2015 9 2015 9 17
3 1 10 8 2 13-0001 13-0059 Twitter 13-0067 13-0146 13-0195 13-0197 13-0209 LVS Keepalived 13-0243 Web 13-0396 SSH 4 1 15 12 3 12-0002 12-0182 IPS IRC 12-0282 CAPTCHA 12-0309 12-0340 12-0367 12-0377 12-0378 P2P
13-0001 2015 1/2 13-0001 1 PC PC PC 2 [1] ICAP Proxy Proxy Web PC 3 Web JavaScript 4 D3M D3M(Drive-by Download Data by Marionette) D3M 24 URL pcap pcap 5-1-
13-0001 2015 2/2 1: D3M pcap Wireshark 1 URL URL DNS DNS WireShark DNS URL JavaScript 6 D3M [1] ICAP Proxy 25-2-
13-59 2015 1/2 Twitter 13-59 1 SNS LINE Twitter Facebook SNS Twitter 140 # # LoveLive LoveLive! LoveLive!LoveLive 2 [1] A A B B A B 3 Twitter Twitter Search API A Yahoo! Web API 1 Twitter Search API 100 1 Yahoo! Web API API Twitter Search API Fedora 14 Web Apache 2.2.17 PHP 5.3.8 HTML JavaScript -3-
13-59 2015 2/2 1: 3.1 Twitter Search API Twitter Search API Twitter API Twitter Twitter API Ver1 URL ATOM JSON Ver1.1 JSON 3.2 Yahoo! Yahoo! Web API URL 0 100 100 WebAPI 24 50,000 1 100KB XML JSON PHP Serialize XML 4 XML API JSON [1] Twitter 23. -4-
13-67 2015 1/2 13-67 1 2 [1] [2] 3 3 4 3 3 1: -5-
13-67 2015 2/2 1 5 1 4 1: (10cm) (2 ) (10 ) (30cm) (1 ) (10 ) (1 ) (1 ) (2 ) (1 ) 6 [1] 24 [2] 26-6-
13-146 2015 1/2 13-146 1 Android 2 3 Android Picture Password Lockscreen[1] 4 [2] 2-7-
13-146 2015 2/2 5 1 Android 6 7 Android Android 20 2 2 [1] TwinBlade Picture Password Lockscreen - Android Apps on Google Play https://play.google.com/store/apps/details?id=com.twinblade. PicturePassword&hl=en 2015 9 17 [2] 27 pp. 5-6 2014-11-11-8-
13-195 2015 1/2 13-195 1 IAT 2 IAT IAT(Import Address Table) API Windows DLL IAT IAT API IAT API API IAT IAT API 3 IAT IAT API Import Redirection IAT API Import Redirection IAT API API API JMP IAT API IAT -9-
13-195 2015 2/2 4 EXE Windows PE(Portable Executable) PE PE PE Windows.text().idata(API ).data().rsrc( ) 5 UPX Telock shooting.exe UPX Telock PE PE Tools 2 UPX 1: 3 Telock 1 2 UPX.text.rdata.data.reloc UPX0 UPX1 2: UPX UPX0 0 UPX1 UPX1 UPX0 1 3 Telock.reloc 3: Telock [1].text.text EIP( ) Windows OllyDbg EIP 6 PE [1] 11 pp.185-190 2012. -10-
13-197 2015 1/2 13-197 1 [1] 50% Bluetooth 2 [2] [3] 3 14 1 1 3 1 30 30 1 4 5 1 30-11-
13-197 2015 2/2 1: 30 - - 30 1 4 1 30 16 30 1 30 1 30 3 30 30 30 1 1 2 30 1 1 1 2 6 30 30 30 1 5 30 5 1 [1] 1 ICT http:// www.soumu.go.jp/johotsusintokei/whitepaper/ja/h26/html/nc141110.html 2015 9 16 [2] 26 [3] 24-12-
13-209 2015 1/2 LVS Keepalived 13-209 1 27 [1] 64.2% 23 23.9% 40.3 SNS 2 SSL SSL 2.1 LVS Linux LVS Linux Virtual Server LVS Linux Linux L4 IPVS IP Virtual Service 2.2 Keepalived LVS Keepalived LVS Linux VRRP Virtual Router Redundancy Protocol -13-
