untitled

untitled

1 icioussoft http://www.webopedia.com/term/m/malware.html http://en.wikipedia.org/wiki/malware 2 3 4 Covert Channel http://www.todo.gr.jp/~wakatono/cakeoff20050528_covertchannel.pdf 5 6 7 An Analysis of

Microsoft PowerPoint _t-seki.pptx

2010 年度卒業論文 IDSログのサンプリングによる解析グ Analysis of IDS log data by sampling 2011/02/03 早稲田大学基幹理工学部情報理工学科後藤研究室学士 4 年 1w070308-8 関島達矢 Agenda 1. 研究背景 2. 研究目的 3. 提案手法 4. 実証実験 5. 結論 2 研究背景 インターネットが普及し 不正な通信が増えている 大部分のログは不要

untitled

1 2 3 alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg: Suspicious virus warnning v2!!! ; content: Attached file"; content:"password";) alert tcp $HOME_NET any -> $EXTERNAL_NET 25 ( msg:"suspicious virus

untitled

1 2 3 4 5 dummy:~# telnet ***.233.45.227 21 :LA.CNRDI1-NIX NOTICE AUTH :*** Looking up your hostname... :LA.CNRDI1-NIX NOTICE AUTH :*** Found your hostname (cached) NICK oomvp23 :LA.CNRDI1-NIX NOTICE oomvp23

ネットワーク監視による不正アクセス発見手法

14 G 1 ...3...4...4...4...4...4...4...5...5...6...7...7...8...9...9... 11... 11...12...13...14...16...16 5.2...17...19...24...24...25 2 PC LAN 2002 Intrusion Detection System IDS snort 3 IDS IDS snort

snortの機能を使い尽くす ＆ hogwashも使ってみる

presented by P snort hogwash snort1.8.2(3) Martin Roesch IDS IDS hogwash snort1.7 FW+NIDS 100M IP IP snort./configure;make su make install configure Flexresp database snmp snmp alert idmef xml smbalert

RX501NC_LTE Mobile Router取説.indb

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 1 2 3 4 5 6 7 8 19 20 21 22 1 1 23 1 24 25 1 1 26 A 1 B C 27 D 1 E F 28 1 29 1 A A 30 31 2 A B C D E F 32 G 2 H A B C D 33 E 2 F 34 A B C D 2 E 35 2 A B C D 36

Policy

橡matufw

3 10 25 3 18 42 1 2 6 2001 8 22 3 03 36 3 4 A 2002 2001 1 1 2014 28 26 5 9 1990 2000 2000 12 2000 12 12 12 1999 88 5 2014 60 57 1996 30 25 205 0 4 120 1,5 A 1995 3 1990 30 6 2000 2004 2000 6 7 2001 5 2002

財団法人母子健康協会第三十回シンポジウム

NewBead_no17_4c_pdf.indd

untitled

O

11 2 1 2 1 1 2 1 80 2 160 3 4 17 257 1 2 1 2 3 3 1 2 138 1 1 170 O 3 5 1 5 6 139 1 A 5 2.5 A 1 A 1 1 3 20 5 A 81 87 67 A 140 11 12 2 1 1 1 12 22 1 10 1 13 A 2 3 2 6 1 B 2 B B B 1 2 B 100 B 10 B 3 3 B 1

本文/森枝卓士

脆弱性の詳細 この数日で Shellshock に関するより詳し い情報が明らかになり 完全に修正する ことが可能となるでしょう 前述のとお り CVE あるいは Shellshock と呼ばれるこの脆弱性は イギリスのロ ボット工学企業 SeeByte Ltd で Unix な

Shellshock テクニカルレポート Trend Micro Threat Research Lab はじめに 2014 年 9 月 24 日 Stephane Chazelas が bash のファンクション定義に存在するコードの処理を適切に行わない脆弱性 (CVE-2014-6271) を発見しました 1 攻撃者は Shellshock と名付けられたこの脆弱性を利用して環境の制限を回避できます

DE-6001 取扱説明書

O157 6/23 7/4 6 25 1000 117,050 6 14:00~15:30 1 2 22 22 14:30~15:30 8 12 1 5 20 6 20 10 11 30 9 10 6 1 30 6 6 0 30 6 19 0 3 27 6 20 0 50 1 2 6 4 61 1 6 5 1 2 1 2 6 19 6 4 15 6 1 6 30 6 24 30 59

