ログイン
言語:

WEKO3

  • トップ
  • ランキング
To
lat lon distance
To

Field does not validate



インデックスリンク

インデックスツリー

メールアドレスを入力してください。

WEKO

One fine body…

WEKO

One fine body…

アイテム

{"_buckets": {"deposit": "823670c9-1dc2-4e23-9bf9-6d91e70f3816"}, "_deposit": {"created_by": 3, "id": "6421", "owners": [3], "pid": {"revision_id": 0, "type": "depid", "value": "6421"}, "status": "published"}, "_oai": {"id": "oai:kyutech.repo.nii.ac.jp:00006421", "sets": ["24"]}, "author_link": ["26911", "26916", "26915", "27948", "24131", "26910", "8847"], "item_21_biblio_info_6": {"attribute_name": "書誌情報", "attribute_value_mlt": [{"bibliographicIssueDates": {"bibliographicIssueDate": "2019-09-27", "bibliographicIssueDateType": "Issued"}, "bibliographicPageEnd": "143001", "bibliographicPageStart": "142991", "bibliographicVolumeNumber": "7", "bibliographic_titles": [{"bibliographic_title": "IEEE Access "}]}]}, "item_21_description_4": {"attribute_name": "抄録", "attribute_value_mlt": [{"subitem_description": "Some of the most serious security threats facing computer networks involve malware. To prevent this threat, administrators need to swiftly remove the infected machines from their networks. One common way to detect infected machines in a network is by monitoring communications based on blacklists. However, detection using this method has the following two problems: no blacklist is completely reliable, and blacklists do not provide sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. Therefore, simply matching communications with blacklist entries is insufficient, and administrators should pursue their detection causes by investigating the communications themselves. In this paper, we propose an approach for classifying malicious DNS queries detected through blacklists by their causes. This approach is motivated by the following observation: a malware communication is divided into several transactions, each of which generates queries related to the malware; thus, surrounding queries that occur before and after a malicious query detected through blacklists help in estimating the cause of the malicious query. Our cause-based classification drastically reduces the number of malicious queries to be investigated because the investigation scope is limited to only representative queries in the classification results. In experiments, we have confirmed that our approach could group 388 malicious queries into 3 clusters, each consisting of queries with a common cause. These results indicate that administrators can briefly pursue all the causes by investigating only representative queries of each cluster, and thereby swiftly address the problem of infected machines in the network.", "subitem_description_type": "Abstract"}]}, "item_21_description_60": {"attribute_name": "資源タイプ", "attribute_value_mlt": [{"subitem_description": "Journal Article", "subitem_description_type": "Other"}]}, "item_21_full_name_3": {"attribute_name": "著者別名", "attribute_value_mlt": [{"nameIdentifiers": [{"nameIdentifier": "27948", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "30609376", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000030609376/"}, {"nameIdentifier": "55437344000", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=55437344000"}, {"nameIdentifier": "0000-0003-3178-1041", "nameIdentifierScheme": "ORCiD", "nameIdentifierURI": "https://orcid.org/0000-0003-3178-1041"}, {"nameIdentifier": "100000049", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/100000049_ja.html"}], "names": [{"name": "Satoh,  A."}]}, {"nameIdentifiers": [{"nameIdentifier": "8847", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "40346317", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000040346317/"}, {"nameIdentifier": "56393278900", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=56393278900"}, {"nameIdentifier": "367", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/367_ja.html"}], "names": [{"name": "Nakamura,  Y."}]}, {"nameIdentifiers": [{"nameIdentifier": "24131", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "90372763", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000090372763/"}, {"nameIdentifier": "35811871400", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=35811871400"}, {"nameIdentifier": "0000-0003-0430-0871", "nameIdentifierScheme": "ORCiD", "nameIdentifierURI": "https://orcid.org/0000-0003-0430-0871"}, {"nameIdentifier": "371", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/371_ja.html"}], "names": [{"name": "Fukuda,  Y."}]}, {"nameIdentifiers": [{"nameIdentifier": "26915", "nameIdentifierScheme": "WEKO"}], "names": [{"name": "Sasai,  K."}]}, {"nameIdentifiers": [{"nameIdentifier": "26916", "nameIdentifierScheme": "WEKO"}], "names": [{"name": "Kitagata,  G."