2 web high interaction web low interaction Capture- HPC[11] HoneyClient[5] HoneyC[12] SpyBye[7] HoneyC SpyBye snort exploit 3 Drive-by-download Web (
|
|
- きみつぐ すすむ
- 6 years ago
- Views:
Transcription
1 NTT {akiyama.mitsuaki,iwamura.makoto,kawakoya.yuhei, Web drive-by-download web drive-by-download web web Implementation and Evaluation of Detection Methods on Client Honeypot Mitsuaki Akiyama Makoto Iwamura Yuhei Kawakoya Kazufumi Aoki Mitsutaka Itoh NTT Information Sharing Platform Laboratories Midori-Cho , Musashino, Tokyo Japan {akiyama.mitsuaki,iwamura.makoto,kawakoya.yuhei, Abstract Countermeasures against malicious web sites are urgently needed because of increasing the number of incidents that vulnerable web browsers are infected malware by driveby-download attacks. We proposed detection methods of drive-by-download attack for client honeypot system. Proposed methods focused on the behavior of web browser in the view points of exploitation phases: 1) preparation of exploitation, 2) the moment of exploitation and 3) behavior of after exploitation. By combining proposed methods, our client honeypot improved detection coverage without increasing false-positives. 1 FW BB ISP OS E Web JSRedir-R[8] Web Web drive-by-download Web [9] Web Web [1][14][15][16] Web Web
2 2 web high interaction web low interaction Capture- HPC[11] HoneyClient[5] HoneyC[12] SpyBye[7] HoneyC SpyBye snort exploit 3 Drive-by-download Web ( 1) Web Web exploit web buffer-overflow shellcode Shellcode HeapSpray 2 HeapSpray JavaScript VBscript shellcode web NOP shellcode web MB MB <script> 標的ホスト mem = new Array();... for(i=0,i<n;i++){ mem[i] = SlideCode + Shellcode; }... </script> 1. 悪性 webサイトへアクセス 1 2. Web ブラウザに対する攻撃と乗っ取り 3. 自動的にマルウェアのダウンロードとインストール Exploit コードが含まれる web コンテンツ マルウェア 1: Drive-by-download HeapSpray script 1. The script injects vast amount of strings.. 悪性 web サイト 2. Buffer overflow is caused.. 3. Instruction pointer Browser s heap memory points somewhere on heap mem. 4. Shellcode is running. 2: HeapSpray exploit shellcode MDAC(Microsoft Data Access Componet) (MS06-014) HeapSrapy shellcode 4 JavaScript VBscript web HeapSpray web web 1. HeapSpray
3 2. 3. Windows Windows XP SP2 Internet Explorer 6.0 Internet Explorer MPack[10] WinZip 10.0 QuicTime Acrobat Reader 8.1 Flash Player HeapSpray HeapSpray JavaScript VBscript jscript.dll vbscript.dll oleaut32.dll SysAllocStringByteLen() API API API hook jscript.dll vbscript.dll API HeapSpray HeapSpray HeapSpray API API 4.2 HoneyPatch[17] HoneyPatch 1: HoneyPatch Web MS MS WMF MDAC MS VML (Internet MS WVFIcon Explorer) MS VML MS ANI CVE Video Contorl CVE WinZip CVE QuickTime CVE Flash Player CVE Acrobat Reader CVE Acrobat Reader CVE Acrobat Reader CVE Acrobat Reader shellcode Web MPack Internet Explorer exploit Acrobat Reader [8] Internet Explorer HoneyPatch 1 3rd [3][6][13] 4.3 API Internet Explorer C:\\WINDOWS\SYSTEM32 API hook API
4 web PDF web Acrobat Reader AcroRd32.exe AcroRd32.exe Capture-HPC HoneyClient web 5 MPack web PoC [4] web Malware Domain List[2]MDL 32446URL MDL URL drive-by-download MDAC web exploit 500KB 4MB 90MB 230MB web 3 HeapSpray Heap alloction summary (Byte) 1e+10 1e+09 1e+08 1e+07 1e MPack, PoC Web contents (MDL) 50MB HeapSpray e+06 1e+07 1e+08 Max heap block size (Byte) 3: Web Exploit 50MB HeapSpray HeapSpray Shellcode shellcode exploit 50MB HeapSpray web MDL HoneyPatch 2
5 2: MDAC MDAC MS (0%) 0 (0%) MS (0%) 171 (63.8%) MS (3.6%) 2 (0.7%) MS (14.5%) 17 (6.3%) MS (5.4%) 1 (0.3%) MS (4.5%) 0 (0%) CVE (60.0%) 67 (25.0%) CVE (0.9%) 1 (0.3%) CVE (0%) 0 (0%) CVE (0%) 0 (0%) CVE (2.7%) 4 (1.4%) CVE (7.2%) 4 (1.4%) CVE (0%) 0 (0%) CVE (0.9%) 1 (0.3%) ( ) MDAC MS CVE exploit MDAC HoneyPatch web HoneyPatch HeapSpray 5.3 HeapSpray shellcode MDAC MS web 3 HeapSpray 3: HeapSpray Yes A B No C D Yes E F No G H 4: HeapSpray HoneyPatch A B - C - D - - E - F - - G - - H : MDAC MDAC HeapSpray 161 (77.7%) 159 (63.8%) HoneyPatch 104 (50.2%) 179 (71.8%) 61 (29.4%) 198 (79.5%) (URL ) HoneyPatch 4 B HeapSpray 5 MDL 6 MDL MDAC ( B D F) 68.4% 22.4% ( E G) 20.2% 11.6% MDAC MDAC MS06-014