INSメイトV30Slim 取扱説明書（1版2001.10）

3 4 5 6 7 8 9 3 0 4 5 3 4 5 6 7 3 4 5 6 P40 P73 P84 P86 P P96 P3 P93 P05 P89 7 P4 P P88 P37 P0 P P9 8 9 CD-ROM 0 CD-ROM 8 7 3 4 5 6 80 3 4 3 4 3 4 900700 3 4 00-097 5 6 3 7 8 9 5 4 3 30 3 3 3 3 33 35

untitled

Internet Week 2006T13 (4) CISSP 1 UTM: Unified Threat Management F/W Web G/W 2 IPS GW Box UTM!? S/W PC, F/WIPS IDS/IPS 3 or 4 5 Orange Alert Yellow Alert by @Police http://www.cyberpolice.go.jp/detect/index.html

econ30.pdf

2008 ›wfi`PDFŠp

2008-09 1 2 6 7 8 9 4 3 5 10 10 s t t j j j Hakone History introduction! Various Various Sattelite Sattelite Middle Middle Walk Walk Activity Activity introduction! introduction! s Track & Field Track

Mail_Spam_Manual_120815b

server~>su - server:~#mount /mnt/cdrom server:~#umount /mnt/cdrom # cd /mnt/cdrom #./ginstall -F -M [MTA ] -P AV # wget http://download.gideon.co.jp/ginstall.tgz #./ginstall -F -M P -P AV #./ginstall -M

Vol. 0 No Intrusion Detection System IDS IDS HTTP LAN 3 Machine Learning Based IDS with Automatic Training Data Generation Akira Yamada, Yutak

Vol. 0 No. 0 1959 Intrusion Detection System IDS IDS HTTP LAN 3 Machine Learning Based IDS with Automatic Training Data Generation Akira Yamada, Yutaka Miyake, Keisuke Takemori and Toshiaki Tanaka Although

SRX IDP Full IDP Stateful Inspection 8 Detection mechanisms including Stateful Signatures and Protocol Anomalies Reassemble, normalize, eliminate ambi

IDP (INTRUSION DETECTION AND PREVENTION) SRX IDP Full IDP Stateful Inspection 8 Detection mechanisms including Stateful Signatures and Protocol Anomalies Reassemble, normalize, eliminate ambiguity Track

2013_autumn.indb

設定例集_Rev.8.03, Rev.9.00, Rev.10.01対応

Network Equipment 設定例集 Rev.8.03, Rev.9.00, Rev.10.01 対応 2 3 4 5 6 7 8 help > help show command > show command console character administrator pp disable disconnect 9 pp enable save Password: login timer

ヤマハ ルーター ファイアウォール機能～説明資料～

1 2 3 4 LAN ISDN/ NAT (LAN#) (PP#) (TUNNEL#) + R 5 ----------< >---------- ----------< >---------- 6 IPv6 VPN ping IPsec PPTP ICMP (1) TCP (6) UDP (17) IPv6 (41) AH (51) ESP (50) GRE (47) IPv4

Vol. 0 No (AOI: Attribute Oriented Induction) AOI AOI Characterization and Anomaly Detection for Network Log Using Attribute Oriented Inductio

Vol No 959 (AOI: Attribute Oriented Induction) AOI AOI Characterization and Anomaly Detection for Network Log Using Attribute Oriented Induction Akira Yamada, Yutaka Miyake, Keisuke Takemori and Toshiaki

gm3280-d_j.indd

n-miwa@lac.co.jp (JSOC) OS Web (JSOC) (JSOC) SQL SQL Event Name Source IP Correlated Horizontal Scan Detected Microsoft ASN.1 Library Buffer Overflow Detected Vertical Scan Detected Internet Explorer

SRT/RTX/RT設定例集

Network Equipment Rev.6.03, Rev.7.00, Rev.7.01 Rev.8.01, Rev.8.02, Rev.8.03 Rev.9.00, Rev.10.00, Rev.10.01 2 3 4 5 6 1 2 3 1 2 3 7 RTX1000 RTX1000 8 help > help show command > show command console character

分析レポート2_Gaobot

Distributed via http://www.cyberpolice.go.jp/ @police - 1 - - 2 - IRC Gaobot IRC IRC DDoS IRC IRC IRC - 3 - Gaobot IRC IRC TCP6660 6669 IRC - 4 - IRC IP IRC IRC Gaobot - 5 - IRC IP 10.1.1.1 IRC - 6 - -

PLQ-20 取扱説明書　詳細編

2013 Seiko Epson Corporation. All rights reserved. o n h o n n A B o C h h n h A B n C n n A B C A B C A B C D E A B C D E h o h B n C A D E F G n A C B n A B C D C n A B D F G H E n A B D C E F n A h

