{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00091052","sets":["1164:3925:7119:7120"]},"path":["7120"],"owner":"11","recid":"91052","title":["おとりを用いた標的型攻撃の検知手法について"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-03-07"},"_buckets":{"deposit":"7e0b4e7d-1ad0-4a4d-88ad-63c7cb8fe40d"},"_deposit":{"id":"91052","pid":{"type":"depid","value":"91052","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"おとりを用いた標的型攻撃の検知手法について","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"おとりを用いた標的型攻撃の検知手法について"},{"subitem_title":"A Detection Technique of a Targeted Attack Using a Decoy","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"サイバー攻撃への対応","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2013-03-07","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"三菱電機株式会社情報技術総合研究所"},{"subitem_text_value":"三菱電機株式会社情報技術総合研究所"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Mitsubishi Electric Corporation, Information Technology R&D Center","subitem_text_language":"en"},{"subitem_text_value":"Mitsubishi Electric Corporation, Information Technology R&D Center","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/91052/files/IPSJ-CSEC13060019.pdf"},"date":[{"dateType":"Available","dateValue":"2015-03-07"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC13060019.pdf","filesize":[{"value":"727.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"6766e997-98e8-4acc-81b6-1ebe949d97d1","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"北澤, 繁樹"},{"creatorName":"桜井, 鐘治"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shigeki, Kitazawa","creatorNameLang":"en"},{"creatorName":"Shoji, Sakurai","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，標的型攻撃が増えている．標的型攻撃とは，標的とする組織や個人を絞り込み，ソーシアルエンジニアリングによってユーザを巧みに騙してプログラムをダウンロード・実行させたり，未知の脆弱性を悪用したりといった手口で標的固有のマルウェアを組織内部の端末へ感染させることにより，機密情報の窃取などを行なうことを目的とした攻撃である．対策としては，これまで行われてきたような，侵入自体を防ぐための入口対策に加え，仮に入口対策が突破され，侵入されてしまった場合であっても情報漏洩の被害を防ぐための出口対策の強化が指摘されている．本論文では，入口対策と出口対策の中間にあたる，標的内部の情報システムにおける攻撃者の活動を検知することを目的として，ファイルサーバ上に 「おとり」 となる，ファイルやフォルダを配置しておき，おとりへのアクセスを基に標的型攻撃を検知する方式を提案する．提案方式では，おとりへアクセスしたユーザの挙動が標的型攻撃における一連の事象と照らし合わせて，おとりへのアクセスが標的型攻撃によるものかどうかを判断する．これにより，重大な被害がでる前に，標的型攻撃への対策をとることができるようになる．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Recently, a targeted attack is increasing. The targeted attack is one that seeks to breach the security measures of a specific individual or organization. Usually the initial attack, conducted to gain access to a computer or network, is followed by a further exploit designed to cause harm or, more frequently, steal data. Countermeasures for the targeted attack are prevention of intrusions at entrance of network, and prevention of information leakage from network exit. In this paper, we propose a countermeasure which uses decoys of file or folder on a fileserver. In our method, we decide whether the targeted attack is occurring or not, by user's illegal actions who accessed to the decoy. From this reason, we are able to take another countermeasure before serious damage comes out.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2013-03-07","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"19","bibliographicVolumeNumber":"2013-CSEC-60"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":91052,"updated":"2025-01-21T15:44:17.207457+00:00","links":{},"created":"2025-01-18T23:40:25.485023+00:00"}