8. humancrypt and network security (1) intrusion detection ......8. humancrypt and network security...

1

8. Humancrypt and Network Security(1) Intrusion Detection SystemsIntroduction & Results

Megrocrypt 06March 1, 2006

The University of Tokyo

Abdulrahman Alharby (Imai Lab)Takahiro Matsuzaki (Matsuura Lab)

March 1, 2006 Alharby,Matsuzaki - Megrocrypt06 2

Network security: (risks, mistakes)Intrusion definition and examplesProtection techniquesIntrusion detection systems

ApproachesTechniquesLimitationsFuture

Our resultsPublications

Roadmap

2


– Highly efficient, and flexible communications protocol for local and global communications

– Widely adopted on the global Internet and in the internal networks of large corporations

– Was designed twenty years ago when the Internet consisted of a few hundred closely controlled hosts with limited security

– Now connects millions of computers, controlled by millions of individuals and organizations

– Core network is administered by thousands of competing operators

TCP/IP is vulnerable to a number of malicious attacks

Network Security – Risks Open architecture of TCP/IP


Most common types attacks include:– Unauthorized access:

• insecure hosts, cracking– Eavesdropping a transmission:

• looking for passwords, credit card numbers– Hijacking, or taking over a communication:

• inspect and modify any data being transmitted– IP spoofing:

• Impersonate to fool access control mechanisms • redirect connections to a fake server

– DoS attacks: • By using up all available system resources for the service

(CPU, memory, bandwidth)

Network Security - Risks

3


1. Connecting systems to the Internet before hardening them.

2. Connecting test systems to the Internet with default passwords

3. Failing to update systems when security holes are found 4. Using unencrypted protocols for managing systems,

routers, firewalls, and PKI. 5. Implementing firewalls with rules that don't stop

malicious 6. Failing to implement or update virus detection software 7. Failing to know on what to look for and what to do when

see a potential security problem.

Network Security - IT People Mistakes


An intrusion can be defined as: “any set of actions that attempt to compromise the:

• Integrity• confidentiality, or • availability

of a resource”.

What is an intrusion?

4


• Virus• Buffer-overflows• Denial of Service (DOS)

– explicit attempt by attackers to prevent legitimate users of a service from using that service.

• Address spoofing– a malicious user uses a fake IP address to send

malicious packets to a target.• Many others

– R2L, U2R, Probe, …

Intrusion Examples


• Primary protection line– Firewall– Authentication– Encryption– Humancrypt

Protection techniques

5


• HumancryptIt is a cryptographic approach to information security issues concerning relation between human beings and computers.

– Cryptographic techniques to make authentic user’s access to computers secure and easy

– Human interface techniques to make cryptosystems easy to use– Techniques to generate confidence in the use of cryptosystems– Techniques to incorporate human factors into cryptosystems– Techniques to tolerate human mistakes in information security

Protection techniques - Humancrypt


• Humancrypt– Generating Biometric Keys from Voice [*]– Generating Biometric Keys from Handwritten Signatures[**]– Generating Biometric Keys based on a dynamic graphical passwords [***]

[*] H. Feng and C.C. Wah: Private Key Generation from On-line Handwritten Signatures, Information Management & Computer Security, vol. 10, no. 4, pp. 159—164 (2002)

[**] F. Monrose, M.K. Reiter, Q. Li, D.P. Lopresti and C. Shih: Toward Speech-Generated Cryptographic Keys on Resource Constrained Devices, Proc. of the 11th USENIX Security Symposium (2002)

Protection techniques - Humancrypt

[***] Masato AKAO,Shinji YAMANAKA,Goichiro HANAOKA,Hideki IMAI : Personal Entropy from Graphical Passwords: Methods for Quantification and Practical Key Generation, IEICE Transaction, Vol.E87-A No.10 pp.2543-2554 2004/10

6


Intrusion Detection System (IDS)

• Secondary protection line– Intrusion detection systems IDS

(Content inspection)

• Definition:IDS inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system


–Host-based attacks• Gain access to privileged services or

resources on a machine.

–Network-based attacks• Make it difficult for legitimate users to

access various network services

Attack Types

7


Intrusion detection systems are split into two groups:

– Anomaly detection systems• Identify malicious traffic based on deviations

from established normal network.– Misuse detection systems

• Identify intrusions based on a known pattern (signatures) for the malicious activity.

IDS Categories


Usual changes due to traffic etc may lead higher number of false alarms

Specific to attacks cant extend to unknown intrusion patterns( False Negatives)

Pros and Cons

Concept

Technique

Are trained using normal behavior of the systemTry to flag the deviation from normal pattern as intrusion

Model well-known attacksuse these known patterns

to identify intrusion.

Anomaly-based IDSMisuse-based IDS

IDS Approaches

8


Are installed locally on host machines

Are installed on N/W SwitchesDetect some of the attacks, that host-based systems don’t. Eg. DOS, Fragmented Packets.

Host-BasedNetwork-Based

• None provides a complete solution • A hybrid approach using HIDS on

local machines as well as powerful NIDS on switches for both techniques (Misuse & Anomaly)

RecommendedApproach

IDS Approaches


Goal of IDS is to detect an intrusion as it happens and be able to respond to it.

– False positives:• A false positive is a situation where something

abnormal (as defined by the IDS) happens, but it is not an intrusion.

• Too many false positives

– False negatives:• A false negative is a situation where an intrusion

is really happening, but IDS doesn't catch it.

IDS alarms (accuracy)

9


• Disable it!!– Blind the sensors– Blind the event storage

(Snow blind)• Spoofed addresses

masking the real attack

– DoS - Denial of Service attacks

– Hacking IDS

• Evade it!!– Fragmentation

• Most IDSs so not have the ability to reassemble IP packets

– Avoiding Default Port Numbers– Address Spoofing– And one more..

• Send TCP TYN packet to open a connection, no “close” packet

• IDS will think nothing of it and move on• Wait for a while, before the connection

closes– Attack!!!

Hacking IDS


• Integrated approaches of IDS:– Network and host-based in one system (some products already do

this in a limited way);• Better management and reporting tools.• Event correlation:

– Correlate a number of sub-events which individually do not indicate an attack but which when viewed in combination do.

– Requires much more sophisticated software and data processing.– Potentially much better attack detection.

