{"created":"2023-05-15T12:17:02.719246+00:00","id":635,"links":{},"metadata":{"_buckets":{"deposit":"12e408b5-af71-4757-8881-2191d74dc2ad"},"_deposit":{"created_by":3,"id":"635","owners":[3],"pid":{"revision_id":0,"type":"depid","value":"635"},"status":"published"},"_oai":{"id":"oai:tuis.repo.nii.ac.jp:00000635","sets":["1:4:193:194"]},"author_link":["2812","2813","2814","2815","2849","2816","2817","2818","2819","2820","2821","2822","2823","2824","2825","2826"],"control_number":"635","item_1701760134620":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"東京情報大学","subitem_publisher_language":"ja"}]},"item_5_biblio_info_12":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicIssueDates":{"bibliographicIssueDate":"2020-10-29","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"1","bibliographicPageEnd":"10","bibliographicPageStart":"1","bibliographicVolumeNumber":"24","bibliographic_titles":[{"bibliographic_title":"東京情報大学研究論集","bibliographic_titleLang":"ja"}]}]},"item_5_description_10":{"attribute_name":"抄録(日)","attribute_value_mlt":[{"subitem_description":"企業のサービス，システムなどの情報を窃取することを目的とする攻撃に関連して，RAT（遠隔操作ツール）による攻撃被害事例などが報告されている．そして，無差別な攻撃のみならず，特定の組織や企業に対象を絞って攻撃を行う標的型攻撃の脅威が増加傾向にあり，感染原因や被害範囲を特定する手法としてデジタル・フォレンジックの重要性が高まっている．本研究では，Windowsを対象として，不正に侵入を受けたシステム上の痕跡情報から，攻撃者が行った一連の攻撃活動を可視化し，マルウェアの攻撃手順，ファイルの改ざんや攻撃者の目的を解析するログ解析支援ツールを開発している．本論文では，インシデント対応時の痕跡情報抽出作業から抽出の判断基準を定義し，ログ解析支援ツールに実装した内容について述べる．次に，平常時に記録されるログからフィルタ処理，ファイル改ざん等の不正な操作が行われた可能性の高いログを抽出して時系列に可視化するタイムライン型のイベントログ可視化機能について報告する．","subitem_description_language":"ja","subitem_description_type":"Other"}]},"item_5_description_11":{"attribute_name":"抄録(英)","attribute_value_mlt":[{"subitem_description":"Several damages caused by RAT （remote access tools） have been reported in association with attacks aimed at stealing information regarding corporate services and systems. In addition to indiscriminate attacks, the threat of targeted attacks aimed at specific organizations and companies is increasing. Digital forensics has therefore become increasingly important as a method for identifying the cause of infection and the extent of damage. Hence, in this research, we developed a log analysis support tool for the Windows operating system to visualize the series of activities performed by an attacker by incorporating trace information obtained from the compromised computer system. Furthermore, the proposed log analysis support tool can analyze the malware’s attack procedure, file tampering, and the attacker’s objective. In this paper, we defined the criteria for extracting trace information while responding to various incidents and accordingly implemented them for the proposed log analysis support tool. Furthermore, we demonstrate a timeline-based event log visualization function that extracts logs having a high probability of illegal operations\n（such as file tampering and filtering of logs recorded at normal times）.","subitem_description_language":"en","subitem_description_type":"Other"}]},"item_5_description_15":{"attribute_name":"表示順","attribute_value_mlt":[{"subitem_description":"1","subitem_description_type":"Other"}]},"item_5_description_2":{"attribute_name":"ページ属性","attribute_value_mlt":[{"subitem_description":"P","subitem_description_type":"Other"}]},"item_5_identifier_registration":{"attribute_name":"ID登録","attribute_value_mlt":[{"subitem_identifier_reg_text":"10.15029/00000624","subitem_identifier_reg_type":"JaLC"}]},"item_5_relation_1":{"attribute_name":"雑誌書誌ID","attribute_value_mlt":[{"subitem_relation_name":[{"subitem_relation_name_language":"ja","subitem_relation_name_text":"不正アクセスの痕跡情報を用いたタイムライン型イベントログ可視化機能の開発"}],"subitem_relation_type":"isPartOf","subitem_relation_type_id":{"subitem_relation_type_id_text":"10.15029/00000624","subitem_relation_type_select":"DOI"}}]},"item_5_rights_18":{"attribute_name":"ライセンス","attribute_value_mlt":[{"subitem_rights":"TUIS"}]},"item_5_source_id_1":{"attribute_name":"雑誌書誌ID","attribute_value_mlt":[{"subitem_source_identifier":"AA11155514","subitem_source_identifier_type":"NCID"}]},"item_5_text_6":{"attribute_name":"著者所属(日)","attribute_value_mlt":[{"subitem_text_language":"ja","subitem_text_value":"東京情報大学大学院総合情報学研究科"},{"subitem_text_language":"ja","subitem_text_value":"東京情報大学総合情報学部"},{"subitem_text_language":"ja","subitem_text_value":"株式会社日立システムズ サイバーセキュリティリサーチセンタ"}]},"item_5_text_7":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_language":"en","subitem_text_value":"Graduate School of Informatics, Tokyo University of Information Sciences"},{"subitem_text_language":"en","subitem_text_value":"Faculty of Informatics, Tokyo University of Information Sciences"},{"subitem_text_language":"en","subitem_text_value":"Hitachi Systems, Ltd. Cyber Security Research Center"}]},"item_creator":{"attribute_name":"著者","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"中野, 心太","creatorNameLang":"ja"},{"creatorName":"ナカノ, シンタ","creatorNameLang":"ja-Kana"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"早稲田, 篤志","creatorNameLang":"ja"},{"creatorName":"ワセダ, アツシ","creatorNameLang":"ja-Kana"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"村上, 洋一","creatorNameLang":"ja"},{"creatorName":"ムラカミ, ヨウイチ","creatorNameLang":"ja-Kana"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岸本, 頼紀","creatorNameLang":"ja"},{"creatorName":"キシモト, ヨリノリ","creatorNameLang":"ja-Kana"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"花田, 真樹","creatorNameLang":"ja"},{"creatorName":"ハナダ, マサキ","creatorNameLang":"ja-Kana"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"関口, 竜也","creatorNameLang":"ja"},{"creatorName":"セキグチ, タツヤ","creatorNameLang":"ja-Kana"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"折田, 彰","creatorNameLang":"ja"},{"creatorName":"オリタ, アキラ","creatorNameLang":"ja-Kana"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"布広, 永示","creatorNameLang":"ja"},{"creatorName":"ヌノヒロ, エイジ","creatorNameLang":"ja-Kana"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"NAKANO, Shinta","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"WASEDA, Atsushi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Murakami, Yoichi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kishimoto, Yorinori","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hanada, Masaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Sekiguchi, Tatsuya","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Orita, Akira","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Nunohiro, Eiji","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_files":{"attribute_name":"ファイル情報","attribute_type":"file","attribute_value_mlt":[{"accessrole":"open_access","date":[{"dateType":"Available","dateValue":"2023-06-21"}],"displaytype":"detail","filename":"r24-1-1.pdf","filesize":[{"value":"833 KB"}],"format":"application/pdf","license_note":"TUIS","licensetype":"license_note","mimetype":"application/pdf","url":{"label":"r24-1-1.pdf","url":"https://tuis.repo.nii.ac.jp/record/635/files/r24-1-1.pdf"},"version_id":"e3e315f1-2aec-47c1-a930-ea23200ceb17"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"イベントログ","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"デジタル・フォレンジック","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"タイムライン","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"ラテラルムーブメント","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"Malware","subitem_subject_language":"en","subitem_subject_scheme":"Other"},{"subitem_subject":"Event Log","subitem_subject_language":"en","subitem_subject_scheme":"Other"},{"subitem_subject":"Digital Forensics","subitem_subject_language":"en","subitem_subject_scheme":"Other"},{"subitem_subject":"Timeline","subitem_subject_language":"en","subitem_subject_scheme":"Other"},{"subitem_subject":"Lateral Movement","subitem_subject_language":"en","subitem_subject_scheme":"Other"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourcetype":"departmental bulletin paper","resourceuri":"http://purl.org/coar/resource_type/c_6501"}]},"item_title":"不正アクセスの痕跡情報を用いたタイムライン型イベントログ可視化機能の開発","item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"不正アクセスの痕跡情報を用いたタイムライン型イベントログ可視化機能の開発","subitem_title_language":"ja"},{"subitem_title":"Development of Timeline-Based Event Log Visualization Function Using Traces of Unauthorized Access","subitem_title_language":"en"}]},"item_type_id":"5","owner":"3","path":["194"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2020-10-29"},"publish_date":"2020-10-29","publish_status":"0","recid":"635","relation_version_is_last":true,"title":["不正アクセスの痕跡情報を用いたタイムライン型イベントログ可視化機能の開発"],"weko_creator_id":"3","weko_shared_id":-1},"updated":"2023-12-21T02:18:26.512117+00:00"}