6 6: MDAC MDAC A 17 (8.2%) 110 (44.1%) B 79 (38.1%) 7 (2.8%) C 6 (2.8%) 54 (21.6%) D 2 (0.9%) 8 (3.2%) E 4 (1.9%) 1 (0.4%) F 61 (29.4%) 41 (16.4%) G H 38 (18.3%) - 28 (11.2%) - (URL ) % MDAC 29.4% HeapSpray HoneyPatch F exploit HeapSpray ActiveX Control 6 Web drive-bydownload [1] M. Akiyama, Y. Kawakoya, M. Iwamura, K. Aoki, and M. Itoh. MARIONETTE: Client honeypot for Investigating and Understanding Web-based Malware infection on Implicated Websites. In Joint Workshot on Information Security, [2] Malware domain List. http: //malwaredomainlist.com/. [3] Microsoft. Security research & defense. http: //blos.technet.com/srd/. [4] Milw0rm. Remote browser vuln exploitation. [5] MITRE. Honeyclient project. honeyclient.org/. [6] National Institute of Standards and Technology. National vulnerability database. http: //nvd.nist.gov/. [7] N. Provos. Spybye. org/index.php?/categories/1-spybye. [8] Sophos. Malicious jsredire-r script found to be biggest malware threat on the web. http: // [9] Symantec. Global internet threat report volume xiv. com/business/theme.jsp?themeid= threatreport. [10] Symantec. Mpack, packed full of badness. security response/weblog/2007/05/ mpack packed full of badness.html. [11] The Client Honeynet Project. Capure- HPC. capture-hpc. [12] The Client Honeynet Project. HoneyC. [13] Zeroday Emergency Response Team (ZERT). Released patches. zert. [14],,, and. web. In (CSS), [15],,,,, and.., 50(9), [16],,,, and. web. In (ICSS), [17],,, and. Honeypatch: Honeypot. In 2006, 2006.
2 [2] Flow Visualizer 1 DbD 2. DbD [4] Web (PV) Web Web Web 3 ( 1) ( 1 ) Web ( 2 ) Web Web ( 3 ) Web DbD DbD () DbD DbD DbD 2.1 DbD DbD URL URL Google
Drive-by Download 1,a) 1,b) Web Drive-by Download(DbD) DbD Web DbD HTTP DbD Web DbD, Drive-by Download The Network Visualization Tool for detecting the Drive-by Download attacks. Amako Katsuhiro 1,a) Takada
More informationLanding Landing Intermediate Exploit Exploit Distribution Provos [1] Drive-by Download (Exploit Distribution ) Drive-by Download (FCDBD: Framework for
Drive-by Download Web 1,a) 1,b) 1,c) Web Web Web Drive-by Download FCDBD(Framework for Countering Drive-By Download) FCDBD Drive-by Download Landing Web Landing Web JavaScript Web Drive-by Download
More information<4D F736F F F696E74202D E9197BF C A837B C EC091D492B28DB8284E E B8CDD8AB B83685D>
資料 9-2 ボットネット実態調査 平成 20 年 6 月 8 日 NTT 情報流通プラットフォーム研究所 Copyright 2008 NTT, corp. All Rights Reserved. 調査手法 2 種類のハニーポットと 2 種類の動的解析システムで ボットネットの実態を 攻撃検知 検体収集 検体解析 の面から調査 能動的攻撃 受動的攻撃 サーバ型ハニーポットクライアント型ハニーポットトによる能動的攻撃実態調査による受動的攻撃実態調査攻撃検知
More information16 3 1....1 2....3 3....5 4....6 1....7 2....8 3....11 4....13 1....15 2....17 PRTR...20...23...30...35 1. 1 2 2. / / 29 / / 29 29 3 PRTR () () 29 29 * 29 4 3. 4 1 6 30 (1) 35 13 (2) 14 (3) PRTR 23 ID
More informationオンラインによる 「電子申告・納税等開始(変更等)届出書」 提出方法
18 2 1 OS 2 OS WWW OS Windows 2000 Professional Windows XP (Home Edition) Windows XP (Professional Edition) WWW Microsoft Internet Explorer 6.0 Windows 98 Windows Me WindowsNT OS e-tax 3 Internet Explorer
More information29 jjencode JavaScript
Kochi University of Technology Aca Title jjencode で難読化された JavaScript の検知 Author(s) 中村, 弘亮 Citation Date of 2018-03 issue URL http://hdl.handle.net/10173/1975 Rights Text version author Kochi, JAPAN http://kutarr.lib.kochi-tech.ac.jp/dspa
More informationMicrosoft PowerPoint - MWS意見交換会-D3M2013.pptx
Copyright(c)2009-2013 NTT CORPORATION. All Rights Reserved. NTT Secure Platform Laboratories NTT セキュアプラットフォーム研究所 MWS2013 意見交換会 D3M (Drive-by y Download Data by Marionette) ) 2013 秋山満昭 ネットワークセキュリティプロジェクト
More informationFirefox Firefox Mozilla addons.mozilla.org (AMO) AMO Firefox Mozilla AMO Firefox Firefox Mozilla Firefox Firefox Firefox 年間登録数
Computer Security Symposium 2014 22-24 October 2014 Firefox 182-8585 1-5-1 takaken@ol.inf.uec.ac.jp {kazushi, oyama}@inf.uec.ac.jp Web Firefox Firefox Firefox Investigation on Attack and Stealth Methods
More informationSOC Report
Adobe Reader/Acrobat のゼロデイ脆弱性 (CVE-2009-4324) N T T コミュニケーションズ株式会社 IT マネジメントサービス事業部セキュリティオペレーションセンタ 2009 年 12 月 16 日 Ver. 1.0 1. 調査概要... 3 2. 脆弱性の概要... 3 3. 検証環境... 4 4. 攻撃コードの検証... 4 5. 本脆弱性の暫定対策... 6
More informationDrive-by Download RIG Exploit Kit
2017 StarC Drive-by Download 1 1 2 2 2.1 Drive-by Download.................................... 2 2.2 RIG Exploit Kit......................................... 2 2.3.............................................