• Statistical Anomaly Detection in products?• Intrusion Protection Systems • Intrusion Tolerant Systems

IDS – The Future

10


• Limitations of Signature-based IDS– Signature database has to be manually revised for each

new intrusion– latency in deployment of newly created signatures

• Limitations of Anomaly-based IDS– False Positives – alert when no attack exists. High

number of false alarms due to previously unseen legitimate behavior.

• Data Overload – The amount of data for analysts to examine is growing

too large. This is the problem that data mining looks to solve.

Intrusion Detection Limitations


Snort www.snort.orgISS RealSecure www.iss.netNFR www.nfr.comPortSentry www.psionic.com

• Tripwire - early HIDS - file integrity checker.• ISS RealSecure – HIDS and NIDS combined.• Cisco Secure IDS – NIDS.• Symantec NetProwler – NIDS.• Selecting the right product depends on many factors:

– Cost, performance, stability of product and vendor, security objectives, ease of management…

IDS products

11


The Problem …Attacks of ordered process

• Intruders typically target more than one machine or more than one network segment.

• Within one machine intruder may execute many ordered commands.• Intrusions attacks steps occur in ordered actions.

Is it possible to detect ordered actions in more efficient way?

Ordered action attacks detection…

References: [82] [85] [257] [262]

Our research (1/6) …


Basics:• IDS Alarms types: Real alarms, Fake alarms (False alarms)• Fact: IDS system trigger tons of alarms (thousands per day!!), most of

them actually false.• Identifying real alarms from huge volume of alarms is a big task of the

security staff.• Security officer can miss real alarms easily.

Therefore:Reducing false alarms is critical issue in efficiency and usability of IDSs

IDS False Alarm Reduction…

References: [82] [85] [256] [257] [262]


12


IDSIDS

DATA Collection

Attack or normal

User’sPrivacyviolated

{

IDS user’s Privacy (Privacy violation)…

Reference: [83]



The Problem …How to control the action of the agents in the sense of:

• Many Agents (Ai)• Different hosts (hosti)• Different companies (competitors)• Sensitive data• More scalable• No single point of failure

• Not only this.. But also… Security..?!?

Opennetwork

Distributed IDS Architecture…

References: [84] [259]


13


Definition:Security protocols: are a series of exchanged messages between two parties or more to achieve some security goals. Example: NSCKP, Wide-mouth frog, Kerberos, …

Off-line flaws detectionFormal Methods

- Logics of knowledge and belief- Algebraic approaches

If the formal methods used to discover attacks on STATIC Security protocols !! Is it possible to use IDS systems to detect attacks on DYNAMIC Security protocols !!

Question … ?

IDS for Security Protocols Protection…

References: [81] [86] [255] [260]



Detection of Unknown DoS Attacks by Kolmogorov-Complexity Fluctuation

Normaluser

Target

Attacker

Detectionsystem

Legitimate

Flooding

{K(X1) + K(X2) +…+ K(Xm)} - K(X1||X2||…||Xm)If packets have high correlation, KC differential becomes larger

Our research (6A/6) …

References: [262]

14


Basic ResultsOur research (6B/6) …


[255] Abdulrahman Alharby and Hideki Imai, Security Protocols Protection Based on Anomaly Detection, IEICE Transactions on Information and Systems, ISSN 0916-8532, Vol.E89-D No.1 pp.189-200 2006/1

[256] Abdulrahman Alharby and Hideki Imai, IDS False Alarm Reduction Using Continuous and Discontinuous Patterns, In Proceedings of Third International Conference, ACNS 2005, New York, NY, USA, June 7-10, 2005, Proceedings. Lecture Notes in Computer Science (LNCS 3531) 2005, ISBN 3-540-26223-7, pp. 192-205

[257] Abdulrahman Alharby and Hideki Imai, Hybrid Intrusion Detection Model Based on Ordered Sequences, In Proceeding of Third International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2005, St. Petersburg, Russia, September 25-27, 2005, Proceedings. Lecture Notes in Computer Science (LNCS 3685) Springer 2005, ISBN 3-540-29113-X. pp. 352-365

Publications I/III

15


[258] Abdulrahman Alharby, Hanane Fathi and Hideki Imai, Energy-efficient and Secure Cluster-head Selection for Intrusion Detection Systems in Mobile Ad Hoc Networks, In Poster session of the 8th International Symposium on Wireless Personal Multimedia Communications (WPMC 2005), Aalborg, Denmark, Sep 18-24, 2005

[259] Abdulrahman Alharby and Hideki Imai, Secure Architecture For Distributed Intrusion Detection Systems, (SITA2005), pp. 893-896, Okinawa, Japan, Nov 19-23, 2005

[260] Abdulrahman Alharby and Hideki Imai, Security Protocols Protection Based on Anomaly Behaviour of Selected Features, In the Proceeding of The 2006 Symposium on Cryptography and Information Security (SCIS 2006), Hiroshima, Japan, Jan 17-20, 2006

Publications II/III


[262] Takayuki Furuya, Takahiro Matsuzaki, and Kanta Matsuura, Detection of Unknown DoS Attacks by Kolmogorov-Complexity Fluctuation, In Proc. of SKLOIS Conference on Information Security and Cryptology, Dec 15-17, 2005, Beijing, China

Manuscript:

[261] Abdulrahman Alharby and Hideki Imai, A Continuous and Discontinuous Patterns Algorithm for Intrusion Detection and False Alarm Reduction, Submitted to IEICE Transactions, (Available upon request)

Publications III/III

16


[81] Abdulrahman Alharby and Hideki Imai, Anomaly Detection Models For Security Protocols Attacks, In Proc. Of Inter. Symposium on Information Theory and its Applications (ISITA2004), Parma, Italy, Oct 04.

[82] Abdulrahman Alharby and Hideki Imai, Use of Sequential Patterns for Intrusion Detection-Preliminary version, In Proceeding of The 5th International Workshop on Information Security Applications (WISA 2004), Jeju island, Korea, pp. 671-678, Aug 23-25, 2004

[83] Abdulrahman Alharby and Hideki Imai, Revocable anonymous schemes for intrusion detection system user’s privacy, In the Proceeding of The 26th Symposium on Information Theory and Its Applications (SITA 2003), Awaji Island, Japan, Dec 15-18, 2003

References I/II


[84] Abdulrahman Alharby and Hideki Imai, Cooperative agents for Intrusion Detection systems, In the Proceeding of The 27th Symposium on Information Theory and Its Applications (SITA 2004), pp 319-322, GeroGifu, Japan, Dec 14-17, 2004.