}]}]}, "item_21_link_62": {"attribute_name": "研究者情報", "attribute_value_mlt": [{"subitem_link_text": "https://hyokadb02.jimu.kyutech.ac.jp/html/371_ja.html", "subitem_link_url": "https://hyokadb02.jimu.kyutech.ac.jp/html/371_ja.html"}]}, "item_21_publisher_7": {"attribute_name": "出版者", "attribute_value_mlt": [{"subitem_publisher": "IEEE"}]}, "item_21_relation_12": {"attribute_name": "DOI", "attribute_value_mlt": [{"subitem_relation_type": "isIdenticalTo", "subitem_relation_type_id": {"subitem_relation_type_id_text": "https://doi.org/10.1109/ACCESS.2019.2944203", "subitem_relation_type_select": "DOI"}}]}, "item_21_rights_13": {"attribute_name": "権利", "attribute_value_mlt": [{"subitem_rights": "This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/"}]}, "item_21_select_59": {"attribute_name": "査読の有無", "attribute_value_mlt": [{"subitem_select_item": "yes"}]}, "item_21_source_id_8": {"attribute_name": "ISSN", "attribute_value_mlt": [{"subitem_source_identifier": "2169-3536", "subitem_source_identifier_type": "ISSN"}]}, "item_21_subject_16": {"attribute_name": "日本十進分類法", "attribute_value_mlt": [{"subitem_subject": "547", "subitem_subject_scheme": "NDC"}]}, "item_21_text_28": {"attribute_name": "論文ID(連携)", "attribute_value_mlt": [{"subitem_text_value": "10350174"}]}, "item_21_text_36": {"attribute_name": "著者所属", "attribute_value_mlt": [{"subitem_text_value": "Kyushu Institute of Technology, Kitakyushu 804-8550, Japan"}, {"subitem_text_value": "Kyushu Institute of Technology, Kitakyushu 804-8550, Japan"}, {"subitem_text_value": "Kyushu Institute of Technology, Kitakyushu 804-8550, Japan"}, {"subitem_text_value": "Graduate School of Science and Engineering, Ibaraki University, Hitachi 316-8511, Japan"}, {"subitem_text_value": "Research Institute of Electrical Communication, Tohoku University, Sendai 980-8577, Japan"}]}, "item_21_text_63": {"attribute_name": "連携ID", "attribute_value_mlt": [{"subitem_text_value": "8133"}]}, "item_21_version_type_58": {"attribute_name": "著者版フラグ", "attribute_value_mlt": [{"subitem_version_resource": "http://purl.org/coar/version/c_970fb48d4fbd8a85", "subitem_version_type": "VoR"}]}, "item_creator": {"attribute_name": "著者", "attribute_type": "creator", "attribute_value_mlt": [{"creatorNames": [{"creatorName": "Satoh,  Akihiro"}], "nameIdentifiers": [{"nameIdentifier": "27948", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "30609376", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000030609376/"}, {"nameIdentifier": "55437344000", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=55437344000"}, {"nameIdentifier": "0000-0003-3178-1041", "nameIdentifierScheme": "ORCiD", "nameIdentifierURI": "https://orcid.org/0000-0003-3178-1041"}, {"nameIdentifier": "100000049", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/100000049_ja.html"}]}, {"creatorNames": [{"creatorName": "Nakamura,  Yutaka"}], "nameIdentifiers": [{"nameIdentifier": "8847", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "40346317", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000040346317/"}, {"nameIdentifier": "56393278900", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=56393278900"}, {"nameIdentifier": "367", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/367_ja.html"}]}, {"creatorNames": [{"creatorName": "Fukuda,  Yutaka"}], "nameIdentifiers": [{"nameIdentifier": "24131", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "90372763", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000090372763/"}, {"nameIdentifier": "35811871400", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=35811871400"}, {"nameIdentifier": "0000-0003-0430-0871", "nameIdentifierScheme": "ORCiD", "nameIdentifierURI": "https://orcid.org/0000-0003-0430-0871"}, {"nameIdentifier": "371", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/371_ja.html"}]}, {"creatorNames": [{"creatorName": "Sasai,  Kazuto"}], "nameIdentifiers": [{"nameIdentifier": "26910", "nameIdentifierScheme": "WEKO"}]}, {"creatorNames": [{"creatorName": "Kitagata,  Gen"}], "nameIdentifiers": [{"nameIdentifier": "26911", "nameIdentifierScheme": "WEKO"}]}]}, "item_files": {"attribute_name": "ファイル情報", "attribute_type": "file", "attribute_value_mlt": [{"accessrole": "open_date", "date": [{"dateType": "Available", "dateValue": "2020-03-02"}], "displaytype": "detail", "download_preview_message": "", "file_order": 0, "filename": "ACCESS.2019.2944203.pdf", "filesize": [{"value": "7.8 MB"}], "format": "application/pdf", "future_date_message": "", "is_thumbnail": false, "licensetype": "license_free", "mimetype": "application/pdf", "size": 7800000.0, "url": {"label": "ACCESS.2019.2944203.pdf", "url": "https://kyutech.repo.nii.ac.jp/record/6421/files/ACCESS.2019.2944203.pdf"}, "version_id": "169d94e6-4481-4adc-bbd3-88902252401c"}]}, "item_language": {"attribute_name": "言語", "attribute_value_mlt": [{"subitem_language": "eng"}]}, "item_resource_type": {"attribute_name": "資源タイプ", "attribute_value_mlt": [{"resourcetype": "journal article", "resourceuri": "http://purl.org/coar/resource_type/c_6501"}]}, "item_title": "A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists", "item_titles": {"attribute_name": "タイトル", "attribute_value_mlt": [{"subitem_title": "A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists"}]}, "item_type_id": "21", "owner": "3", "path": ["24"], "permalink_uri": "http://hdl.handle.net/10228/00007631", "pubdate": {"attribute_name": "公開日", "attribute_value": "2020-03-02"}, "publish_date": "2020-03-02", "publish_status": "0", "recid": "6421", "relation": {}, "relation_version_is_last": true, "title": ["A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists"], "weko_shared_id": 3}
  1. 学術雑誌論文
  2. 5 技術(工学)

