{"updated":"2025-01-21T15:39:06.875843+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00091266","sets":["934:989:7128:7129"]},"path":["7129"],"owner":"11","recid":"91266","title":["SQLインジェクション攻撃自動検出支援モデルと予測誤差"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-03-12"},"_buckets":{"deposit":"5dbac031-26e5-4e4d-ab4a-d8bf9d007349"},"_deposit":{"id":"91266","pid":{"type":"depid","value":"91266","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"SQLインジェクション攻撃自動検出支援モデルと予測誤差","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"SQLインジェクション攻撃自動検出支援モデルと予測誤差"},{"subitem_title":"Automatic Detection Model of SQL Injection Attacks and Prediction Error","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[オリジナル論文] SQLインジェクション攻撃，攻撃検出モデル，シグモイド関数，予測誤差","subitem_subject_scheme":"Other"}]},"item_type_id":"3","publish_date":"2013-03-12","item_3_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"サイバー大学IT総合学部"}]},"item_3_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Faculty of Information Technology and Business, Cyber University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/91266/files/IPSJ-TOM0601003.pdf"},"date":[{"dateType":"Available","dateValue":"2015-03-12"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-TOM0601003.pdf","filesize":[{"value":"489.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"17"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"f26cd0dc-dfd8-4f49-a017-f364ee88f9b8","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_3_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"松田, 健"}],"nameIdentifiers":[{}]}]},"item_3_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takeshi, Matsuda","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_3_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11464803","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_3_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7780","subitem_source_identifier_type":"ISSN"}]},"item_3_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"SQLインジェクション攻撃はWebアプリケーション攻撃の一種であり，データベース駆動型のWebアプリケーションにとって重大な脅威となっている．SQLインジェクション攻撃を自動検出する試みとして攻撃の文字列に対する構文解析やパターン認識，ブラックリストを用いた検出法が提案されているが，これらの検出法を回避する攻撃が開発されることによってリストが肥大化したり，検出にかかるコストが増加したりするため，攻撃に対処することが容易でなくなってきている．この問題に対し，本研究ではSQLインジェクション攻撃の文字列に含まれる文字を攻撃特徴とする攻撃検出のためのモデルを提案した．さらに提案モデルの誤検出の度合いを測るための予測誤差を定義し，2値判別の問題で広く利用されているシグモイド関数を用いたモデルを定義して提案モデルとの予測誤差を比較した．その結果，提案モデルではシグモイド関数を用いたモデルより予測誤差を小さくできることを示した．","subitem_description_type":"Other"}]},"item_3_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"SQL injection attacks are serious problem to the security of database driven applications. The prevention methods against SQL injection attacks, such as parsing, pattern recognition and blacklist, have been developed, but these techniques may not cope with the evasion of SQL injection attacks detection. Moreover, it is a problem that a ballooning blacklist by updating may result in lowering of the detection performance. In this paper, we proposed a detection model of SQL injection attacks, and defined prediction error to measure the performance of the detection models. Then we compared our proposed model with the detection model applying sigmoid function, and showed that the prediction error of our proposed model is less than the sigmoid model.","subitem_description_type":"Other"}]},"item_3_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"19","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌数理モデル化と応用（TOM）"}],"bibliographicPageStart":"10","bibliographicIssueDates":{"bibliographicIssueDate":"2013-03-12","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"1","bibliographicVolumeNumber":"6"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-18T23:40:34.623898+00:00","id":91266,"links":{}}