[85] Abdulrahman Alharby and Hideki Imai, Sequential Patterns Based Intrusion Detection Model, The 2004 Symposium on Cryptography and Information Security (SCIS 2004), pp. 1151-1154, Sendai, Japan, Jan 27-30, 2004

[86] Abdulrahman Alharby and Hideki Imai, Security Protocols Attacks Detection Based on Bayesian Network, In the Proceeding of The 2005 Symposium on Cryptography and Information Security (SCIS 2005), Maiko Kobe, Japan, Jan 25-28, 2005

References II/II

1

1

８．ヒューマンクリプトとネットワークセキュリティ（２）

今井研究室：細井琢朗田村研輔（警察庁）

松浦研究室：大福泰樹黄興華李鎮

2006年3月1日

今井・松浦研究室研究発表会

2

ネットワークセキュリティ• 社会基盤としてのITネットワーク

– e-japan構想の進展

– 電子商取引の伸展（EC化率＝14.7%（2004年））

• 脅威、攻撃、妨害

– ネットワークを利用した侵入（予備）行為

– 脆弱性の存在

– サービス不能（DoS）攻撃

– 迷惑メール

ネットワークへの接続＝脅威に晒される

– 防御、対策

2

3

研究の位置づけ• ネットワーク利用者・管理者の負担の軽減

– 攻撃検知 ↔膨大な検知情報、事後検知、・・・• 広域ネットワークの攻撃予測

– 発信元の特定 ↔広い探索範囲、少ない手掛り、・・・• IPトレースバック

– 迷惑メール対策 ↔遮断／許可の誤判定、更新、・・・• 電子メールセキュリティ

○ ヒューマンクリプト

精度の高さ

– 検知漏れ

– 検知結果の空振り ○（空振り）不可

（検知漏れ）○許可

攻撃正規結果入力

4

広域ネットワークの攻撃予測（１）問題意識

• 問題意識インターネットに蔓延する攻撃・ワームの活動、事後検知、zero-day attack

• 目的IDS、F/W等による事後検知だけに頼らず、ネットワーク上に今まさに広がりつつある攻撃等からネットワークを防御する。（＝攻撃予測）

• 手法– 時系列分析を用いた攻撃件数の予測[117]– ワームの拡散予測[118][119][120]– 攻撃の早期検知、警報システム[119][120]

• ネットワーク上の攻撃観測拠点

3

5

広域ネットワークの攻撃予測（２）研究方法

• 警察庁インターネット定点観測システム（全国57箇所）において収集した攻撃検知ログを分析して、攻撃予測を行い、管理者に提供する[264]。– IPアドレス（＋TCP/UDPポート）毎の攻撃を予測– 管理者のデシジョンサポート[114]– 様々な攻撃の早期検知

• 方法– （予測：）攻撃検知ログ

→直近の攻撃の他の観測点への攻撃確率– （推定：）予測＋「IPアドレス空間上補間」[136]

→観測点以外への攻撃確率– IPアドレス（＋TCP/UDPポート）への攻撃の有無を、対策用情報（攻撃元IPアドレス等）と共に提供。

6

広域ネットワークの攻撃予測（３）研究結果

• 予測精度（精度＝攻撃の予測に成功した割合）– IPアドレス空間上補間の効果：大（単純平均による推定に比べて一桁程の精度向上）

– 特異な観測点の影響：除いた方が、精度は向上（検知漏れ減少）。

• 予測効率（効率＝予測候補の内、無攻撃予測の割合）– 特異な観測点の影響：除いた方が、効率は低下（空振り増加）。

• 無差別攻撃／局所的攻撃の両方に有効。

4

7

IPトレースバック

（１）問題意識• 問題意識

発信元IPアドレスの詐称等による発信元ホストの逆探索（追跡）困難性[92]

• 目的受信パケットの送信元IPアドレスとは無関係にネットワーク伝送経路を追跡し、発信元ホストを特定する。

• 手法– リンク検査法[138]– パケットマーキング法[144][147][148][149]– ロギング法[141]– ．．．

S1 S2 S3

R5 R6R7

R4R3

R2

R1

D

8

IPトレースバック（２）研究方法

• パケットマーキング法IPヘッダ中に書き込む「マーク」のデータ量と追跡能力の

トレードオフ

• 少量のデータでマーキングを行い、１パケットでも追跡できるIPトレースバック手法を提案、評価

– 決定論的マーキング法 ← データ使用量の効率化

– 追跡時のパケット選別・経路データ抽出の問題解決

情報劣化→偽陽性増加

最初のルータ（エッジルータ）での特別処理（初期化）

5

9

IPトレースバック（３）研究結果

• 提案方式[266]– (a) XOR方式（参考[144]）

マークの排他的論理和の積み重ね

– (b) 部分上書き方式（参考：[148]）領域の一部のみにマークを上書きし、混ぜる。

– (c) Bloomフィルタ方式[153]Bloomフィルタを用いてマークを積み重ねる。

• 評価– （精度）偽陰性（検知漏れ）：無し

偽陽性（空振り）：中～高

– （効率）追跡探索負荷：低追跡探索範囲：全探索（a,b）、部分（c）

10

電子メールセキュリティ（１）問題意識

• 問題意識スパムメール、フィッシングメール等の電子メールを悪用した妨害・犯罪の発生

• 目的正当なメールと迷惑メールを的確に分類

• 迷惑メールフィルタリング手法– メールヘッダ、本文 [170][192][193]– ホワイトリスト [190]– ネットワーク技術 [182][197]– 送信者認証（ドメイン、電子署名など） [195][202]– 法律、ポリシー

6

11

電子メールセキュリティ（２）研究方法

• ベイジアンフィルタと、ホワイトリスト・ブラックリストを使う手法を組み合わせ、効率的にメールを分類[267]– (I) ベイジアンフィルタ[192]

ベイズ理論を用いた統計的手法（判定不能が少ない）。

– (II) ホワイトリスト・ブラックリスト[121]メールの送受信関係から抽出される社会ネットワーク（ＳＮＡ）を用いて作成（誤判定が少ない）[194]。

• 統合– 受信メール → (II) → (I) →分類。

– (a) (II) では正当なメールの判定のみ行う。

– (b) (I) の結果を用いてリスト更新の補正。

• 日本語メールの取り扱い

正しく判定誤判定

判定不能

(I)

