{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00092712","sets":["581:7002:7201"]},"path":["7201"],"owner":"11","recid":"92712","title":["Analyzing Spatial Structure of IP Addresses for Detecting Malicious Websites"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-06-15"},"_buckets":{"deposit":"b0641739-a93c-4c3a-875b-2f897753c9d0"},"_deposit":{"id":"92712","pid":{"type":"depid","value":"92712","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"Analyzing Spatial Structure of IP Addresses for Detecting Malicious Websites","author_link":["358559","358566","358564","358560","358563","358562","358561","358565"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Analyzing Spatial Structure of IP Addresses for Detecting Malicious Websites"},{"subitem_title":"Analyzing Spatial Structure of IP Addresses for Detecting Malicious Websites","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集：Applications and the Internet in Conjunction with Main Topics of SAINT 2012] Web/Mail security, computer viruses, machine learning, IP address, drive-by-download attacks","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2013-06-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University"},{"subitem_text_value":"NTT Network Technology Laboratories, NTT Corporation"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University","subitem_text_language":"en"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University","subitem_text_language":"en"},{"subitem_text_value":"NTT Network Technology Laboratories, NTT Corporation","subitem_text_language":"en"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"publish_status":"0","weko_shared_id":11,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/92712/files/IPSJ-JNL5406015.pdf","label":"IPSJ-JNL5406015"},"date":[{"dateType":"Available","dateValue":"2015-06-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5406015.pdf","filesize":[{"value":"1.5 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"4939b320-19f2-4222-a26b-4e6cd7e5907a","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Daiki, Chiba"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazuhiro, Tobe"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tatsuya, Mori"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shigeki, Goto"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Daiki, Chiba","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazuhiro, Tobe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tatsuya, Mori","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shigeki, Goto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Web-based malware attacks have become one of the most serious threats that need to be addressed urgently. Several approaches that have attracted attention as promising ways of detecting such malware include employing one of several blacklists. However, these conventional approaches often fail to detect new attacks owing to the versatility of malicious websites. Thus, it is difficult to maintain up-to-date blacklists with information for new malicious websites. To tackle this problem, this paper proposes a new scheme for detecting malicious websites using the characteristics of IP addresses. Our approach leverages the empirical observation that IP addresses are more stable than other metrics such as URLs and DNS records. While the strings that form URLs or DNS records are highly variable, IP addresses are less variable, i.e., IPv4 address space is mapped onto 4-byte strings. In this paper, a lightweight and scalable detection scheme that is based on machine learning techniques is developed and evaluated. The aim of this study is not to provide a single solution that effectively detects web-based malware but to develop a technique that compensates the drawbacks of existing approaches. The effectiveness of our approach is validated by using real IP address data from existing blacklists and real traffic data on a campus network. The results demonstrate that our scheme can expand the coverage/accuracy of existing blacklists and also detect unknown malicious websites that are not covered by conventional approaches.\n\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.21(2013) No.3 (online)\nDOI http://dx.doi.org/10.2197/ipsjjip.21.539\n------------------------------","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Web-based malware attacks have become one of the most serious threats that need to be addressed urgently. Several approaches that have attracted attention as promising ways of detecting such malware include employing one of several blacklists. However, these conventional approaches often fail to detect new attacks owing to the versatility of malicious websites. Thus, it is difficult to maintain up-to-date blacklists with information for new malicious websites. To tackle this problem, this paper proposes a new scheme for detecting malicious websites using the characteristics of IP addresses. Our approach leverages the empirical observation that IP addresses are more stable than other metrics such as URLs and DNS records. While the strings that form URLs or DNS records are highly variable, IP addresses are less variable, i.e., IPv4 address space is mapped onto 4-byte strings. In this paper, a lightweight and scalable detection scheme that is based on machine learning techniques is developed and evaluated. The aim of this study is not to provide a single solution that effectively detects web-based malware but to develop a technique that compensates the drawbacks of existing approaches. The effectiveness of our approach is validated by using real IP address data from existing blacklists and real traffic data on a campus network. The results demonstrate that our scheme can expand the coverage/accuracy of existing blacklists and also detect unknown malicious websites that are not covered by conventional approaches.\n\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.21(2013) No.3 (online)\nDOI http://dx.doi.org/10.2197/ipsjjip.21.539\n------------------------------","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2013-06-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"6","bibliographicVolumeNumber":"54"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"updated":"2025-01-20T06:47:56.076137+00:00","created":"2025-01-18T23:41:31.142814+00:00","links":{},"id":92712}