{"created":"2023-05-15T11:59:49.048683+00:00","id":6421,"links":{},"metadata":{"_buckets":{"deposit":"823670c9-1dc2-4e23-9bf9-6d91e70f3816"},"_deposit":{"created_by":3,"id":"6421","owners":[3],"pid":{"revision_id":0,"type":"depid","value":"6421"},"status":"published"},"_oai":{"id":"oai:kyutech.repo.nii.ac.jp:00006421","sets":["8:24"]},"author_link":["26915","24131","26916","8847","26911","27948","26910"],"item_21_biblio_info_6":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicIssueDates":{"bibliographicIssueDate":"2019-09-27","bibliographicIssueDateType":"Issued"},"bibliographicPageEnd":"143001","bibliographicPageStart":"142991","bibliographicVolumeNumber":"7","bibliographic_titles":[{"bibliographic_title":"IEEE Access "}]}]},"item_21_description_4":{"attribute_name":"抄録","attribute_value_mlt":[{"subitem_description":"Some of the most serious security threats facing computer networks involve malware. To prevent this threat, administrators need to swiftly remove the infected machines from their networks. One common way to detect infected machines in a network is by monitoring communications based on blacklists. However, detection using this method has the following two problems: no blacklist is completely reliable, and blacklists do not provide sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. Therefore, simply matching communications with blacklist entries is insufficient, and administrators should pursue their detection causes by investigating the communications themselves. In this paper, we propose an approach for classifying malicious DNS queries detected through blacklists by their causes. This approach is motivated by the following observation: a malware communication is divided into several transactions, each of which generates queries related to the malware; thus, surrounding queries that occur before and after a malicious query detected through blacklists help in estimating the cause of the malicious query. Our cause-based classification drastically reduces the number of malicious queries to be investigated because the investigation scope is limited to only representative queries in the classification results. In experiments, we have confirmed that our approach could group 388 malicious queries into 3 clusters, each consisting of queries with a common cause. These results indicate that administrators can briefly pursue all the causes by investigating only representative queries of each cluster, and thereby swiftly address the problem of infected machines in the network.","subitem_description_type":"Abstract"}]},"item_21_description_60":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"subitem_description":"Journal Article","subitem_description_type":"Other"}]},"item_21_full_name_3":{"attribute_name":"著者別名","attribute_value_mlt":[{"affiliations":[{"affiliationNames":[{"affiliationName":"","lang":"ja"}],"nameIdentifiers":[]}],"familyNames":[{"familyName":"Sato","familyNameLang":"en"},{"familyName":"佐藤","familyNameLang":"ja"},{"familyName":"サトウ","familyNameLang":"ja-Kana"}],"givenNames":[{"givenName":"Akihiro","givenNameLang":"en"},{"givenName":"彰洋","givenNameLang":"ja"},{"givenName":"アキヒロ","givenNameLang":"ja-Kana"}],"nameIdentifiers":[{"nameIdentifier":"27948","nameIdentifierScheme":"WEKO"},{"nameIdentifier":"30609376","nameIdentifierScheme":"e-Rad","nameIdentifierURI":"https://nrid.nii.ac.jp/ja/nrid/1000030609376"},{"nameIdentifier":"55437344000","nameIdentifierScheme":"Scopus著者ID","nameIdentifierURI":"https://www.scopus.com/authid/detail.uri?authorId=55437344000"},{"nameIdentifier":"0000-0003-3178-1041","nameIdentifierScheme":"ORCiD","nameIdentifierURI":"https://orcid.org/0000-0003-3178-1041"},{"nameIdentifier":"100000049","nameIdentifierScheme":"九工大研究者情報","nameIdentifierURI":"https://hyokadb02.jimu.kyutech.ac.jp/html/100000049_ja.html"}],"names":[{"name":"Sato, Akihiro","nameLang":"en"},{"name":"佐藤, 