13-209 2015 2/2 1: Apache Bench Requests per second Time per request [ms] 4 DSR 5440.70 0.184 4 NAT 5021.69 0.199 2 DSR 4475.35 0.223 2 NAT 3619.55 0.268 1 3123.75 0.320 3 NAT Network Address Translation DSR Direct Server Return NAT DSR Web OS CentOS 6.6 IPVS v1.26 Keepalive v1.2.13 Web Apache 2.2.15 1: NAT 2: DSR NAT 1 NAT 2 DSR NAT NAT Keepalived IP Keepalived 4 Web 4.9KB html Apache Bench 1000 100 4 DSR NAT 2 DSR NAT 1 1 NAT DSR DSR 4 1 1.7 4.9KB Apache Bench [1] 27 http://www.soumu.go.jp/ johotsusintokei/whitepaper/ja/h27/html/nc372110.html 2015 9 8-14-
13-243 2015 1/2 Web 13-243 1 DoS DoS Denial of Service DoS DoS 2 [1] SYN Flood 2 SYN Flood SYN Flood TCP 3 3 SYN SYN/ACK ACK SYN Flood ACK SYN IP SYN/ACK ACK half-open SYN TCP 3 [2] SYN Flood TBF SYN Flood Web TBF 1 Web 1 1 Web 1 2 1 rate burst Web 1 rate burst Web SSH rate burst -15-
13-243 2015 2/2 1: TBF 4 5 TBF TBF Snort IDS SYN IP IP SYN SYN Flood ACK half-open 3 half-open 3 SYN Web 6 SYN Flood DoS SYN Flood DoS 1 2 IP IP spoofingsyn Flood IP [1] DoS -SOHO (Ver1.20) https://www.ipa.go.jp/ security/fy14/contents/soho/html/chap1/dos.html 2015 9 8 [2] Web 25-16-
13-396 2015 1/2 SSH 13-396 1 [1] SSH 2 [2] SSH Syslog IP Web IP 3 1 SSH Syslog rsyslog rsyslog syslog TCP syslog MySQL rsyslog SSH IP MySQL Web IP SSH rsyslog SSHのアクセスログを rsyslogに 収 集 MySQL 必 要 な 情 報 を 抽 出 Mail レポート Web レポート 1: IP PHP Web IP GeoIP[3] GeoIP MaxMind IP -17-
13-396 2015 2/2 2: Web 3: Web 4 SSH 2015 8 1 0:00 2015 8 31 23:59 Web 2 IP GeoIP 3 2 3 SSH SSH 5 Web Unix SSH SSH kippo [1] (2015) 2015 p.10 [2] SSH 2013 [3] GeoIP - MaxMind https://www.maxmind.com/ 2015 9 12-18-
12-2 2015 1/2 12-2 1 [1] GDP 7,300 2 2.1 Weka Weka Time series forecasting environment Weka 3 [2] TREND IP IP 1 6 TREND IP 1 6 F IP TREND 1: IP IP A 110.189.168.171 24 0.96 B 81.19.35.170 24 0.90 C 114.114.96.20 23 0.98 D 61.178.127.140 20 0.98 E 94.232.10.19 20 0.97 F 113.106.90.199 20 0.84-19-
12-2 2015 2/2 2: s-1 s-6 s-1 s-2 s-3 s-4 s-5 s-6 4 2011 1 12 12 s-1 s-6 6 2 1. n1 s-1 s-1 n1 A 2. s-1 B 3. A B n1 s-1 Weka 5 [1] 2008 3 25 http://www.soumu.go.jp/ main sosiki/joho tsusin/policyreports/chousa/mail ken/pdf/080325 2 3.pdf 2015 9 13 [2] 2012-20-
12-182 2015 1/2 IPS IRC 12-182 1 [1] C&C IRC IRC IPS 2 C&C DDoS C&C IRC IRC [2] CCC Dataset2013[3] IRC 4 IRC 3 IRC IRC TCP/IP IRC IRC 4 IRC NICK IRC NICK IRC IRC XChat IRC NICK 8 IRC IPS IRC NICK 8 IPS 1: -21-
12-182 2015 2/2 1: IRC IRC OS ngircd CentOS6.5 ircd-hybrid CentOS6.5 InspIRCd Windows7 2: IRC IRC OS kaiten CentOS6.5 perlbot CentOS6.5 sdbot WindowsVista dorkbot WindowsVista Agobot WindowsVista IRCbot WindowsVista Rbot WindowsVista IDS Snort-2.9.7.0 OS CentOS 6.5 5 NICK IRC 1 IRC IRC 1 IRC IRC C&C IRC 2 IRC 6 IRC IRC IRC IRC IRC [1] IPA http://www.ipa.go.jp/files/ 000017745.pdf 2015 9 4 [2] IRC 2013 Vol 2013 No 11 pp 139-146 2013 [3] Vol 2009 No 11 pp 1-8 2009-22-
