{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00098245","sets":["6164:6165:6462:7437"]},"path":["7437"],"owner":"11","recid":"98245","title":["サンドボックス解析結果に基づくURLブラックリスト生成についての一検討"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-10-14"},"_buckets":{"deposit":"1861526c-f4a0-4805-9831-6a62970f53c3"},"_deposit":{"id":"98245","pid":{"type":"depid","value":"98245","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"サンドボックス解析結果に基づくURLブラックリスト生成についての一検討","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"サンドボックス解析結果に基づくURLブラックリスト生成についての一検討"},{"subitem_title":"A Study on Light-Weight URL Blacklist Generation Based on Sandbox Analysis","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア，URLブラックリスト，サンドボックス，テイント解析，出口対策","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2013-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"NTTコミュニケーションズ株式会社"},{"subitem_text_value":"NTTコミュニケーションズ株式会社"},{"subitem_text_value":"NTTコミュニケーションズ株式会社"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"NTT Communications Corporation","subitem_text_language":"en"},{"subitem_text_value":"NTT Communications Corporation","subitem_text_language":"en"},{"subitem_text_value":"NTT Communications Corporation","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/98245/files/IPSJCSS2013051.pdf"},"date":[{"dateType":"Available","dateValue":"2015-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2013051.pdf","filesize":[{"value":"422.9 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"22480892-9635-46ac-8411-a5bde100e60f","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"畑田, 充弘"},{"creatorName":"田中, 恭之"},{"creatorName":"稲積, 孝紀"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Mitsuhiro, Hatada","creatorNameLang":"en"},{"creatorName":"Yasuyuki, Tanaka","creatorNameLang":"en"},{"creatorName":"Takanori, Inazumi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェア感染後の早期検知手法としては、システムログや通信トラフィックによる異常検知があるが、本稿では企業等におけるインターネット通信の代表例であるHTTP通信に着目し、出口対策としてのURLブラックリスト生成方式を提案する。サンドボックス解析結果から得られるマルウェアの通信先URLを用いるが、正常通信によるURLと区別が難しいものもあり、有効な手法としてテイント解析の研究が進んでいる。しかしながら、解析コストなどの課題もあるため、サンドボックス解析結果をもとにシステム情報やユーザ情報の読み取りを条件とした簡易なURLブラックリスト生成方式について、事例を示すとともに課題を考察する。","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"To detect the malware infection in internal network, not only anomaly detection but URL blacklist is also effective method that is focusing on HTTP traffic as typical example of the Internet traffic in organizations. Although URL blacklist can be extracted from the result of the malware analysis by sandbox, some URL are difficult to distinguish them from normal traffic such as checking the Internet reachability to major site. Taint analysis can be effective approach for identifying the malicious URL such as C&C or information leakage, but faces some technical challenges. In this paper, we present a novel approach of URL blacklist generation based on whether the malware read the system information or user credentials or not. We analyze and discuss the cases of our light-weight approach.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"387","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2013論文集"}],"bibliographicPageStart":"382","bibliographicIssueDates":{"bibliographicIssueDate":"2013-10-14","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"4","bibliographicVolumeNumber":"2013"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":98245,"updated":"2025-01-21T12:31:53.382650+00:00","links":{},"created":"2025-01-18T23:44:32.112657+00:00"}