彰洋","nameLang":"ja"},{"name":"サトウ, アキヒロ","nameLang":"ja-Kana"}]},{"affiliations":[{"affiliationNames":[{"affiliationName":"","lang":"ja"}],"nameIdentifiers":[]}],"familyNames":[{"familyName":"Nakamura","familyNameLang":"en"},{"familyName":"中村","familyNameLang":"ja"},{"familyName":"ナカムラ","familyNameLang":"ja-Kana"}],"givenNames":[{"givenName":"Yutaka","givenNameLang":"en"},{"givenName":"豊","givenNameLang":"ja"},{"givenName":"ユタカ","givenNameLang":"ja-Kana"}],"nameIdentifiers":[{"nameIdentifier":"8847","nameIdentifierScheme":"WEKO"},{"nameIdentifier":"40346317","nameIdentifierScheme":"e-Rad","nameIdentifierURI":"https://nrid.nii.ac.jp/ja/nrid/1000040346317"},{"nameIdentifier":"56393278900","nameIdentifierScheme":"Scopus著者ID","nameIdentifierURI":"https://www.scopus.com/authid/detail.uri?authorId=56393278900"},{"nameIdentifier":"367","nameIdentifierScheme":"九工大研究者情報","nameIdentifierURI":"https://hyokadb02.jimu.kyutech.ac.jp/html/367_ja.html"}],"names":[{"name":"Nakamura, Yutaka","nameLang":"en"},{"name":"中村, 豊","nameLang":"ja"},{"name":"ナカムラ, ユタカ","nameLang":"ja-Kana"}]},{"affiliations":[{"affiliationNames":[{"affiliationName":"","lang":"ja"}],"nameIdentifiers":[]}],"familyNames":[{"familyName":"Fukuda","familyNameLang":"en"},{"familyName":"福田","familyNameLang":"ja"},{"familyName":"フクダ","familyNameLang":"ja-Kana"}],"givenNames":[{"givenName":"Yutaka","givenNameLang":"en"},{"givenName":"豊","givenNameLang":"ja"},{"givenName":"ユタカ","givenNameLang":"ja-Kana"}],"nameIdentifiers":[{"nameIdentifier":"24131","nameIdentifierScheme":"WEKO"},{"nameIdentifier":"90372763","nameIdentifierScheme":"e-Rad","nameIdentifierURI":"https://nrid.nii.ac.jp/ja/nrid/1000090372763"},{"nameIdentifier":"35811871400","nameIdentifierScheme":"Scopus著者ID","nameIdentifierURI":"https://www.scopus.com/authid/detail.uri?authorId=35811871400"},{"nameIdentifier":"0000-0003-0430-0871","nameIdentifierScheme":"ORCiD","nameIdentifierURI":"https://orcid.org/0000-0003-0430-0871"},{"nameIdentifier":"371","nameIdentifierScheme":"九工大研究者情報","nameIdentifierURI":"https://hyokadb02.jimu.kyutech.ac.jp/html/371_ja.html"}],"names":[{"name":"Fukuda, Yutaka","nameLang":"en"},{"name":"福田, 豊","nameLang":"ja"},{"name":"フクダ, ユタカ","nameLang":"ja-Kana"}]},{"nameIdentifiers":[{"nameIdentifier":"26915","nameIdentifierScheme":"WEKO"}],"names":[{"name":"Sasai,  K."}]},{"nameIdentifiers":[{"nameIdentifier":"26916","nameIdentifierScheme":"WEKO"}],"names":[{"name":"Kitagata,  G."}]}]},"item_21_link_62":{"attribute_name":"研究者情報","attribute_value_mlt":[{"subitem_link_url":"https://hyokadb02.jimu.kyutech.ac.jp/html/371_ja.html"}]},"item_21_publisher_7":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"IEEE"}]},"item_21_relation_12":{"attribute_name":"DOI","attribute_value_mlt":[{"subitem_relation_type":"isIdenticalTo","subitem_relation_type_id":{"subitem_relation_type_id_text":"https://doi.org/10.1109/ACCESS.2019.2944203","subitem_relation_type_select":"DOI"}}]},"item_21_rights_13":{"attribute_name":"権利","attribute_value_mlt":[{"subitem_rights":"This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/"}]},"item_21_select_59":{"attribute_name":"査読の有無","attribute_value_mlt":[{"subitem_select_item":"yes"}]},"item_21_source_id_8":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2169-3536","subitem_source_identifier_type":"ISSN"}]},"item_21_subject_16":{"attribute_name":"日本十進分類法","attribute_value_mlt":[{"subitem_subject":"547","subitem_subject_scheme":"NDC"}]},"item_21_text_28":{"attribute_name":"論文ID（連携）","attribute_value_mlt":[{"subitem_text_value":"10350174"}]},"item_21_text_36":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Kyushu