実運用における評価

本研究で提案した巡回順序決定システムを，実運用されているWebクライアント型ハニー ポットへ導入して評価をおこなう必要がある．実運用をおこなうことでさらなる課題を明らか にし，その課題を解決することで，より実用的なシステムとして仕上げたい．

謝辞

本修士論文の作成にあたり，日ごろよりご指導をいただいた早稲田大学基幹理工学研究科の 後藤滋樹教授に深く感謝いたします．研究活動を進めるにあたり，多くのご助言をいただいた 日本電信電話株式会社NTTネットワーク基盤技術研究所の森達哉氏に心より感謝いたします．

また，セキュリティ分野の研究やマルウェア解析競技大会への参加を通じて日ごろから議論を 進めた高田雄太氏に感謝いたします．

最後に，ともに研究をおこなった後藤滋樹研究室の諸氏に感謝いたします．

参考文献

[1] 井上 大介, 中尾 康二, “マルウェアって? (特集マルウェア) ,” 情報処理, vol.51, no.3, pp.237–243, March 2010.

[2] M. Akiyama, T. Yagi, and M. Itoh, “Searching Structural Neighborhood of Malicious URLs to Improve Blacklisting,” Proc. the 11th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT 2011), pp.1–10, Munich, Germany, July 2011.

[3] 八木 毅, “マルウェア感染を検知・制御するブラックリストシステムの設計,”電子情報通 信学会技術研究報告 信学技報, vol.112, no.29, pp.49–54, May 2012.

[4] 針生 剛男, 秋山 満昭, 青木 一史, 八木 毅, 岩村 誠, 倉上 弘, “進化するマルウェア等によ るサイバー攻撃の検知・解析・対策技術 (特集 進化する脅威とこれからのサイバーセキュ リティ),” NTT技術ジャーナル, vol.24, no.8, pp.13–17, August 2012.

[5] 笠間 貴弘, 井上 大介, 衛藤 将史, 中里 純二, 中尾 康二, “ドライブ・バイ・ダウンロード 攻撃対策フレームワークの提案,” 情報処理学会コンピュータセキュリティシンポジウム (CSS 2011), vol.2011, no.3, pp.780–785, October 2011.

[6] 秋山 満昭, 佐藤 一道, 岩村 誠, 伊藤 光恭, “Gumblarの長期観測による分析,” 電子情報 通信学会技術研究報告 情報通信システムセキュリティ (ICSS), vol.110, no.79, pp.69–74, June 2010.

[7] S. Vaknin, “How to avoid, remove Facebook malware,” http://howto.cnet.com/8301-11310 39-20070931-285/how-to-avoid-remove-facebook-malware/

[8] M. Akiyama, M. Iwamura, Y. Kawakoya, K. Aoki, and M. Itoh, “Design and Imple-mentation of High Interaction Client Honeypot for Drive-by-download Attacks,” IEICE Transactions on Communications, vol.E93-B, no.5, pp.1131–1139, May 2010.

参考文献

[9] J. Levine, “Request for Comments 5782: DNS Blacklists and Whitelists,” IETF, http:

//www.ietf.org/rfc/rfc5782.txt, February 2010.

[10] URIBL, http://www.uribl.com/

[11] OpenDNS, http://www.opendns.com/

[12] Internet Explorer - Microsoft Windows, http://windows.microsoft.com/en-US/

internet-explorer/download-ie

[13] SmartScreen Filter, http://windows.microsoft.com/en-US/internet-explorer/

products/ie-9/features/smartscreen-filter/

[14] Apple - Safari, http://www.apple.com/safari/

[15] Chrome Browser - Google, http://www.google.com/chrome/

[16] Mozilla Firefox Web Browser, http://www.mozilla.org/firefox/

[17] Google Safe Browsing API,http://code.google.com/intl/en/apis/safebrowsing/

[18] M. A. Rajab, L. Ballard, N. Jagpal, P. Mavrommatis, D. Nojiri, N. Provos, and L.

Schmidt, “Trends in Circumventing Web-malware Detection,” Google, Google Technical Report, July 2011.

[19] K. Sato, K. Ishibashi, T. Toyono, and N. Miyake, “Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries,” Proc. the 3rd USENIX Confer-ence on Large-scale Exploits and Emergent Threats (LEET 2010), Pages: 8–8, San Jose, California, USA, April 2010.

[20] C. Curtsinger, B. Livshits, B. Zorn, and C. Seifert, “Zozzle: Fast and Precise In-browser Javascript Malware Detection,” Proc. the 20th USENIX Security Symposium, Pages: 3–3, San Francisco, California, USA, August 2011.