(II)イメージ

12

電子メールセキュリティ（３）研究結果

• 実験データ特定の平成１６年度に研究室で受信したメール2838通（正当なメール：1445通、迷惑メール：1393通）

• 評価指標（精度）– 誤通過率：迷惑メールを正当なメールと誤判定する割合（検知漏れ）

– 誤遮断率：正当なメールを迷惑メールと誤判定する割合（空振り）

– 誤判定率：誤遮断・誤通過させる割合

– 成功率：誤判定にも判定不能にもならなかった割合

• 評価結果– 成功率： (I)97.4%、(II)46.6%、 → （統合）98%超

– 誤遮断率の低下（(a)の効果）、誤通過率の上昇抑制（(b)の効果）

○ 性質の異なる二つの判定法の統合→精度の向上。

7

13

まとめ• 広域ネットワークの攻撃予測– インターネット定点観測のログを利用した管理者向け攻撃予測情報の通知 ⇒ 管理者の負担軽減

– IPアドレス空間上補間 ⇒ 精度の大幅な向上

• IPトレースバック– １パケットでも追跡できる ⇒ 利用者の負担軽減– 決定論的パケットマーキング法 ⇒ 偽陽性の低減

• 電子メールセキュリティ– 統計的手法とホワイトリストの併用 ⇒ 精度向上– 社会ネットワークを利用したリストの自動生成⇒負担減

○ 利用者・管理者の負担軽減 ⇔ ヒューマンクリプト– 生体認証と生体検知を併せた認証、署名システム[269]

14

発表文献（１）

[263] Kensuke Tamura, Kanta Matsuura, Hideki Imai, “Various viewpoints analysis of the actual and large-scale data by using the data mining technique”, 2005 IEEE International Carnahan Conference on Security Technology (ICCST2005), Spain, pp. 283-286, October 2005

[264]田村研輔, 松浦幹太, 今井秀樹, “インターネット空間補間技術を利用した局所的なIPアドレス範囲への攻撃予測手法の提案と事前防御への活用” （投稿中）

[265]細井琢朗, 松浦幹太, 今井秀樹, “Bloomフィルタを用いたパケットマーキング法によるIPトレースバックでの複数パケット利用追跡について”, コンピュータセキュリティシンポジウム2005論文集, pp.91-96, October 2005

[266] 細井琢朗, 松浦幹太, 今井秀樹, “暗号要素技術を用いない決定論的パケットマーキング法による単一パケット IPトレースバックについて”, 2006年暗号と情報セキュリティシンポジウム予稿集, January 2006

8

15

発表文献（２）

[267] 大福泰樹, 松浦幹太, “ベイジアンフィルタと社会ネットワーク手法を統合した迷惑メールフィルタリング”, コンピュータセキュリティシンポジウム 2005 (CSS2005), Vol.1, pp.325-330, October 2005

[268] 大福泰樹, 松浦幹太, “ベイジアンフィルタによる日本語を含むメールのフィルタリングについての考察”, 暗号と情報セキュリティシンポジウム 2006 (SCIS2006), January 2006

[269] Hsing-Hua Huang, “Digital Signature Scheme by Biometric Keys and Liveness Detection”, SCIS2006, January 2006

16

参考文献（１）

[114] O. Sami Saydjari, “Cyber Defense:Art To Science”, Communications of the ACM, Vol. 47, No. 3, pp. 53-57, March 2004

[117] Korzyk. A, “A forecasting model for internet security attacks”, In Proc. of the 21st National Information Systems Security Conference, pp. 99-110, 1998

[118] Z. Chen, L. Gao, K. Kwiat, “Modeling the spread of active worms,” in Proc. of IEEE INFOCOM, pp.1890-1900, March 2003

[119] S. Chen and S. Ranka. An internet-worm early warning system. In Proceedings of the IEEE Globecom 2004 - Security and Network Management, volume 4, pages 2261-2265, November 2004.

[120] C.C.Zou, W.Gong, D.Towsley, L.Gao, “The Monitoring and Early Detection of Internet Worms”, IEEE/ACM TRANSACTIONS ON NEETWORKING, Vol. 13, No. 5, October 2005

[121] E.Cooke, M.Bailey, Z.M.Mao, D.McPherson, “Toward Understanding Distributed Blackhole Placement”, in Proc. of WORM’04, Washington, DC, USA, October 29, 2004

[136] 田村研輔, 松浦幹太, 今井秀樹, “定点観測システム収集データを利用したインターネット空間補間手法の提案と早期異常検知への適用”, 2005年暗号と情報セキュリティシンポジウム(SCIS2005), Vol. 3, pp. 1381-1386, January 2005

9

17

参考文献（２）

[92] H. Aljifri, “IP Traceback: A New Denial-of-Service Deterrent?” IEEE Security & Privacy, Vol.1, No.3, pp.24-31, May/June 2003

[138] R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, In Proceedings of the 9th Usenix Security Symposium, pp.199-212, August 2000

[141] A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent, W. T. Strayer, “Single-Packet IP Traceback”, IEEE/ACM Transactions on Networking, Vol.10, No.6, pp.721-734, December 2002

[144] S. Savage, D. Wetherall, A. Karlin, T. Anderson, “Network Support for IP Traceback”, IEEE/ACM Transactions on Networking, Vol.9, No.3, pp.226-237, June 2001

[147] S. Belenky, N. Ansari, “IP Traceback With Deterministic Packet Marking”, IEEE Communications Letters, Vol.7, No.4, pp.162-164, April 2003

[148] A. Yaar, A. Perrig, D. Song, “Pi: A Path Identification Mechanism to Defend against DDoS Attacks”, IEEE Symposium on Security and Privacy 2003, May 2003

[149] M. Adler, “Tradeoffs in Probabilistic Packet Marking for IP Traceback”, In Proceedings of the STOC 2002, pp.407-418, May 2002

[153] 細井琢朗, 松浦幹太, 今井秀樹, “Ｂｌｏｏｍフィルタを用いたパケットマーキング法によるＩＰトレースバック”, コンピュータセキュリティシンポジウム 2004 (CSS2004), pp.181-186, October 2004

18

参考文献（３）

[170] G. Robinson, “Spam detection”, http://radio.weblogs.com/0101454/stories/2002/09/16/spamDetection.html, (2002)

[182] K. Li, M. Ahamad, “Resisting Spam Deliery by TCP Damping”, First Conference on Email and Anti-Spam, CEAS2004, (2004)

[190] M. Jakobsson, J. Linn, J. Algesheimer, “How to Protect Against a Militant Spammer”, Cryptology ePrint archive, report 2003/07, (2003)