More information山梨県ホームページ作成ガイドライン
17 7 ...1...4...4...4...4...5...5 W3C...5...6...6...6...7...8...8...10...10...10... 11...12...12...13...13...13...14...14...14...15...15...16...16...16...16...16...17...18 15 (2003 ) 69.7 81.1 43.6 19.6
More informationIT活用事例解説書
14 15 17 Information Technology ( ) 15 16 2 25 14 readme.txt index.html katsuyou.doc.doc.doc.doc.doc.doc.doc.doc.doc IT Access97 Access2000.xls.mdb.exe.mdb.exe IT.pdf 110 1114 1518 1922 2326 3952 2730
More information1 Gumblar Fig. 1 Flow of Gumblar attack. Fig. 2 2 RequestPolicy Example of operation based on RequestPolicy. (3-b) (4) PC (5) Web Web Web Web Gumblar
DNS Web Web Request Policy Framework 1,a) 2 1 2011 11 30, 2012 6 1 Web Web Drive-by download Gumblar Web Web JavaScript Web Web Request Policy Framework Request Policy Framework Web Gumblar DNS Proposal
More informationMWS 2014 意見交換会 D3M (Drive-by Download Data by Marionette) 2014
Copyright(c)2009-2014 NTT CORPORATION. All Rights Reserved. MWS 2014 意見交換会 D3M (Drive-by Download Data by Marionette) 2014 NTT セキュアプラットフォーム研究所ネットワークセキュリティプロジェクト高田雄太 秋山満昭 2014 年 05 月 19 日 はじめに 研究を進める上で評価用の実データは非常に重要
More informationInstallation and New Features Guide for FileMaker Pro and FileMaker Pro Advanced
FileMaker For FileMaker Pro 8.5 and FileMaker Pro 8.5 Advanced 2005-2006 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker FileMaker,
More information08+11Extra
A - - #8 bit, Byte, Yutaka Yasuda bit : データの最小単位 1bit = 最小状態の単位 = 二進一桁 コンピュータ内部は電気配線 配線に電気が通っている いな い だけで処理 状態は2種 二値 二進 動作にうまく対応 二進一桁を配線一本で実現 0と1 二進数 で動作 の実体 1bit = 二進一桁 = 配線一本 Byte : Byte bit 8 1 Byte
More informationInterSafe Personal_v2.3 ユーザーズガイド_初版
InterSafe Personal v2.3 1. 3 1-1. 4 1-2. 5 InterSafe Personal 5 1-3. InterSafe Personal 6 6 7 8 2. 9 2-1. 10 2-2. 14 2-3. 17 17 17 2 18 19 21 3. 22 3-1. 23 23 3-2. [ ] 24 [ ] 24 [ ] 24 3-3. [ ] 25 [ ]
More informationNetIQ White Paper
Contents Contents... 1 APPMANAGER 4.3J... 1 1... 1 2.... 2 2.1...2 2.1.1...2 2.1.2...3 2.1.3...6 2.2...7 2.2.1...7 2.3...9 Appendix... 13 AppManager 2GB...13 MDAC...14 AppManager 4.3J 1.1 March 19, 2003
More informationWebRTC P2P Web Proxy P2P Web Proxy WebRTC WebRTC Web, HTTP, WebRTC, P2P i
26 WebRTC The data distribution system using browser cache sharing and WebRTC 1150361 2015/02/27 WebRTC P2P Web Proxy P2P Web Proxy WebRTC WebRTC Web, HTTP, WebRTC, P2P i Abstract The data distribution
More informationFlash Player ローカル設定マネージャー
ADOBE FLASH PLAYER http://help.adobe.com/ja_jp/legalnotices/index.html iii................................................................................................................. 1...........................................................................................................