12-282 2015 1/2 CAPTCHA 12-282 1 Web CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) [1] CAPTCHA Web CAPTCHA CAPTCHA CAPTCHA CAPTCHA CAPTCHA Web [2] 2 CAPTCHA CAPTCHA CAPTCHA Google Yahoo! Microsoft Web 3 [3] CAPTCHA 4 s b k b 1 b 2... b k B (1) B = {b 1 b 2... b k } (1) -23-
12-282 2015 2/2 n M (2) M = {s b 1 b 2... b (n 1) } (2) 1 5 1 2 1 2 1 1: 2 2 6 1 2 1 2 10 6 CAPTCHA [1] Carnegie Mellon University : CAPTCHA: Telling Humans and Computers Apart Automatically, http://www.captcha.net, ( 2015-09-10). [2] W3C: Inaccessibility of CAPTCHA Alternatives to Visual Turing Tests on the Web W3C Working Group Note 23 November 2005, http://www.w3.org/tr/turingtest/, ( 2015-09-10) [3] IT Text 2002-24-
12-309 2015 1/2 12-309 1 ID ID ID ID ID 2 [1] 13 FRR False Reject RateFAR False Accept Rate FAR [2] Yahoo goo Web Web Jaccard Simpson 50 ( ) ( ) 3 4 FRR FAR -25-
12-309 2015 2/2 1: 1 2 3 4 5 6 7 8 9 10 0 38 25 38 50 50 38 63 75 75 4.1 8 Google 10 1 7 8 3 5 7 10 8 6 5 10 4.2 goo MeCab Jaccard Simpson 5 8 FRR FAR [1] 21 [2] Web AI 108(119) pp. 75-80 2008-26-
12-340 2015 1/2 12-340 1 2 Microsoft Windows 8 [1] 3 3 3 3 Android 25-27-
12-340 2015 2/2 key input key 125 75 input key 100 100 (1) (1) 4 5 V 10 1 9 1: (%) 100 V 100 90 100 6 [1] http://blogs.msdn.com/b/b8 ja/archive/ 2011/12/22/signing-picture-password.aspx 2015 9 6-28-
12-367 2015 1/2 12-367 1 McAfee [1] 2015 2 4,500 1 340 2 [2] Intel Dynamically Binary InstrumentationDBI Pin[3] DBI [4] telock PESpin Pin 3-29-
12-367 2015 2/2 0 0 1 n n+1 4 OllyDbg v1.10 [5] OllyDbg Plugin Development Kit 1.10 [6] 4.1 1 1: MOV (BYTE WORD DWORD) PTR DS : [ ( EAX ECX EDX EBX ESP EBP ESI EDI ) ]. 4.2 Map 4.3 GUI 2 5 [1] McAfee 2015 2 http://www.mcafee.com/jp/ threat-center/report/download91.aspx 2015 9 14 [2] The 30th Symposium on Cryptography and Information Security 2013 [3] Pin - A Dynamic Binary Instrumentation Tool https://software.intel.com/ en-us/articles/pintool 2015 9 14 [4] Piotr Bania Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs p.2 2009 [5] OllyDbg v1.10 http://www.ollydbg.de/ 2015 9 14 [6] Plugin Development Kit 1.10 http://www.ollydbg.de/pdk.htm 2015 9 14-30-
12-377 2015 1/2 12-377 1 3 3 2 [1] 3 3 3 [2] 3 iphone 1 4 3-31-
12-377 2015 2/2-1 1-1 1 0.8 1: 4 8 5 5 100% 1.575 1.050 0.9 0.0 0.5 0.8 0.7 0.9 5 100% XYZ [1] 24 [2] 26-32-
12-378 2015 1/2 P2P 12-378 1 P2P Chord 2 DHT Distributed Hash Table DHT Chord [1] Chord 3 Chord Chord Successor List n Successor List Successor 4 P2P [2] Chord P2P [3] -33-
12-378 2015 2/2 XOR 1 XOR 5 Chord 1 Successor 分 割 データ1 分 割 データ3 先 頭 から 順 に 分 割 した ファイルを 配 置 する. 分 割 データ2 1: 入 力 データ ファイル サイズの 大 きいファイルを チャンクごとに 分 割 する. Successor 6 [1] Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M. Frans Kaashoek, Frank Dabek, and Hari Balakrishnan Chord: A Scalable Peer-to-Peer Lookup Protocol for Internet Applications IEEE/ACM TRANSACTIONS ON NETWORKING VOL. 11, NO. 1, FEBRUARY 2003 [2] P2P 23 [3] P2P 26-34-