標的型攻撃のシナリオ再現環境の構築(サービス管理,運用管理技術,セキュリティ管理及び一般)

津田 侑; 神薗 雅紀; 遠峰 隆史; 安田 真悟; 三浦 良介; 宮地 利幸; 衛藤 将史; 井上 大介; 中尾 康二

Presentation	2014/5/15 Implementation of an Environment for Reproducing Targeted Attacks Yu TSUDA, MASAKI KAMIZONO, TAKASHI TOMINE, SHINGO YASUDA, RYOSUKE MIURA, TOSHIYUKI MIYACHI, MASASHI ETO, DAISUKE INOUE, KOJI NAKAO,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	Targeted attacks which aimed at a specific orgnization or company become an object of public concern. Targeted attacks have some attacking phases, for instance reconnaissance, installation exploitation and so on. According to some analyzing reports, attackers use various tools. Most of analyzing reports have results which include attacking tools and malwares individually. Therefore, relevances among the individual results are complemented of scenarios which analysts suppose, because analysts can not obtain attaking environments and harmful environments substantially. In this paper, we implement an environment for reproducing whole scenarios of targeted attacks in order to observing attackers' activities precisely. The environment has some attaking tools and a simulated C&C server as an attacker's zone. Also, we implement a victim's zone like a company's computing environment which is targeted from attackers. In addition, the environment has supporting zone which is used for reproducing attacking scenarios easily. At last, we produce a scenario of a targeted attack in this environment and discuss this environment with some logs such as Windows event logs, some server logs and network traffic data on the victim's zone.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)
Paper #	Vol.2014-CSEC-65 No.18,Vol.2014-IOT-25 No.18
Date of Issue

Conference Information
Committee	ICM
Conference Date	2014/5/15(1days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To	Information and Communication Management(ICM)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Implementation of an Environment for Reproducing Targeted Attacks
Sub Title (in English)
Keyword(1)
1st Author's Name	Yu TSUDA
1st Author's Affiliation	Cybersecurity Research Center, National Institute. of Information and Communications Technology()
2nd Author's Name	MASAKI KAMIZONO
2nd Author's Affiliation	Cybersecurity Research Center, National Institute. of Information and Communications Technology:Advanced Research Laboratory, SecureBrain Corporation
3rd Author's Name	TAKASHI TOMINE
3rd Author's Affiliation	Cybersecurity Research Center, National Institute. of Information and Communications Technology
4th Author's Name	SHINGO YASUDA
4th Author's Affiliation	Cybersecurity Research Center, National Institute. of Information and Communications Technology
5th Author's Name	RYOSUKE MIURA
5th Author's Affiliation	Cybersecurity Research Center, National Institute. of Information and Communications Technology
6th Author's Name	TOSHIYUKI MIYACHI
6th Author's Affiliation	Cybersecurity Research Center, National Institute. of Information and Communications Technology
7th Author's Name	MASASHI ETO
7th Author's Affiliation	Cybersecurity Research Center, National Institute. of Information and Communications Technology
8th Author's Name	DAISUKE INOUE
8th Author's Affiliation	Cybersecurity Research Center, National Institute. of Information and Communications Technology
9th Author's Name	KOJI NAKAO
9th Author's Affiliation	Cybersecurity Research Center, National Institute. of Information and Communications Technology
Date	2014/5/15
Paper #	Vol.2014-CSEC-65 No.18,Vol.2014-IOT-25 No.18
Volume (vol)	vol.114
Number (no)	43
Page	pp.pp.-
#Pages	6
Date of Issue