ScreenOS 5.0 ScreenOS 5.0 Deep Inspection VLAN NetScreen-25/-50/-204/-208 HA NetScreen-25 HA Lite NetScreen-25 NetScreen-50) ALG(Application Layer Gat

ScreenOS 5.0 1 2 ScreenOS 5.0 ScreenOS 5.0 Deep Inspection VLAN NetScreen-25/-50/-204/-208 HA NetScreen-25 HA Lite NetScreen-25 NetScreen-50) ALG(Application Layer Gateway NAT Destination NetScreen-Security

26-27_行政政策学類

worm hoihoi

true@sfc.wide.ad.jp / (IDS, Honeypot), Web / : Darknet AS65531 10.0.0.0/8 Prefix longest match next hop AS Internet Customer A 10.1.0.0/16 AS 65531 10.0.0.0/8 Customer B 10.2.0.0/16 ( ) The Team Cymru

「諸雑公文書」整理の中間報告

30 10 3 from to 10 from to ( ) ( ) 20 20 20 20 20 35 8 39 11 41 10 41 9 41 7 43 13 41 11 42 7 42 11 41 7 42 10 4 4 8 4 30 10 ( ) ( ) 17 23 5 11 5 8 8 11 11 13 14 15 16 17 121 767 1,225 2.9 18.7 29.8 3.9

1 . 1 2 3 4 5 CM C 6 7 8 9 10 11 12 13 14 1 1 15 16 17 18 19 http://www.ka3.koalanet.ne.jp 20 21 22 g 23 CM C 24 25 26 27 28 29 30 31 32 33 34 35 . 36 . 37 38 39 40 41 42 43 CM 44 45 46 g 47 48 49 50 51

Symantec AntiVirus の設定

CHAPTER 29 Symantec AntiVirus エージェントを MARS でレポートデバイスとしてイネーブルにするためには Symantec System Center コンソールをレポートデバイスとして指定する必要があります Symantec System Center コンソールはモニタ対象の AV エージェントからアラートを受信し このアラートを SNMP 通知として MARS に転送します

合併後の交付税について

(1) (2) 1 0.9 0.7 0.5 0.3 0.1 2 3 (1) (a), 4 (b) (a), (c) (a) 0.9 0.7 0.5 0.3 0.1 (b) (d),(e) (f) (g) (h) (a) (i) (g) (h) (j) (i) 5 (2) 6 (3) (A) (B) (A)+(B) n 1,000 1,000 2,000 n+1 970 970 1,940 3.0%

main-pub.dvi

FPGA Field Programmable Gate Arrays EFSM FPGA Design and Implementation of Network Monitoring Circuits for High Speed Networks MASAYUKI KIRIMURA, YOSHIFUMI TAKAMOTO, TAKANORI MORI, KEIICHI YASUMOTO, AKIO

1

SR-PB102_182

pdf軽_台紙まとめ県民

Excel97関数編

Excel97 SUM Microsoft Excel 97... 1... 1... 1... 2... 3... 3... 4... 5... 6... 6... 7 SUM... 8... 11 Microsoft Excel 97 AVERAGE MIN MAX SUM IF 2 RANK TODAY ROUND COUNT INT VLOOKUP 1/15 Excel A B C A B

Cisco ASA Firepower ASA Firepower

Cisco ASA Firepower ASA Firepower 1 2 3 4 1 1-1 Cisco ASA Cisco ASA Firepower Cisco ASA with Firepower Services Cisco Adaptive Security Device Manager ASDM MEMO Cisco ASA with Firepower Services Application

guide.PDF

ExpressMail Ver2.0 Copyright ( ) 1998/12/25 REV.1 1 ExpressMail Ver2.0 ExpressMail Ver2.0 ExpressMail Ver2.0 WindowsNT SMTP/POP3/IMAP4 (1) SMTP sendmail 8.8.5 DLL (2) POP3 RFC1939 APOP (3) IMAP4 RFC2060

大学における原価計算教育の現状と課題

1 1.1 1.2 1.3 2 2.1 2.2 3 3.1 3.2 3.3 2014a 50 ABC Activity Based Costing LCC Lifecycle Costing MFCA Material Flow Cost Accounting 2 2 2016 9 1 2 3 2014b 2005 2014b 2000 1 2 1962 5 1 3 2 3 4 5 50 2012

untitled

森林火災保険ご契約のしおり

1 0120-25-7474 2 20 3 50 50 50 20 20 80 1 4 30 125cc 5 500 30 10 20 20 300 72 301,000 6 19 7 19 19 14 32 12 8 13 15 16 16 1820 17 20 9 26 30 180 90 22118 60 180 24205 28 80 10 500 500 500 20 20 20 300