More informationGTSC Security Response Team Microsoft Asia Limited ( ) 2
GTSC Security Response Team Microsoft Asia Limited ( ) 2 Agenda 3 No Yes or 4 OS etc HFNetChk Microsoft Baseline Security Analyzer (MBSA) 5 HFNetChk shavlik HFNetChk 6 HFNetChk HFNetChk XML DB XML DB http://download.microsoft
More informationP2P Web Proxy P2P Web Proxy P2P P2P Web Proxy P2P Web Proxy Web P2P WebProxy i
27 Verification of the usefulness of the data distribution method by browser cache sharing 1160285 2016 2 26 P2P Web Proxy P2P Web Proxy P2P P2P Web Proxy P2P Web Proxy Web P2P WebProxy i Abstract Verification
More informationuntitled
Web Ver3 2005 7 1. Web...1 2. Web...2 3. Web...3 4....5 5. ActiveX...9 6. Java...11 7. Netscape Plug-in... 15 8. COM... 19 9. Web API... 20 10.... 21 1. Web for WindowsCSV HTML 1 2. Web Web Web / for WindowsHTML
More informationACDSee-Press-Release_0524
ACDSee Pro Windows ACDSee Pro 4 Mac ACDSee Pro (Mac) 5 26 ACDSee 6 30 ACDSee 5,000 URL: http://www.acdsee.jp ACDSee Pro ACDSee Pro 4 16,800 / 21,800 ACDSee Pro (Mac) 9,800 / 14,800 ACDSee Pro 4 RAW ACDSee
More informationVol. 44 No. SIG 12(TOD 19) Sep MF MF MF Content Protection Mechanism Based on Media Framework and an Implementation for Autonomous Information C
Vol. 44 No. SIG 12(TOD 19) Sep. 2003 MF MF MF Content Protection Mechanism Based on Media Framework and an Implementation for Autonomous Information Container Takehito Abe, Noburou Taniguchi, Kunihiro
More informationI
SR-SaaS I. - 1 - 1. 1-1) URL 1-2) ID SAAS - 2 - 1-3) - 3 - 2. 2-1) RemoteApp SR-SaaS 2-2) RemoteApp 2-3) : SAAS SSZK9999 ID SAAS OK - 4 - 2-4) RemoteApp 2-5) SR-SaaS - 5 - II. Windows - 6 - 1. Windows
More informationSQLインジェクション・ワームに関する現状と推奨する対策案
SQL インジェクション ワームに関する現状と推奨する対策案 - 新たな脆弱性と攻撃の巧妙化についての報告 - 2008/5/29 診断ビジネス部辻伸弘松田和之 前回 5 月 21 日付けのレポートで報告した SQL インジェクション ワームに関する現状と推奨する対策案 に加え 新たに利用される脆弱性が確認されましたので ご報告いたします 状況 誘導先サイトが攻撃に利用する脆弱性に 新たに Adobe
More information2.3 1 RIG Exploit Kit (4) 4 Exploit Kit 2.2 RIG Exploit Kit RIG Exploit Kit 1 5 (1) Web Web (2) RIG Exploit Kit URL (3) URL iframe RIG Exploit Kit (4)
StarC Drive-by Download 1 2017 4 Web Web Drive-by Download [1] Driveby Download Web Web Web Drive-by Download Exploit Kit Exploit Kit Web Exploit Kit Drive-by Download Exploit Kit RIG Exploit Kit [2][3][4]
More informationuntitled
1 All Rights Reserved,Copyright C (2000-2008) e-marketplace A HA e-ingbiz.com All Rights Reserved,Copyright C (2000-2008) 2 ( 3 All Rights Reserved,Copyright C (2000-2008) EXCEL BU EXCEL All Rights Reserved,Copyright
More informationWindows Macintosh 18 Java Windows 21 Java Macintosh
2 2 2 6 6 6 12 16 17 18 Windows Macintosh 18 Java Windows 21 Java Macintosh 23 25 26 26 27 33 34 40 48 55 57 60 Sun Sun Microsystems Java Java Sun Microsystems, Inc. Microsoft Windows Windows Microsoft
More information08encode part 2
A - - #8 bit, Byte, Yutaka Yasuda 1/2 0/1 CD 9 1 0 0 or 1 1/9 4,3,4,7,7,8,8,5,3,2,2 4,3,4,7,7,8,8,5,3,2,2 4,3,4,7,7,8,8,5,3,2,2 4,3,4,7,7,8,8,5,3,2,2 CD/CD-R CD / CD-R - 1 bit data (7bit) P 0 1 1 0 1
More informationVol.55 No (May 2014) MS 1,a) 2,b) , MS Rich Text Compound File Binary MS MS MS 98.5% MS Rich Text CFB MS Methods to D
MS 1,a) 2,b) 2 2013 9 13, 2014 2 14 MS Rich Text Compound File Binary MS MS MS 98.5% MS Rich Text CFB MS Methods to Detect Malicious MS Document File Using File Structure Inspection Yuhei Otsubo 1,a) Mamoru
More information今企業が取るべきセキュリティ対策とは策
AGENDA 2 2 2002 Symantec Corporation. 70,000 (Code Red, Nimda) Number of Known Threats 60,000 50,000 40,000 30,000 20,000 DOS (Yahoo!, ebay) (Love Letter/Melissa) 10,000 (Tequila) 3 3 2002 Symantec Corporation.
More information1 Web 1W e b Q Pay-easy 2 31 Web :00 315:00 15:00 315:00 Q 515:00 Q 9 30 Q :00 6:00 21:00 6:
1 Web 1W e b109 00 19 00 Q Pay-easy 2 31 Web 10 10 10 15:00 315:00 15:00 315:00 Q 515:00 Q 9 30 Q 13 00 1 1 11 3 5 35 5 13 2:00 6:00 21:00 6:00 2 8 00 23 00 12/31 8 00 19 00 8 00 15 00 8 00 21 00 15 00
More informationHTML Flash Alt 2
1 HTML Flash Alt 2 [ ] [ ] HTML CSS [ ] 3 1 BGM 4 TAB IT 5 Ver1.0 HTML HTML HTML HTML URL HTML HTML.HTML.HTM 6 HTML h1 h6 *1 HTML title *1 7 HTML img ALT *1 *1 ALT HTML img ALT ALT img ALT ALT * - ALT
More information23 Fig. 2: hwmodulev2 3. Reconfigurable HPC 3.1 hw/sw hw/sw hw/sw FPGA PC FPGA PC FPGA HPC FPGA FPGA hw/sw hw/sw hw- Module FPGA hwmodule hw/sw FPGA h
23 FPGA CUDA Performance Comparison of FPGA Array with CUDA on Poisson Equation (lijiang@sekine-lab.ei.tuat.ac.jp), (kazuki@sekine-lab.ei.tuat.ac.jp), (takahashi@sekine-lab.ei.tuat.ac.jp), (tamukoh@cc.tuat.ac.jp),
More information操作1 <設問作成>
ORCA (Online Research Control system Architecture) ORCA 1 1 2 3 4 5 6 7 URL 2 [ ] 3 4 5 1. 2. 4 6 2. 4. 3. 5. 7 6. 8.10. 9. 12. 13. 14. 8 2. 4. 3. 5. 6. 8. 7. 9. 9 9. 10 8. 12. 9. 10. 11 6. 8. 7. 8. 6
More informationHP cafe HP of A A B of C C Map on N th Floor coupon A cafe coupon B Poster A Poster A Poster B Poster B Case 1 Show HP of each company on a user scree
LAN 1 2 3 2 LAN WiFiTag WiFiTag LAN LAN 100% WiFi Tag An Improved Determination Method with Multiple Access Points for Relative Position Estimation Using Wireless LAN Abstract: We have proposed a WiFiTag
More informationWeb...1 1....2 1.1....2 1.2....3 1.3. STEPS...4 2. Web...5 2.1. Web...5 2.2....5 2.3. Form Cookie...6 2.4....7 2.5. HTTP...7 3. STEPS Web...8 3.1....8
2001/1/11 Web Simplified Techniques for Econometric Plannings & Simulations for WWW Fujiwara Takamichi 97-5075 N-23 Web...1 1....2 1.1....2 1.2....3 1.3. STEPS...4 2. Web...5 2.1. Web...5 2.2....5 2.3.