[192] P. Graham, “A plan for spam”,http://paulgraham.com/spam.html, (2002)

[193] P. Graham, “Better bayesian filtering”, In 2003 Spam Conference, http://spamconference.org/proceedings2003.html, (2003)

[194] P. O. Boykin and V. Roychowdhury, “Leveraging social networks to fight spam”, IEEE Computer, Vol.38, No.4, pp.61-68, 2005

[195] Pobox.com, http://spf.pobox.com/[197] R. Clayton, “Stopping Spam by Extrusion Detection”, First Conference on Email and

Anti-Spam, CEAS2004, (2004)[202] Yahoo!, http://antispam.yahoo.com/domainkeys

参考文献（ヒューマンクリプトとネットワークセキュリティ）

[1] Alec Yasinsac, “An Environment for Security Protocol Intrusion Detection”, Journal ofComputer Security, Vol.10, No.1–2, pp.177–188, 2002.

[2] Alec Yasinsac, “Detecting Intrusions in Security Protocols”, ACM Workshop on IntrusionDetection, 7th ACM Conference on Computer and Communication Security, Nov. 2000.

[3] Ladislav Kohout, Alec Yasinsac, and Ernest McDuffie, “Activity Profiles for IntrusionDetection”, North American Fuzzy Information Processing Society – Fuzzy Logic and theInternet, pp.463–468, 2002.

[4] D. Dolev and A. C. Yao, “On the security of public key protocols”, IEEE Transactions onInformation Theory, 29(2), pp.198–208, 1983.

[5] D. Dolev, S. Even, and R. M. Karp, “On the security of ping-pong protocols”, Informationand Control, V.55, pp.57–68, 1982.

[6] Richard Kemmerer, Catherine Meadows, and Jonathan Millen, “Three Systems for Cryp-tographic Protocol Analysis”, Journal of Cryptology, 7(2), 1994.

[7] Michael Burrows, Mart’in Abadi, and Roger Needham, “Rejoinder to Nessett”, ACMSIGOPS Operating Systems Review, 24(2), pp.39–40, April 1990.

[8] M-J. Toussaint, “Deriving the complete knowledge of participants in cryptographic proto-cols”, In Advances in Cryptology - CRYPTO’91, Springer-Verlag, pp.24–43, 1992.

[9] M. J. Merritt, “Cryptographic Protocols”, Ph.d. thesis, Georgia Institute of Technology,1983.

[10] Catherine Meadows, “Formal Verification of Cryptographic Protocols: A Survey”, Ad-vances in Cryptology, Asiacrypt 1994, LNSC 917, pp.133–150, Springer-Verlag, 1995.

[11] Dorothy E. Denning, “An intrusion-detection model”, IEEE Transactions on SoftwareEngineering, Vol.13, Issue 2, Special issue on computer security and privacy, pp.222–232,1987.

[12] A. K. Ghosh, J. Wanken, and F. Charron, “Detecting Anomalous and Unknown IntrusionsAgainst Programs”, Proc. 1998 Computer Security Applications Conf., pp.259–267, 1998.

[13] D. Barbara, J. Couto, S. Jajodia, L. Popyack, and N. Wu, “ADAM: Detecting Intrusions byData Mining”, Proc. 2001 IEEE Workshop Information Assurance and Security, pp.11–16,June 2001.

[14] D. Anderson, T. Frivold, and A. Valdes, “Next-Generation Intrusion Detection ExpertSystem (NIDES) A Summary”, Computer Science Laboratory, SRI International, May1995.

[15] S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Logstaff, “A Sense of Self for Unix pro-cess”, Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, pp.120–128, 1996.

[16] Thomas Y. C. Woo , Simon S. Lam, “Authentication for Distributed Systems”, Computer,Vol.25, No.1, pp.39–52, January 1992.

[17] Ulf Carlsen, “Using Logics to Detect Implementation-Dependent Flaws”, In Proceedings ofthe Annual Computer SecurityApplications Conference, pp.64–73. IEEE computer SocietyPress, LosAlamitos, California, Dec. 1993.

[18] P. Syverson, “A Taxonomy of Replay Attacks”, Proc Seventh Computer Security Founda-tions Workshop, pp.131–136, June 1994.

[19] V. Hallivuori, M. Kousa, “Denial of service attack against SSH key exchange”, TelecommSoftware and Multimedia Laboratory, Helsinki Univ. of Technology, Nov. 2001.

[20] N. Ye and Q. Chen, “An Anomaly Detection Technique Based on a Chi-Square Statisticfor Detecting Intrusions into Information Systems”, Proc. Quality and Reliability Eng.International, Vol.17, No.2, pp.105–112, 2001.

[21] Wenke Lee, Salvatore J. Stolfo, “Data Mining Approaches for Intrusion Detection”, InProceedings of the 7th USENIX Security Symposium, 1998.

[22] Nir Friedman , Dan Geiger , Moises Goldszmidt, “Bayesian Network Classifiers”, MachineLearning, Vol.29 No.2–3, pp.131–163, Nov./Dec. 1997.

[23] T. Dean, K. Kanazawa, and J. Shewchuk, “Prediction, observation, and estimation inplanning and control”, In IEEE Symp. on Intelligent Control, pp.645–650, 1990.

[24] Tawfik Ahmed Y, Neufeld Eric, “Temporal Bayesian networks”, In Proceedings of FirstInternational Workshop on Temporal Representation and Reasoning (TIME), pp.85–92,1994.

[25] Daniel J. Burroughs, Linda F. Wilson, and George V. Cybenko, “Analysis of DistributedIntrusion Detection Systems Using Bayesian Methods”, In Proceedings IEEE Conferenceon Performance, Computing and Communications, 2002.

[26] Christopher Kruegel, Darren Mutz, William Robertson and Fredrik Valeur, “BayesianEvent Classification for Intrusion Detection”, In Proceedings of the 19th Annual Com-puter Security Applications Conference (ACSAC), IEEE Computer Society Press. USA,December 2003.

[27] S. Kumar and E. H. Spafford, “A Software Architecture to Support Misuse IntrusionDetection”, In Proceedings of the 18th National Information Security Conference, pp.194–204, 1995.

[28] K. Ilgun, R. A. Kemmerer, P. A. Porras “State Transition Analysis: A Rule-Based IntrusionDetection System”, IEEE Transactions on Software Engineering, 21(3), 181–199, 1995.