ヤマハ ルーター ファイアウォール機能～説明資料～

1 RT140i #1(PPP) RT105i RTA52i R (PP#) (LAN#) [NAT] R LAN LAN 2 #2() RT300i RTW65b RT140e RT105e (LAN2) R (LAN1) RTA55i R LAN LAN 3 #3(PPPoE) R (LAN#) (PP#) (PP#) LAN ISDN/ LAN 4 RT300i RT105 #4(VPN) R

Home Use Test 1 2

C O M P A N Y P R O F I L E Home Use Test Home Use Test 1 2 I n t e r n e t R e s e a r c h M o n i t o r R e c r u i t 1,215 1200 1,087 1000 863 800 682 600 483 400 200 0 2009 2010 2011 2012 2013 Sales

Intrusion Detection Method using Online Learning by Kouki Takahata BA Thesis at Future University Hakodate, 2017 Advisor: Ayahiko N

28 1013251 29 1 31 Intrusion Detection Method using Online Learning by Advisor: Ayahiko Niimi Department of Media Architecture Future University Hakodate January 31, 2017 Abstract Cyber-attacks such as

untitled

1 4 4 6 8 10 30 13 14 16 16 17 18 19 19 96 21 23 24 3 27 27 4 27 128 24 4 1 50 by ( 30 30 200 30 30 24 4 TOP 10 2012 8 22 3 1 7 1,000 100 30 26 3 140 21 60 98 88,000 96 3 5 29 300 21 21 11 21

ガイドブック

...3...5...6... 10 Windows 30/60/90... 13... 16... 18... 19... 21 2... 22...24... 26... 28... 32... 34... 35 B6 182 mm 128 mm Acrobat Reader 1 1 Acrobat X 2 Acrobat X 2 1. 5 2. 6 3. 10 4. 19 3 1 3 13 13Windows

SC_Vi1000-Vi2000-Vi3000取説.pdf

2 3 CONTENTS CONTENTS Vi1000/Vi2000/Vi3000 USER MANUAL 1.0: Block Diagram 1.0 1.0: Block Diagram 2.0 QUICK START 2.0-1 2.0 QUICK START 2.0 QUICK START 2.0-2 2.0 QUICK START 2.0 QUICK START 2.0-3 2.0 QUICK

企業費用・利益総合保険_平成27年10月_損保ジャパン日本興亜

27 10 P 3 1 1 2 3 7 12 10 8 50 75 55 50 3.5 9 5.5 4 120 60 25 15 2.3 2 6,800 3,300 11,500 2.350 1.5 275 3,740 6,80055 P 3 1,650 3,30050 2 1 2 1 1 2 3 4 5 1 6 7 2 2 1 11024 2 1 3 2 3 1 2 3 125cc. 1 2 1

1 TOKEN CORPORATION

31 1 TOKEN CORPORATION Q1 TOKEN CORPORATION 2 Q2 3 TOKEN CORPORATION Q3 TOKEN CORPORATION 4 123 142 2,94 23.5 42 538 74 1,44 71 1,93 1,554 75.3 5 TOKEN CORPORATION TOKEN CORPORATION 6 4 35 3 25 2 15 1

Microsoft Word - 蝗ｳ・抵ｽ橸ｼ

890 1 2 3 1 2 3 4 5 1 3 1985 G5 Made in Japan 90 Made by Japan 25 1 EU 891 1 2 GM GDP 12 35 45 892 2 2010 GDP 2012 3 3 2005 2007 2008 3 3 65 3 3 3 893 1 2 TPP 2000 629 446 2011 880 1335 4 TPP 4 HP 2012

Taro13-芦北（改）.jtd

Taro13-宇城（改）.jtd

shio_20041004.PDF

JPNIC JPCERT/CC 2004 Web 2004 10 4 Web Web Web WASC Web Application Security Consortium 7 Web Security Threat Classification Web URL 2 ...?? It depends!? It depends!??? 3 ? It depends!...

untitled

2011 2 9 Akamai Technologies, Inc., et al., Plaintiff Appellant, v. Limelight Networks, Inc., Defendant-Cross Appellant. 1 ( ) 2 3 CAFC BMC 4 (control or 3 Aro Mfg. Co. v. Convertible Top Replacement Co.,

M300用_BIOS

110:KB/Interface Error Press F1 to Resume "Hit DEL if you want to run SETUP." Supervisor Password Installed User Password Installed Both Passwords Uninstalled User Password Uninstalled

untitled

GDS-122 User Manual... 1...1... 7... 8... 9... 10... 12...13... 14...14...15...16...17...17...18... 19...19...22...24...26...29...31...32...33... 36...36...38...39...40 TABLE OF CONTENTS... 43...43...45...46...47...48...

