スキャン活動のON/OFFパターンに着目したブラックリストの掲載継続ポリシーの有効性調査

Presentation	2020-03-06 Analyzing Effectiveness of Blacklisting Policy Focusing on ON/OFF Pattern of Scan Activities Takashi Fujita, Naoki Fukushi, Masato Uchida,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	A blacklist registers IP addresses and domain names found to be involved in malicious activity. Blacklist providers set a period for registering IP addresses and domain names in their blacklist after the final observation of the attack following their blacklisting policy. In contrast, scanning activities observed by blacklist providers are diversifying. Thus, the existing blacklisting policy determined uniformly for each blacklist may be insufficient to protect users. In this study, we verified the validity of the existing blacklisting policy by analyzing the diversity of blacklisted IP addresses that perform scanning activities, focusing on their ON/OFF patterns. A measurement using the darknet with /8 network and four types of blacklists revealed that scanning activities had a high diversity in terms of the attack duration and that it was difficult for blacklist providers to observe this diversity.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Blacklist / Scan / Darknet
Paper #	CQ2019-151
Date of Issue	2020-02-27 (CQ)

Conference Information
Committee	IE / IMQ / MVE / CQ
Conference Date	2020/3/5(2days)
Place (in Japanese)	(See Japanese page)
Place (in English)	Kyushu Institute of Technology
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair	Hideaki Kimata(NTT) / Toshiya Nakaguchi(Chiba Univ.) / Kenji Mase(Nagoya Univ.) / Hideyuki Shimonishi(NEC)
Vice Chair	Kazuya Kodama(NII) / Keita Takahashi(Nagoya Univ.) / Mitsuru Maeda(Canon) / Kenya Uomori(Osaka Univ.) / Masayuki Ihara(NTT) / Jun Okamoto(NTT) / Takefumi Hiraguri(Nippon Inst. of Tech.)
Secretary	Kazuya Kodama(NTT) / Keita Takahashi(NHK) / Mitsuru Maeda(Shizuoka Univ.) / Kenya Uomori(Sony Semiconductor Solutions) / Masayuki Ihara(Nagoya Univ.) / Jun Okamoto(NTT) / Takefumi Hiraguri(Nippon Inst. of Tech.)
Assistant	Kyohei Unno(KDDI Research) / Norishige Fukushima(Nagoya Inst. of Tech.) / Hiroaki Kudo(Nagoya Univ.) / Masaru Tsuchida(NTT) / Keita Hirai(Chiba Univ.) / Satoshi Nishiguchi(Oosaka Inst. of Tech.) / Masanori Yokoyama(NTT) / Shogo Fukushima(Univ. of ToKyo) / Chikara Sasaki(KDDI Research) / Yoshiaki Nishikawa(NEC) / Takuto Kimura(NTT)

Paper Information
Registration To	Technical Committee on Image Engineering / Technical Committee on Image Media Quality / Technical Committee on Media Experience and Virtual Environment / Technical Committee on Communication Quality
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Analyzing Effectiveness of Blacklisting Policy Focusing on ON/OFF Pattern of Scan Activities
Sub Title (in English)
Keyword(1)	Blacklist
Keyword(2)	Scan
Keyword(3)	Darknet
1st Author's Name	Takashi Fujita
1st Author's Affiliation	Waseda University(Waseda Univ.)
2nd Author's Name	Naoki Fukushi
2nd Author's Affiliation	Waseda University(Waseda Univ.)
3rd Author's Name	Masato Uchida
3rd Author's Affiliation	Waseda University(Waseda Univ.)
Date	2020-03-06
Paper #	CQ2019-151
Volume (vol)	vol.119
Number (no)	CQ-455
Page	pp.pp.87-92(CQ),
#Pages	6
Date of Issue	2020-02-27 (CQ)