[29] Sandeep Kumar, Eugene Spafford, “A Pattern-Matching Model for Misuse Intrusion De-tection”, Proceedings of the 17th National Computer Security Conference, 1994.

[30] H. S. Javitz, A. Valdes, “The SRI IDES Statistical Anomaly Detector”, In IEEE Sympo-sium on Security and Privacy, Oakland, CA. SRI International, May 1991.

[31] S. Axelsson, “Research in intrusion-detection systems: A survey”, Technical report TR98-17, Goteborg, Sweden, Department of Computer Engineering, Chalmers University ofTechnology, 1999.

[32] S. A. Hofmeyr, A. Somayaji, and S. Forrest, “Intrusion Detection using Sequences of SystemCalls”, Journal of Computer Security Vol.6, pp.151–180, 1998.

[33] K. L. Fox, R. R. Henning, J. H. Reed, R. P. Simonian, “A neural network approach to-wards intrusion detection”, In Proceedings of 13th National Computer Security Conference,pp.125–134, NIST, Baltimore, MD, 1999.

[34] D. Barbara, J. Couto, S. Jajodia, N. Wu, “ADAM: A testbed for exploring the use of datamining in intrusion detection”, ACM SIGMOD Record, 30 (4), 15–24, 2001.

[35] D. Barbara, J. Couto, S. Jajodia, N. Wu, “An architecture for anomaly detection”, In D.Barbara and S. Jajodia (Eds.), Applications of Data Mining in Computer Security, 63–76,Boston: Kluwer Academic, 2002.

[36] V. Paxson, “Bro: A System for Detecting Network Intruders in Real-Time”, ComputerNetworks, 31(23–24), 2435–2463, 1999.

[37] Yihua Liao, V. Rao Vemuri, “Use of K-Nearest Neighbor classifier for intrusion detection”,Computers & Security 21(5):439–448, 2002.

[38] W. Lee, S. J. Stolfo and P. K. Chan, “Learning Patterns from Unix Process ExecutionTraces for Intrusion Detection”, Proceedings of AAAI97 Workshop on AI Methods inFraud and Risk Management, 50–56, 1997.

[39] H. Teng, K. Chen, S. Lu, “Adaptive Real-Time Anomaly Detection Using InductivelyGenerated Sequential Patterns, Proceedings”, IEEE Symposium on Research in ComputerSecurity and Privacy, 1990.

[40] Wenke Lee, “A Data Mining Framework for Constructing Features and Models for IntrusionDetection Systems”, Ph.D. Thesis, Computer Science Department, Columbia University,New York, NY, June 1999.

[41] K. Julisch, “Mining Alarm Clusters to Improve Alarm Handling Effciency”, In 17th AnnualComputer Security Applications Conference (ACSAC), pp.12–21, December 2001.

[42] C. Clifton, C. Gengo, “Developing Custom Intrusion Detection Filters Using Data Mining”,In Military Communications International Symposium (MILCOM2000), October 2000.

[43] R. Agrawal, R. Srikant, “Mining sequential patterns”, Proceedings of the 7th InternationalConference on Data Engineering, Taipei, Taiwan, IEEE Computer Society, 3–14, 1995.

[44] R. Agrawal, C. Faloutsos, A. Swami, “Efficient similarity search in sequence databases”,in: Conference on Foundations of Data Organization and Algorithms, Chicago, Illinois,Springer, Berlin, pp.69–84, 1993.

[45] R. Agrawal, K. Lin, H. S. Sawhney, K. Shim, “Fast similarity search in the presence of noise,scaling, and translation in time-series databases”, in: Proceedings of the 21st InternationalConference on Very Large Data Bases, Zurich, Switzerland, Morgan Kaufmann, Los Altos,CA, pp.490–501, 1995.

[46] R. Cooley, B. Mobasher, J. Srivastava, “Data preparation for mining world wide webbrowsing patterns”, Knowledge and Information Systems 1 (1) 5–32, 1999.

[47] C. Faloutsos, M. Ranganathan, Y. Manolopoulos, “Fast subsequence matching in time-series databases”, in: Proceedings of the 1994 ACM SIGMOD International Conference onManagement of Data, Minneapolis, Minnesota, ACM Press, New York, pp.419–429, 1994.

[48] J. Han, G. Dong, Y. Yin, “Efficient mining of partial periodic patterns in time seriesdatabase”, in: Proceedings of the 15th International Conference on Data Engineering,Sydney, Australia, pp.106–115. 1999.

[49] Heikki Mannila, Hannu Toivonen, and A. Inkeri Verkamo, “Discovering frequent episodesin sequences”, In First International Conference on Knowledge Discovery and Data Mining(KDD’95), pp.210–215, 1995.

[50] Heikki Mannila and Hannu Toivonen, “Discovering generalized episodes using minimaloccurrences”, In 2nd International Conference on Knowledge Discovery and Data Mining(KDD’96), pp.146–151, Portland, Oregon, AAAI Press, August 1996.

[51] Yen-Liang Chen, Shih-Sheng Chen, Ping-Yu Hsu, “Mining hybrid sequential patterns andsequential rules”, Information Systems Vol.27, Issue 5, pp.345–362, 2002.

[52] A. Seleznyov, O. Mazhelis, “Learning Temporal Patterns for Anomaly Intrusion Detection”,ACM SAC2002: 17th ACM Symposium on Applied Computing, Madrid, Spain, March 10–14, 2002.

[53] C. Warrender, S. Forrest and B. Pearlmutter, “Detecting Intrusions Using System Calls:Alternative Data Models”, Proceedings of 1999 IEEE Symposium on Security and Privacy,pp.133–145, 1999.

[54] C. Ko, G. Fink and K. Levitt, “Automated Detection of Vulnerabilities in Privileged Pro-grams by Execution Monitoring”, Proceedings of 10th Annual Computer Security Appli-cations Conference, 1994.

[55] Henry S Teng, Kaihu Chen, and Stephen C Lu, “Security Audit Trail Analysis Using Induc-tively Generated Predictive Rules”, pp.24–29, Sixth Conference on Artificial IntelligenceApplications, Santa Barbara, CA, May 5–9, 1990, Los Alamitos, CA: IEEE ComputerSociety Press, 1990.

[56] Jin Suk Kim, Hohn Gyu Lee, Sungbo Seo, Keun Ho Ryu, “CTAR: Classification Based onTemporal Class-Association Rules for Intrusion Detection”, WISA 2003, Lecture Notes inComputer Science, Publisher: Springer-Verlag, Vol.2908/2003 pp.84–96, 2003.