[21] M. Antonakakis, R. Perdisci, D. Dagon, W. Lee and N. Feamster, “Building a Dynamic Reputation System for DNS,” Proc. the 19th USENIX Security Symposium, Pages: 18–18, Washington, D.C., USA, August 2010.

参考文献

[22] M. Felegyhazi, C. Kreibich, and V. Paxson, “On the Potential of Proactive Domain Black-listing,” Proc. the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats (LEET 2010), Pages: 6–6, San Jose, California, USA, April 2010.

[23] J. Ma, L. K. Saul, S. Savage and G. M. Voelker, “Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs,” Proc. the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2009), pp.1245–1254, Paris, France, June 2009.

[24] S. Yadav, A. K. K. Reddy, A. L. N. Reddy, and S. Ranjan, “Detecting Algorithmically Generated Malicious Domain Names,” Proc. the 10th ACM SIGCOMM Conference on Internet Measurement (IMC 2010), pp.48–61, Melbourne, Australia, November 2010.

[25] L. Invernizzi, S. Benvenuti, P. M. Comparetti, M. Cova, C. Kruegel, and G. Vigna,

“EvilSeed: A Guided Approach to Finding Malicious Web Pages,” Proc. IEEE Sym-posium on Security and Privacy (SP 2012), pp.428–442, San Francisco, California, USA, May 2012.

[26] C. Seifert, I. Welch, P. Komisarczuk, “HoneyC the Low-interaction Client Honeypot,”

Proc. the 2007 NZCSRCS, Waikato University, Hamilton, New Zealand, 2007.

[27] L. Lu, V. Yegneswaran, P. Porras, and W. Lee, “BLADE: An Attack-agnostic Approach for Preventing Drive-by Malware Infections,” Proc. the 17th ACM Conference on Com-puter and Communications Security (CCS 2010), pp.440–450, Chicago, Illinois, USA, October 2010.

[28] Capture-HPC, https://projects.honeynet.org/capture-hpc/

[29] M. Akiyama, Y. Kawakoya, and T. Hariu, “Scalable and Performance-efficient Client Hon-eypot on High Interaction System,” Proc. the 12th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT 2012), pp.40–50, Izmir, Turkey, July 2012.

[30] D. Chiba, K. Tobe, T. Mori, and S. Goto, “Detecting Malicious Websites by Learning IP Address Features,” Proc. the 12th IEEE/IPSJ International Symposium on Applications

参考文献

[31] S. Hao, N. A. Syed, N. Feamster, A. G. Gray, and S. Krassser, “Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine,” Proc. the 18th USENIX Security Symposium, pp.101–118, Montreal, Canada, August 2009.

[32] M. P. Collins, T. J. Shimeall, S. Faber, J. Janies, R. Weaver, M. De Shon, and J. Kadane,

“Using Uncleanliness to Predict Future Botnet Addresses,” Proc. the 7th ACM SIG-COMM Conference on Internet Measurement (IMC 2007), pp.93–104, San Diego, Cali-fornia, USA, October 2007.

[33] A. Ramachandran and N. Feamster, “Understanding the Network-level Behavior of Spam-mers,” Proc. ACM SIGCOMM 2006 Conference on Applications, Technologies, Architec-tures, and Protocols for Computer Communications, pp.291–302, Pisa, Italy, September 2006.

[34] C. M. Bishop, “Pattern Recognition and Machine Learning (Information Science and Statistics),” Springer, 2006.

[35] C. C. Chang, and C. J. Lin, “LIBSVM : A Library for Support Vector Machines,” ACM Transactions on Intelligent Systems and Technology, vol.2, pp.27:1–27:27, April 2011.

[36] J. Platt, “Fast Training of Support Vector Machines Using Sequential Minimal Optimiza-tion,” Advances in Kernel Methods, MIT Press, pp.185–208, 1999.

[37] J. Platt, “Probabilistic Outputs for Support Vector Machines and Comparisons to Regu-larized Likelihood Methods,” Advances in Large Margin Classifiers, MIT Press, pp.61–74, Mar. 1999.

[38] Alexa Top Sites,http://www.alexa.com/topsites/

[39] Malware Domain List, http://malwaredomainlist.com/

[40] 千葉 大紀, 八木 毅, 秋山 満昭, 森 達哉, 後藤 滋樹, “多種多様な攻撃に用いられるIPア ドレス間の相関解析,”情報処理学会コンピュータセキュリティシンポジウム(CSS 2011), vol.2011, no.3, pp.185–190, October 2011.