Steel Construction Vol. 6 No. 22(June 1999) Engineering

An Experimental Study on the Shear Strength of Anchor Bolts Embedded in Concrete (Relations Between Shear Strength and Distance Mainly on Base Concrete) Hisao KAWANO Toshiaki TACHIBANA Kanshi MASUDA ABSTRACT

New Interface Photo by hiroohi http://flickr.com/photos/rainboweyes/2747484161/ New Standard Photo by hiroohi http://flickr.com/photos/rainboweyes/2747484331/ New Technology Photo

17 Multiple video streams control for the synchronous delivery and playback 1085404 2006 3 10 Web IP 1 1 1 3,,, i Abstract Multiple video streams control for the synchronous delivery and playback Yoshiyuki

2011 Heuristics for Detecting Malware Attacks 0BDRM018

2011 Heuristics for Detecting Malware Attacks 0BDRM018 iii 1 1 1.1........................................ 1 1.2........................................ 1 1.3...................................... 2 2

<4D F736F F D2096C B838B B835E838A F B E92CA926D B838B5F E315

一覧 一覧 第 1.1 版 2010 年 11 月 02 日 NTT コミュニケーションズ株式会社 _1.0 改版履歴 版数発行年月日変更内容 1.0 2010/03/19 初版作成 1.1 2010/11/02 2.2.1(3) の補足説明を削除 目次 1. はじめに... 4 2. 通知メール... 4 2.1. バウンスメール... 4 2.2. ウイルスチェック警告メール... 5 2.2.2.

4_3.dvi

Vol. 49 No. 4 1680 1691 (Apr. 2008) Malware 1, 2 1 2 DDoS Herder Malware Malware Malware A Development of the Malware Dynamic Behavior Analyzing System and BOTNET Monitoring Keiichi Horiai, 1, 2 Takafumi

NEWS&TOPICS

1,.,,.,,.,,,., [1].,,.,.,,.,.,,,,.,.,,,.,,,.,,., Robohoc. Robohoc,[2]. 1

WIDE Technical-Report in 2008 wide-tr-keiichi-camp200709-wmn-02.pdf WIDE Project : http://www.wide.ad.jp/ If you have any comments on this document, please contact to ad@wide.ad.jp 1,.,,.,,.,,,., [1].,,.,.,,.,.,,,,.,.,,,.,,,.,,.,

長崎県消費生活審議会

(11) - CDN 2002.07.02 E-Mail: katto@katto.comm.waseda.ac.jp n n n 1 ( ) (a) ( ) (b) IP (1) (S,G): S: G: IGMP Join/Leave D 224.0.0.0 239.255.255.255 IP (2) Shortest Path Tree Shared Tree Shortest Path

shio SA.ppt[読み取り専用]

2005 213 Rootkit 2 ...... GPG EFS Windows 3 Rootkit + ifconfig, ps, ls, login Tripwire lkm-rootkit NT Rootkit, AFX Rootkit OS 4 HD... NTFS ADS Alternate Data Stream... NTFS HD HD...

P X-M04-00 PowerChute Network Shutdown PowerChute Network Shutdown Standard v2.2.3a / Enterprise v2.2.3v PowerChute Network Shutdown Standard

P-2416-211X-M04-00 PowerChute Network Shutdown Standard v2.2.3a GHSVSUUP86 Enterprise v2.2.3v GHSVSUUP87 P-2416-211X-M04-00 PowerChute Network Shutdown PowerChute Network Shutdown Standard v2.2.3a / Enterprise

ワイヤレス～イーサネットレシーバー UWTC-REC3

www.jp.omega.com : esales@jp.omega.com www.omegamanual.info UWTC-REC3 www.jp.omega.com/worldwide UWIR UWTC-NB9 / UWRH UWRTD UWTC 61.6 [2.42] REF 11.7 [0.46] 38.1 [1.50] 66.0 [2.60] REF 33.0 [1.30]