[57] William W. Cohen, “Fast effective rule induction”, In Machine Learning: Proceedings ofthe Twelfth International Conference, (ICML), pp.115–123, 1995.

[58] S. Manganaris, M. Christensen, D. Zerkle, K. Hermiz, “A Data Mining Analysis of RTIDAlarms”, Computer Networks, 34(4), 571–577, October 2000.

[59] W, Lee, S. J. Stolfo, “A Framework for Constructing Features and Models for IntrusionDetection Systems”, ACM Transactions on Information and System Security, 3(4), 227–261, 2000.

[60] M. Asaka, S. Okazawa, A. Taguchi, and S. Goto, “A Method of Tracing Intruders by Useof Mobile Agents”, INET’99, June 1999.

[61] Peter Mell, Mark McLarnon, “Mobile Agent Attack Resistant Distributed HierarchicalIntrusion Detection Systems”, Recent Advances in Intrusion Detection 1999.

[62] Eugene H. Spafford and Diego Zamboni, “Intrusion detection using autonomous agents”,Computer Networks, 34 (4):547–570, October 2000.

[63] Mark Crosbie and Gene Spafford, “Defending a computer system using autonomous agents”,Technical Report 95-022, COAST Laboratory, Purdue University, 1994.

[64] Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, Eugene Spaf-ford, and Diego Zamboni, “An architecture for intrusion detection using autonomousagents”, In Proceedings of the Fourteenth Annual Computer Security Applications Con-ference, pp.13–24, IEEE Computer Society, December 1998.

[65] R. Gopalakrishna, “A Framework for Distributed Intrusion Detection using Interest DrivenCooperative Agents”, CERIAS Technical Report 2001-44, University of Purdue, 2001.

[66] Guy Helmer, Johnny S. K. Wong, Vasant Honavar, and Les Miller, “Intelligent Agents forIntrusion Detection”, Proceedings, IEEE Information Technology Conference, Syracuse,NY, pp.121–124, September 1998.

[67] Guy G. Helmer, Johnny S. Wong, Vasant Honavar, Les Miller, Yanxin Wang, “Lightweightagents for intrusion detection”, Journal of Systems and Software 67(2):109–122, 2003.

[68] S. Snapp, J. Brentano, and G. Dias et al., “DIDS (Distributed Intrusion Detection System)– motivation, architecture, and an early prototype”, In Proceedings of the 14th NationalComputer Security Conference, October 1991.

[69] S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt,C. Wee, R. Yip, and D. Zerkle, “GrIDS-a graph based intrusion detection system for largenetworks”, In Proceedings of the 19th National Information Systems Security Conference,September 1996.

[70] Phillip A. Porras and Peter G. Neumann, “EMERALD: event monitoring enabling re-sponses to anomalous live disturbances”, In 1997 National Information Systems SecurityConference, Oct. 1997.

[71] C. Kahn, P. Porras, S. Staniford-Chen, and B. Tung, “A Common Intrusion DetectionFramework”, Submitted to the Journal of Computer Security.

[72] D. Curry and H. Debar, “Intrusion detection message exchange format data model andextensible markup language (xml) document type definition”, Internet Draft, draft-ietf-idwg-idmef-xml-12, December 2001.

[73] Jeffrey L Undercoffer, Filip Perich, and Charles Nicholas, “SHOMAR: An Open Architec-ture for Distributed Intrusion Detection Services”, TechReport, University of Maryland,Baltimore County, September 2002.

[74] D. Gupta, T. C. Buchheim, B. S. Feinstein, G. A. Matthews, and R. A. Pollock, “IAP:Intrusion Alert Protocol”, Internet-Draft, URL http://www.ietf.org/internet-drafts/draft-ietfidwg-iap-04.txt, February 2001.

[75] T. Dierks and C. Allen, “The TLS protocol version 1.0”, RFC 2246, January 1999.

[76] Ramaprabhu Janakiraman, Marcel Waldvogel, Qi Zhang, “Indra: A peer-to-peer approachto network intrusion detection and prevention”, in Proceedings of the 2003 IEEE WETICE Workshop on Enterprise Security, Linz, Austria, June 2003. (Best paper award.)

[77] R. Rivest, A. Shamir, L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Communications of the ACM, Vol.21 (2), pp.120–126, 1978. (Previ-ously released as an MIT ”Technical Memo” in April 1977.)

[78] C. Madson and R. Glenn, “The Use of HMAC-MD5 within ESP and AH”, RFC 2403,November 1998.

[79] Adrian Perrig, Ran Canetti, Dawn Song, and J. D. Tygar, “Efficient and Secure SourceAuthentication for Multicast”, In Network and Distributed System Security Symposium,NDSS’01, pp.35–46, February 2001.

[80] D. Coppersmith and M. Jakobsson, “Almost Optimal Hash Sequence Traversal”, In Pro-ceedings of the Fourth Conference on Financial Cryptography (FC’02), Lecture Notes inComputer Science, 2002.

[81] Abdulrahman Alharby and Hideki Imai, “Anomaly Detection Models For Security Pro-tocols Attacks”, International Symposium on Information Theory and its Applications(ISITA2004). Parma , Italy , October 10–13, 2004.

[82] Abdulrahman Alharby and Hideki Imai, “Use of Sequential Patterns for Intrusion Detection-Preliminary version”, In Proceeding of The 5th International Workshop on InformationSecurity Applications (WISA 2004), Jeju island, Korea, pp.671–678, Aug. 23–25, 2004.

[83] Abdulrahman Alharby and Hideki Imai, “Revocable anonymous schemes for intrusion de-tection system user’s privacy”, In the Proceeding of The 26th Symposium on InformationTheory and Its Applications (SITA 2003), pp.617–620, Awaji Island, Japan, Dec 15–18,2003.

[84] Abdulrahman Alharby and Hideki Imai, “Cooperative agents for Intrusion Detection sys-tems”, In the Proceeding of The 27th Symposium on Information Theory and Its Appli-cations (SITA2004), pp.319–322, Gero Gifu, Japan, Dec. 14–17, 2004.

[85] Abdulrahman Alharby and Hideki Imai, “Sequential Patterns Based Intrusion DetectionModel”, The 2004 Symposium on Cryptography and Information Security (SCIS 2004),pp.1151–1154, Sendai, Japan, Jan. 27–30, 2004.