More informationActionScript Flash Player 8 ActionScript3.0 ActionScript Flash Video ActionScript.swf swf FlashPlayer AVM(Actionscript Virtual Machine) Windows
ActionScript3.0 1 1 YouTube Flash ActionScript3.0 Face detection and hiding using ActionScript3.0 for streaming video on the Internet Ryouta Tanaka 1 and Masanao Koeda 1 Recently, video streaming and video
More informationbit : データの最小単位 1bit = 最小状態の単位 二進一桁 = 配線一本 Byte バイト 8bits 0-255まで アルファベットは 1 バイト 256 文字以下 漢字は 普通は 2 バイト 文字以下 2
#5 Yutaka Yasuda 1 bit : データの最小単位 1bit = 最小状態の単位 二進一桁 = 配線一本 Byte バイト 8bits 0-255まで アルファベットは 1 バイト 256 文字以下 漢字は 普通は 2 バイト 65536 文字以下 2 bit bit bit 3 1 (ASCII encoding) CPU 53 61 6d 70 6c 65 20 44 41 74
More informationタイトルを1~2行で入力 (長文の場合はフォントサイズを縮小)
1A3-4: MWS ドライブ バイ ダウンロード Exploit Kit の変化への適応を目的としたサイバー攻撃検知システムの改良 2015 年 10 月 21 日株式会社 NTT データ 益子博貴, 重田真義, 大谷尚通 INDEX Copyright 2014 2015 NTT DATA Corporation 2 1 Drive-by Download 攻撃の定性的特徴とその変化 2 Exploit
More information2
2 485 1300 1 6 17 18 3 18 18 3 17 () 6 1 2 3 4 1 18 11 27 10001200 705 2 18 12 27 10001230 705 3 19 2 5 10001140 302 5 () 6 280 2 7 ACCESS WEB 8 9 10 11 12 13 14 3 A B C D E 1 Data 13 12 Data 15 9 18 2
More information1 : Google Amazon Facebook Akamai Hyper giants Web [1] Web Web Web Magnitude Exploit Kit PHP.net Web Yahoo 600 [2] Web URL Blacklist URL Blacklist URL
Computer Security Symposium 2014 22-24 October 2014 URL URL NTT 169-8555 3-4-1 180-8585 3-9-11 {sunshine,mori}@nsl.cs.waseda.ac.jp {akiyama.mitsuhiro, yagi.takeshi}@lab.ntt.co.jp Web URL URL URL URL URL
More information2011 Heuristics for Detecting Malware Attacks 0BDRM018
2011 Heuristics for Detecting Malware Attacks 0BDRM018 iii 1 1 1.1........................................ 1 1.2........................................ 1 1.3...................................... 2 2
More informationVol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m
Vol.55 No.1 2 15 (Jan. 2014) 1,a) 2,3,b) 4,3,c) 3,d) 2013 3 18, 2013 10 9 saccess 1 1 saccess saccess Design and Implementation of an Online Tool for Database Education Hiroyuki Nagataki 1,a) Yoshiaki
More informationDrive-by Download 攻撃に おけるRIG Exploit Kitの 解析回避手法の調査
高対話型クライアントハニーポット StarC の開発と Drive-by Download 攻撃のトラフィックデータの解析 明治大学総合数理学部小池倫太郎 Drive-by Download攻撃 概要 Webサイトを使ったWebブラウザに対する攻撃 悪性Webサイトへ誘導された脆弱なWebブラウザに対して そのブラ ウザの脆弱性を突くようなコードを送り込んで制御を奪い マルウェ アをダウンロード 実行させる
More information2 2 2 6 9 9 10 14 18 19 21 22 22 Java 23 24 25 25 26 30 31 32 39 46 53 55 58 2 2.0 2.0R Ver.2.0R Java Java 2.0 2.0R 2.0R 2.0 Ver2.0 2.0R Ver2.0R 19 Sun Sun Microsystems Java Java Sun Microsystems, Inc.