Institute of Technology, Kitakyushu 804-8550, Japan"},{"subitem_text_value":"Kyushu Institute of Technology, Kitakyushu 804-8550, Japan"},{"subitem_text_value":"Kyushu Institute of Technology, Kitakyushu 804-8550, Japan"},{"subitem_text_value":"Graduate School of Science and Engineering, Ibaraki University, Hitachi 316-8511, Japan"},{"subitem_text_value":"Research Institute of Electrical Communication, Tohoku University, Sendai 980-8577, Japan"}]},"item_21_text_63":{"attribute_name":"連携ID","attribute_value_mlt":[{"subitem_text_value":"8133"}]},"item_21_version_type_58":{"attribute_name":"著者版フラグ","attribute_value_mlt":[{"subitem_version_resource":"http://purl.org/coar/version/c_970fb48d4fbd8a85","subitem_version_type":"VoR"}]},"item_creator":{"attribute_name":"著者","attribute_type":"creator","attribute_value_mlt":[{"creatorAffiliations":[{"affiliationNameIdentifiers":[],"affiliationNames":[{"affiliationName":""}]}],"creatorNames":[{"creatorName":"Sato, Akihiro","creatorNameLang":"en"},{"creatorName":"佐藤, 彰洋","creatorNameLang":"ja"},{"creatorName":"サトウ, アキヒロ","creatorNameLang":"ja-Kana"}],"familyNames":[{},{},{}],"givenNames":[{},{},{}],"nameIdentifiers":[{},{},{},{},{}]},{"creatorAffiliations":[{"affiliationNameIdentifiers":[],"affiliationNames":[{"affiliationName":""}]}],"creatorNames":[{"creatorName":"Nakamura, Yutaka","creatorNameLang":"en"},{"creatorName":"中村, 豊","creatorNameLang":"ja"},{"creatorName":"ナカムラ, ユタカ","creatorNameLang":"ja-Kana"}],"familyNames":[{},{},{}],"givenNames":[{},{},{}],"nameIdentifiers":[{},{},{},{}]},{"creatorAffiliations":[{"affiliationNameIdentifiers":[],"affiliationNames":[{"affiliationName":""}]}],"creatorNames":[{"creatorName":"Fukuda, Yutaka","creatorNameLang":"en"},{"creatorName":"福田, 豊","creatorNameLang":"ja"},{"creatorName":"フクダ, ユタカ","creatorNameLang":"ja-Kana"}],"familyNames":[{},{},{}],"givenNames":[{},{},{}],"nameIdentifiers":[{},{},{},{},{}]},{"creatorNames":[{"creatorName":"Sasai,  Kazuto"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kitagata,  Gen"}],"nameIdentifiers":[{}]}]},"item_files":{"attribute_name":"ファイル情報","attribute_type":"file","attribute_value_mlt":[{"accessrole":"open_date","date":[{"dateType":"Available","dateValue":"2020-03-02"}],"displaytype":"detail","filename":"ACCESS.2019.2944203.pdf","filesize":[{"value":"7.8 MB"}],"format":"application/pdf","licensetype":"license_note","mimetype":"application/pdf","url":{"label":"ACCESS.2019.2944203.pdf","url":"https://kyutech.repo.nii.ac.jp/record/6421/files/ACCESS.2019.2944203.pdf"},"version_id":"169d94e6-4481-4adc-bbd3-88902252401c"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourcetype":"journal article","resourceuri":"http://purl.org/coar/resource_type/c_6501"}]},"item_title":"A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists","item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists"}]},"item_type_id":"21","owner":"3","path":["24"],"pubdate":{"attribute_name":"公開日","attribute_value":"2020-03-02"},"publish_date":"2020-03-02","publish_status":"0","recid":"6421","relation_version_is_last":true,"title":["A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists"],"weko_creator_id":"3","weko_shared_id":3},"updated":"2023-10-26T01:31:35.062441+00:00"}