A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists

http://hdl.handle.net/10228/00007631
http://hdl.handle.net/10228/00007631
886e29e9-64dc-4e2f-be60-e5e4fe7bade8
名前 / ファイル ライセンス アクション
ACCESS.2019.2944203.pdf ACCESS.2019.2944203.pdf (7.8 MB)
Item type 学術雑誌論文 = Journal Article(1)
公開日 2020-03-02
タイトル
タイトル A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists
言語
言語 eng
資源タイプ
資源タイプ識別子 http://purl.org/coar/resource_type/c_6501
資源タイプ journal article
著者 Satoh, Akihiro

× Satoh, Akihiro

WEKO 27948
e-Rad 30609376
Scopus著者ID 55437344000
ORCiD 0000-0003-3178-1041
九工大研究者情報 100000049

Satoh, Akihiro

Search repository
Nakamura, Yutaka

× Nakamura, Yutaka

WEKO 8847
e-Rad 40346317
Scopus著者ID 56393278900
九工大研究者情報 367

Nakamura, Yutaka

Search repository
Fukuda, Yutaka

× Fukuda, Yutaka

WEKO 24131
e-Rad 90372763
Scopus著者ID 35811871400
ORCiD 0000-0003-0430-0871
九工大研究者情報 371

Fukuda, Yutaka

Search repository
Sasai, Kazuto

× Sasai, Kazuto

WEKO 26910

Sasai, Kazuto

Search repository
Kitagata, Gen

× Kitagata, Gen

WEKO 26911

Kitagata, Gen

Search repository
抄録
内容記述タイプ Abstract
内容記述 Some of the most serious security threats facing computer networks involve malware. To prevent this threat, administrators need to swiftly remove the infected machines from their networks. One common way to detect infected machines in a network is by monitoring communications based on blacklists. However, detection using this method has the following two problems: no blacklist is completely reliable, and blacklists do not provide sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. Therefore, simply matching communications with blacklist entries is insufficient, and administrators should pursue their detection causes by investigating the communications themselves. In this paper, we propose an approach for classifying malicious DNS queries detected through blacklists by their causes. This approach is motivated by the following observation: a malware communication is divided into several transactions, each of which generates queries related to the malware; thus, surrounding queries that occur before and after a malicious query detected through blacklists help in estimating the cause of the malicious query. Our cause-based classification drastically reduces the number of malicious queries to be investigated because the investigation scope is limited to only representative queries in the classification results. In experiments, we have confirmed that our approach could group 388 malicious queries into 3 clusters, each consisting of queries with a common cause. These results indicate that administrators can briefly pursue all the causes by investigating only representative queries of each cluster, and thereby swiftly address the problem of infected machines in the network.
書誌情報 IEEE Access

巻 7, p. 142991-143001, 発行日 2019-09-27
出版者
出版者 IEEE
ISSN
収録物識別子タイプ ISSN
収録物識別子 2169-3536
DOI
関連タイプ isIdenticalTo
識別子タイプ DOI
関連識別子 https://doi.org/10.1109/ACCESS.2019.2944203
日本十進分類法
主題Scheme NDC
主題 547
権利
権利情報 This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/
版
出版タイプ VoR
出版タイプResource http://purl.org/coar/version/c_970fb48d4fbd8a85
査読の有無
値 yes
研究者情報
https://hyokadb02.jimu.kyutech.ac.jp/html/371_ja.html
連携ID
8133
戻る
0
views
See details
Views

Versions

Ver.1 2023-05-15 12:54:33.918611
Show All versions

Share

Mendeley Twitter Facebook Print Addthis

Cite as

エクスポート

OAI-PMH
  • OAI-PMH JPCOAR
  • OAI-PMH DublinCore
  • OAI-PMH DDI
Other Formats
  • JSON
  • BIBTEX

Confirm


Powered by WEKO3


Powered by WEKO3