More information& Vol.5 No (Oct. 2015) TV 1,2,a) , Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Ro
TV 1,2,a) 1 2 2015 1 26, 2015 5 21 Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Rotation Using Mobile Device Hiroyuki Kawakita 1,2,a) Toshio Nakagawa 1 Makoto Sato
More informationWeb Web Web Web Web, i
22 Web Research of a Web search support system based on individual sensitivity 1135117 2011 2 14 Web Web Web Web Web, i Abstract Research of a Web search support system based on individual sensitivity
More informationuntitled
IT IT IT IT 1 IT 2 Software as a Service (SaaS 3 ) IT SaaS 4 SaaS SaaS PC SaaS SaaS Web SaaS ID IT SaaS IT 1 2 3 Software as a Service ASP(Application Service Provider) SaaS 4 ASPIC SaaS SaaS SaaS SaaS
More information★保健医療科学_第67巻第2号.indb
Vol. No.p. Evidence Based Public Health: ICT/AI Issues of the internet environment in local governments Norihiko Ito 1), Hiroshi Mizushima 2) ) Hokkaido Mombetsu Health Center (Concurrently) Hokkaido Mombetsu
More informationSQL Web Web SQL SQL SQL SQL SQL SQL SQL SQL SQL SQL SQL i
28 SQL Proposal of attack detection method based on appearance frequency of symbols included in SQL injection attack and its relevance 1170311 2017 2 28 SQL Web Web SQL SQL SQL SQL SQL SQL SQL SQL SQL
More informationohp.mgp
2019/06/11 A/B -- HTML/WWW(World Wide Web -- (TA:, [ 1 ] !!? Web Page http://edu-gw2.math.cst.nihon-u.ac.jp/~kurino VNC Server Address : 10.9.209.159 Password : vnc-2019 (2019/06/04 : : * * / / : (cf.
More informationGPGPU
GPGPU 2013 1008 2015 1 23 Abstract In recent years, with the advance of microscope technology, the alive cells have been able to observe. On the other hand, from the standpoint of image processing, the
More informationXML ( ) XML XML jedit XML XPath XSLT jedit JAVA VM jedit Slava Pestov GNU GPL ( ) jedit jedit ( jedit XML jed
XML XML XML jedit XML XPath XSLT jedit JAVA VM jedit Slava Pestov GNU GPL ( jedit jedit (http://www.jedit.org/index.php jedit XML jedit Plugin Central (http://plugins.jedit.org/ jedit Java (Java VM = Java
More informationWeb Web Web Web Web IP
2012 Web 2013 2 1 5111B073-1 1 5 1.1... 5 1.2... 6 1.3... 6 2 Web 8 2.1 Web... 8 2.2 Web... 9 2.2.1... 9 2.2.2 Web... 10 2.2.3 Web... 11 3 13 3.1... 13 3.2... 15 3.2.1 IP... 15 3.2.2 WHOIS... 17 3.2.3
More informationISSN NII Technical Report Patent application and industry-university cooperation: Analysis of joint applications for patent in the Universit
ISSN 1346-5597 NII Technical Report Patent application and industry-university cooperation: Analysis of joint applications for patent in the University of Tokyo Morio SHIBAYAMA, Masaharu YANO, Kiminori
More information28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment
28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment 1170288 2017 2 28 Docker,.,,.,,.,,.,. Docker.,..,., Web, Web.,.,.,, CPU,,. i ., OS..,, OS, VirtualBox,.,
More informationSOC Report
MS-IIS FTP Service5/6 の NLST コマンドの脆弱性について N T T コミュニケーションズ株式会社 IT マネジメントサービス事業部セキュリティオペレーションセンタ 2009 年 09 月 14 日 Ver. 1.1 1. 調査概要... 3 2. 検証結果... 3 2.1. 検証環境... 3 2.2. 検証結果 (NLST の POC)... 4 2.3. 検証結果
More information25 About what prevent spoofing of misusing a session information
25 About what prevent spoofing of misusing a session information 1140349 2014 2 28 Web Web [1]. [2] SAS-2(Simple And Secure password authentication protocol, ver.2)[3] SAS-2 i Abstract About what prevent
More informationFileMaker Server Getting Started Guide
FileMaker Server 11 2004-2010 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker FileMaker, Inc. FileMaker, Inc. FileMaker FileMaker,
More informationInstallation and New Features Guide for FileMaker Pro and FileMaker Pro Advanced
FileMaker FileMaker Pro 11 and FileMaker Pro 11 Advanced 2007-2010 FileMaker, Inc. All rights reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker Bento FileMaker,
More informationAlertCon SOC SOC IBM X-Force SOC SOC
2007 SOC ISS 1.... 3 2.... 4 2.1. AlertCon 4 2.2. SOC 5 2.3. SOC 6 2.4. IBM X-Force 10 3.... 13 3.1. 13 3.2. 13 3.3. 14 4. SOC... 16 4.1. 16 4.2. SOC 21 4.3. 22 5.... 24-2- 1. IBM SOC (MSS) ( 2 ) SOC SOC
More informationMWSCup2013事前課題1解答例
MWS Cup 2013 事 前 課 題 1 Drive-by Download 攻 撃 解 析 解 答 例 1. 出 題 の 意 図 MWS[1]で 研 究 用 データセット[2]として 提 供 している D3M (Drive-by Download Data by Marionette)[3]には ドライブバイダウンロード 攻 撃 を 行 う 悪 性 通 信 や その 際 に 感 染 する マルウェアおよびマルウェアが