1: ( 1) 3 : 1 2 4

RippleDesk Using Ripples to Represent Conversational Noise on Internet Shigaku Iwabuchi Takaomi Hisamatsu Shin Takahashi Buntarou Shizuki Kazuo Misue Jiro Tanaka Department of Comupter Science, University

2/11 ANNEX 2006.09.14 2 HATS HATS

1/11. HATS 2/11 ANNEX 2006.09.14 2 HATS HATS 3/11... 4... 5... 5... 6... 6... 6... 7 4/11 Annex SMTP CIAJ SMTP CIAJ 5/11 SMTP SMTP POP3 SMTP Annex 6/11 SMTP ESMTP POP IMAP4 RCPT TO 7/11 CPU SMTP CPU TCP/IP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 5 2 5 24 () () () () () 1 1 150 50 50 1 1 ( 15,000 ) 150 ( 15,000 ) 100 50 50 1 1 ( 6,000 ) 150 ( 6,000 ) 100 50 50 1 1 150 1 1 150 100 0.25

161 Debian.Deb 銀河系唯一の Debian 専門誌 GO

161 Debian.Deb 銀河系唯一の Debian 専門誌 GO 2018 3 24 1 Debian 2 1.1 159 Debian............ 2 1.2 OSC 2018 Tokyo/Spring.. 2 2 3 2.1 hiromiso.......... 3 2.2 yy y ja jp......... 3 2.3 ysaito............ 3 2.4 henrich...........

d-00

283-0105 298 TEL. 0475-76-0839 FAX. 0475-76-0838 400g 300 4950399167708 14 220g 300 4950399066780 Page 1 300g 200 4950399066766 100 400g 300 4950399167722 350g 160 4950399066735 100 600g 350 4950399167685

MU120138A 10ギガビットイーサネットモジュール 製品紹介

Product Introduction MU120138A 10 ギガビットイーサネットモジュール MD1230B データクオリティアナライザ MP1590B ネットワークパフォーマンステスタ MU120138A 次世代 10GbE 測定モジュール 製品紹介 アンリツ株式会社 Slide 1 Express Flow 10GbE module MU120138A - 10 Gigabit Ethernet

意外と簡単!?

!?Access Oracle Oracle Migration Workbench MS-Access Oracle Creation Date: Oct 01, 2004 Last Update: Mar 08, 2005 Version: 1.1 !? Oracle Database 10g / GUI!? / Standard Edition!? /!?!? Oracle Database

2004 SYN/ACK SYN Flood G01P014-6

2004 SYN/ACK SYN Flood 2005 2 2 1G01P014-6 1 5 1.1...................................... 5 1.2...................................... 5 1.3..................................... 6 2 7 2.1..................................

インテル® スレッドチェッカー 3.1 Linux* 版

... 2 1.... 3 2.... 5 3.... 7 4.... 10 Intel's Terms and Conditions of Sale IntelIntel Intel Corporation * 2007 Intel Corporation. 313445JA 001 2006 5 313445 JA 002 2006 9 2 : 313445-002JA 1. primes 1

1013 　動的解析によるBOTコマンドの自動抽出

動的解析による BOT コマンドの 自動抽出 Malware Workshop 2008 2008 年 10 月 10 日株式会社セキュアブレイン星澤裕二 岡田晃市郎 太刀川剛 背景と目的 背景 大量発生している BOT の感染を未然に防いだり 感染してしまった場合に被害を最小限に抑えたりするために BOT の挙動を短時間で知ることが重要 目的 短時間で BOT のすべての挙動を知りたい 感染活動だけでなく

ShopS_hyou1_4_BP_2009_may.

1 http://shopserve.jp/ BP0905-5A06-2000 4,800 2 1 http://www.obubu.com/ http://myougado.com/ http://www.mannswine-shop.com/ http://tea-boutique.jp/ http://merci-noguchi.jp http://tokoata.com/ http://www.misono3939.com/

Ｐ２８・１／渡辺　宮副　宮副＆山本

CSM_CX-Compolet_SBSB-018_9_2

Microsoft Word - .....J.^...O.|Word.i10...j.doc

P 1. 2. R H C H, etc. R' n R' R C R'' R R H R R' R C C R R C R' R C R' R C C R 1-1 1-2 3. 1-3 1-4 4. 5. 1-5 5. 1-6 6. 10 1-7 7. 1-8 8. 2-1 2-2 2-3 9. 2-4 2-5 2-6 2-7 10. 2-8 10. 2-9 10. 2-10 10. 11. C