09-30","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"2009"}]},"relation_version_is_last":true,"weko_creator_id":"5"},"id":89986,"links":{}}