More information1 4 4 [3] SNS 5 SNS , ,000 [2] c 2013 Information Processing Society of Japan
SNS 1,a) 2 3 3 2012 3 30, 2012 10 10 SNS SNS Development of Firefighting Knowledge Succession Support SNS in Tokyo Fire Department Koutarou Ohno 1,a) Yuki Ogawa 2 Hirohiko Suwa 3 Toshizumi Ohta 3 Received:
More informationガイドブック
...3...5...6... 10 Windows 30/60/90... 13... 16... 18... 19... 21 2... 22...24... 26... 28... 32... 34... 35 B6 182 mm 128 mm Acrobat Reader 1 1 Acrobat X 2 Acrobat X 2 1. 5 2. 6 3. 10 4. 19 3 1 3 13 13Windows
More informationFileMaker Server Getting Started Guide
FileMaker Server 12 2007 2012 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker Bento FileMaker, Inc. Bento FileMaker, Inc. FileMaker
More information82801pdf.pqxp
PC Contents Chapter 1 PC / Chapter 2/ 1 2 SMS WAN BITS Chapter 3 SMS 2003 SMS SMS SMS 2003 2 6 8 9 9 10 11 12 13 14 16 17 17 18 19 19 20 20 21 22 24 24 25 25 26 26 27 28 PC PC PC PC PC IT 1 1 PC PC PC
More informationIPSJ SIG Technical Report Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for
1 2 3 3 1 Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for Mobile Terminals Kaoru Wasai 1 Fumio Sugai 2 Yosihiro Kita 3 Mi RangPark 3 Naonobu
More informationICT Web Web ICT Web 2. 新 学 習 指 導 要 領 の 理 念 と 教 育 の 情 報 化 の 意 義 2-1 新 学 習 指 導 要 領 の 理 念 20 3 23 1 ICT 2
30 2012 Web キーワード Web CIRRI Educational Method and Technology, Elementary School, School Library Website, Information Literacy, CIRRI Contents Model 1.はじめに ICTInformation and Communication Technology :
More informationInstallation and New Features Guide for FileMaker Pro 10 and FileMaker Pro 10 Advanced
FileMaker FileMaker Pro 10 and FileMaker Pro 10 Advanced 2007-2009 FileMaker, Inc. All rights reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker Bento Bento FileMaker,
More informationFileMaker Server 9 Getting Started Guide
FileMaker Server 10 2007-2009 FileMaker, Inc. All rights reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker Bento Bento FileMaker, Inc. Mac Mac Apple Inc. FileMaker
More informationPlayer, Microsoft Internet Explorer など 様々存在している. 特に Flash Player には 2014 年から 2015 年 8 月 24 日までに 242 件もの脆弱性が発見されており [2], 攻撃者に狙わ れやすいソフトウェアのひとつとなっている. D
Computer Security Symposium 2015 21-23 October 2015 Exploit Kit で作成された悪性コンテンツの類似性調査 今野由也 角田裕 東北工業大学 982-8577 宮城県仙台市太白区香澄町 35-1 m142803@st.tohtech.ac.jp, tsuno@m.ieice.org あらまし近年,Web ブラウザの脆弱性を悪用し,Web サイトにアクセスしたユーザを自動的にマル
More informationCONTENTS 1 2 2 5 3 8 4 9 5 18 6 20 7 27 8 31 9 Web 33 10 36 11 37 12 39 2
USER'S MANUAL CONTENTS 1 2 2 5 3 8 4 9 5 18 6 20 7 27 8 31 9 Web 33 10 36 11 37 12 39 2 1 Internet Explorer 6.0 DHTML Flash Flash 2 Web Web FTP Web Windows Windows Windows Windows 100 OS CPU HDD DOS/V
More information1 はじめに 2009 年に発生した Gumblar[22] による大規模攻撃を皮切りに, ドライブ バイ ダウンロード攻撃 (DBD 攻撃 ) による被害が後を絶たない. ここ数か月においても, 正規の Web サイトが改ざんの被害を受け, ドライブ バイ ダウンロード攻撃に悪用される事例が多発し
Computer Security Symposium 2013 21-23 October 2013 Exploit Kit の特徴を用いた悪性 Web サイト検知手法の提案 笠間貴弘 神薗雅紀 井上大介 独立行政法人情報通信研究機構 184-8795 東京都小金井市貫井北町 4-2-1 {kasama, masaki_kamizono, dai}@nict.go.jp 株式会社セキュアブレイン
More informationIPSJ SIG Technical Report Vol.2011-IOT-12 No /3/ , 6 Construction and Operation of Large Scale Web Contents Distribution Platfo
1 1 2 3 4 5 1 1, 6 Construction and Operation of Large Scale Web Contents Distribution Platform using Cloud Computing 1. ( ) 1 IT Web Yoshihiro Okamoto, 1 Naomi Terada and Tomohisa Akafuji, 1, 2 Yuko Okamoto,
More informationPowerPoint Presentation
DNSデータを使用したサイバー脅威やボットの検出 1 The Spamhaus Project 調査員 フォレンジックスペシャリスト ネットワークエンジニアの専任スタッフ スパム フィッシング マルウェア ボットネットなどのサイバー脅威を追跡する非営利団体 20 年以上にわたり 世界中の法執行機関 政府機関 セキュリティベンダ およびコンピュータセキュリティインシデント対応チームとデータを共有しています
More informationMOMW_I_,II 利用ガイド.PDF
MOMW (I), II 1 The Making of the Modern World I. The Making of the Modern World... 2 II.... 3 II-1... 3 II-2 Basic Search... 4 II-3... 5 II-4 Advanced Search... 9 II-5... 13 III.... 14 III-1... 14 III-2...
More informationト情報を漏えいする機能を保有している [2]. このため, 感染端末上に Web サイト管理者用の FTP アカウント情報が記憶されている場合 は, その情報が攻撃者に漏えいしてしまい, 新たな Web サイト改ざんを引き起こす [3]. このように,Web サイト改ざんと FTP アカウント情報漏
Computer Security Symposium 2012 30 October 1 November 2012 攻撃空間の探索範囲を拡大する FTP ハニーポットの設計 八木毅秋山満昭青木一史針生剛男 NTT セキュアプラットフォーム研究所 180-8585 東京都武蔵野市緑町 3-9-11 yagi.takeshi@lab.ntt.co.jp あらまし正規 Web サイトを悪用してユーザ端末をマルウェアに感染させる攻撃が脅威となっている.
More informationCSV ToDo ToDo
intra-mart ver4.0 2003/05/02 1. ( 10 imode ConceptBase imode CSV ToDo ToDo 2. intra-mart ver4.0 Java Sun JDK1.3.1 WebServerConnector Java DDL intra-mart intra-mart Java OS (1 Web Web intra-mart 2 Sun ONE
More informationFileMaker Instant Web Publishing Guide
FileMaker 8.5 Web 2004-2006 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker FileMaker, Inc. ScriptMaker FileMaker, Inc. FileMaker FileMaker,
More informationMullen IFDOInternational Federation of Data Organizations http : / / www. ifdo. org / org _ archives/arc_bfr.htm CESSDA CESSDA CESSDA http://www.nsd.uib.no/ Cessda/ CESSDAArchives in Europe Elder et al.
More information17 Multiple video streams control for the synchronous delivery and playback 1085404 2006 3 10 Web IP 1 1 1 3,,, i Abstract Multiple video streams control for the synchronous delivery and playback Yoshiyuki
More information86 Development of a Course Classification Support System for the Awarding of Degrees using Syllabus Data MIYAZAKI Kazuteru, IDA Masaaki, YOSHIKANE Fuyuki, NOZAWA Takayuki and KITA Hajime Research in Academic
More informationuntitled
200 7 19 JPCERT [2007 2 4 6 ] IPA JPCERT JPCERT/CC 2007 2 4 6 1 2 1. 2007 2 1 2007 4 1 6 30 IPA 46 95 141 2004 7 8 501 940 1,441 3 2 (1) 3 2004 7 8 1 2007 2 1.98 1 2005/1Q 2005/2Q 2005/3Q 2005/4Q 2006/1Q
More information,,.,,., II,,,.,,.,.,,,.,,,.,, II i
12 Load Dispersion Methods in Thin Client Systems 1010405 2001 2 5 ,,.,,., II,,,.,,.,.,,,.,,,.,, II i Abstract Load Dispersion Methods in Thin Client Systems Noritaka TAKEUCHI Server Based Computing by
More informationVol.54 No (Mar. 2013) 1,a) , A Case Study of the Publication of Information on the Japan Earthquake Naoto Matsumoto 1,a
1,a) 2012 6 1, 2012 12 20 A Case Study of the Publication of Information on the Japan Earthquake Naoto Matsumoto 1,a) Received: June 1, 2012, Accepted: December 20, 2012 Abstract: On the disasters, the
More informationIPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra
1,a) 1 1 2 1 Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on traffic Abstract: The equipment with Wi-Fi communication function such as a smart phone which are send on a regular
More informationIP IP DHCP..
NICE 2008 4 14 1 NICE 2 1.1.................... 2 2 3 2.1........................................ 3 2.2....................................... 5 2.3.................................... 6 2.4...................................
More information2.1... 1 2.1.1.1... 1 (1). 1 (2)... 1 (3)... 1 2.1.1.2... 1 (1)... 1 (2)... 1 (3)... 1 2.1.1.3... 1 (1)... 1 (2)... 1 (3)... 1 2.1.1.4... 2 2.1.1.5... 2 2.2... 3 2.2.1... 3 2.2.1.1... 3... 3... 3 (1)...
More information2 22006 2 e-learning e e 2003 1 4 e e e-learning 2 Web e-leaning 2004 2005 2006 e 4 GP 4 e-learning e-learning e-learning e LMS LMS Internet Navigware
2 2 Journal of Multimedia Aided Education Research 2006, Vol. 2, No. 2, 19 e 1 1 2 2 1 1 GP e 2004 e-learning 2004 e-learning 2005 e-learning e-learning e-learning e-learning 2004 e-learning HuWeb 2005
More informationウイルスバスター2012 クラウド ガイドブック
インストール ときは Windows 2012 2012 2012 30/60/90 基本的な使いかたこんな ...3...5...9...13...16...18...20...21...23 2...24...26...27...30...33...37...40...43...44...48 2 基本的な使いかたこんなときは 1. 5 2. 9 3. 13 4. 21 3 インストール 1 3
More informationU
2007 3606U024-6 2008 2 4 i 1 1 1.1..................................... 1 1.2.................................. 2 1.3.................................. 2 1.4................................ 3 2 4 2.1 Argos..........................
More information情報セキュリティの現状と課題
443 IT IT 1 1 2 3 4 1 OECD( 1992 Confidentiality Integrity Availability 2 2000.2. http://www.npa.go.jp/hightech/sec_taikei/taikei.htm 3 2000.12. http://www.kantei.go.jp/jp/it/security/taisaku/2000_1215/1215actionplan.html
More informationPDF PDF Windows Vista Windows Vista Windows Windows XP Windows XP Windows Microsoft Office Excel 2007 Excel 2007 Excel Microsoft Office Excel 2003 Excel 2003 Excel Windows Internet Explorer 7 Internet
More informationfiš„v5.dvi
(2001) 49 2 293 303 VRML 1 2 3 2001 4 12 2001 10 16 Web Java VRML (Virtual Reality Modeling Language) VRML Web VRML VRML VRML VRML Web VRML VRML, 3D 1. WWW (World Wide Web) WWW Mittag (2000) Web CGI Java
More informationFirePass Edge Client TM Edge Client LAN Edge Client 7.0 Edge Client Edge Client Edge Client Edge Client Edge Client Edge Client LAN Edge Client VPN Wi
Security FirePass SSL VPN FirePass SSL VPN Virtual Edition VE) 1 Web E 11 12 icontrol SSL VPN API 12 FirePass FirePass Edge Client TM Edge Client LAN Edge Client 7.0 Edge Client Edge Client Edge Client
More information