[86] Abdulrahman Alharby and Hideki Imai, “Security Protocols Attacks Detection Based onBayesian Network”, In the Proceeding of The 2005 Symposium on Cryptography andInformation Security (SCIS 2005), Maiko Kobe, Japan, Jan. 25–28, 2005.

[87] “Distributed Denial of Service (DDoS) Attacks/tools”,http://staff.washington.edu/dittrich/misc/ddos/.

[88] Felix Lau, Stuart H. Rubin, Michael H. Smith, and Ljiljana Trajovic, “Distributed Denialof Service Attacks”, In Proceedings of IEEE International Conference on Systems, Man,and Cybernetics, pp.2275–2280, October 2000.

[89] Jussipekka Leiwo, Tuomas Aura, and Pekka Nikander, “Towards Network Denial of Ser-vice Resistant Protocols”, In Proceedings of the 15th International Information SecurityConference (IFIP/SEC 2000), Kluwer, pp.301–310, August 2000.

[90] K. Matsuura and H. Imai, “Modified Aggressive Modes of Internet Key Exchange Resis-tant against Denial-of-Service Attacks”, IEICE Transactions on Information and Systems,vol.E83-D, No.5, pp.972–979, May 2000.

[91] J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms”,ACM SIGCOMM Computer Communication Review, Vol.34, No.2, pp.39–54, April 2004.

[92] H. Aljifri, “IP Traceback: A New Denial-of-Service Deterrent?”, IEEE Security & Privacy,Vol.1, No.3, pp.24–31, MAY/JUNE 2003.

[93] U. K. Tupakula and V. Varadharajan, “A Practical Method to Counteract Denial ofService Attacks”, In Proceedings of the 26th Australasian Computer Science Conference(ACSC2003), Vol.16, Feb. 2003.

[94] T. Peng, C. Leckie, and K. Ramamohanarao, “Detecting Distributed Denial of ServiceAttacks Using Source IP Address Monitoring”, manuscript, ARC Special Research Centerfor Ultra-Broadband Information Networks.

[95] P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service AttacksWhich Employ IP Source Address Spoofing”, RFC 2827, May 2000.

[96] M. Thottan and C. Ji, “Proactive Anomaly Detection Using Distributed Intelligent Agents”,IEEE Network, Vol.12, No.5, pp.21–27, 1998.

[97] R. A. Kemmerer and G. Vigna, “Intrusion Detection: A Brief History and Overview”,Supplement to IEEE Computer, Security & Privacy, pp.27–30, 2002.

[98] C. Krugel, T. Toth, and E. Kirda, “Service Specific Anomaly Detection for Network In-trusion Detection”, In Proceedings of the 2002 ACM Symposium on Applied Computing,pp. 201–208, March 2002.

[99] C. Siaterlis and B. Maglaris, “Towards Multisensor Data Fusion for DoS Detection”, InProceedings of the 2004 ACM Symposium on Applied Computing, pp.439–446, 2004.

[100] A. B. Kulkarni, S. F. Bush, and S. C. Evans, “Detecting Distributed Denial-of-Service At-tacks Using Kolmogorov Complexity Metrics”, Tech. Report, GE Research & DevelopmentCenter, 2001CRD176, December 2001 (Class 1).

[101] T. Cover and J. Thomas, “Elements of Information Theory”, John Wiley & Sons, Inc.,New York, pp.144–153, 1991.

[102] Ming Li and Paul Vitanyi, “An Introduction to Kolmogorov Complexity and Its Applica-tions”, Springer, Berlin, 1993

[103] S. C. Evans et al., “Kolmogorov Complexity Estimation and Analysis”, Tech. Report, GEResearch & Development Center, 2002GRC177, October 2002 (Class 1).

[104] http://www.apache.org/dyn/closer.cgi

[105] http://netgroup-serv.polito.it/windump/install/Default.htm

[106] H. Dreger, A. Feldmann, V. Paxson, and R. Sommer, “Operational Experiences with High-Volume Network Intrusion Detection”, In Proceedings of the 11th ACM conference onComputer and Communications Security, pp. 2–11, October 2004.

[107] H. Tongshen, Xiamin, C. Qingzhang, and Y. Kezhen, “Design and Implement of Firewall-Log-Based Online Attack Detection System”, In Proceedings of the 3rd International Con-ference on Information Security (InfoSecu’04), pp. 146–149, November 2004.

[108] Jelena Mirkovic et al., “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms”,Tech. Report, UCLA CSD, CSD-TR-020018, 2002.

[109] S. Cheung and K. N. Levitt, “Protecting Routing Infrastructures from Denial of ServiceUsing Cooperative Intrusion Detection”, In Proc. of New Security Paradigms Workshop’97, pp.94–106, September 1997.

[110] J. Sun, H. Jin, H. Chen, Q. Zhang, and Z. Han, “A Compound Intrusion Detection Model”,In Proc. of ICICS (5th International Conference on Information and Communication’sSecurity), LNCS 2836, pp.370–381, October 2003.

[111] W. Xu, T. Wood, W. Trappe, and Y. Zhang, “Wireless Monitoring and Denial of Service:Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service”, InProceedings of the 2004 ACM Workshop on Wireless Security, pp. 80–89, October 2004.

[112] F. Kargl, J. Maier, and M. Weber, “Protecting Web Servers from Distributed Denial ofService Attacks”, In Proceedings of the 10th International Conference on World Wide Web,pp. 514–524, 2001.

[113] A. Hussain, J. Heidemann, and C. Papadopoulos, “Denial-of-Service: A Framework forClassifying Denial of Service Attacks”, In Proceedings of the 2003 Conference on Applica-tions, Technologies, Architectures, and Protocols for Computer Communications, pp. 99–110, August 2003.

[114] O. Sami Saydjari, “Cyber Defense: Art To Science”, Communications of the ACM, Vol.47,No.3, pp.53–57, March 2004.

[115] Klaus Julisch, “Clustering Intrusion Detection Alarms to Support Root Cause Analysis”, inACM Transactions on Information and System Security, Vol.6, No.4, pp.443–471, Novem-ber 2003.

[116] P. Ning, Y. Cui, D. S. Reeves, D. Xu, “Techniques and Tools for Analyzing IntrusionAlerts”, ACM Transactions on Information and System Security, Vol.7, No.2, pp.274–318,May 2004.

[117] A. Korzyk, “A forecasting model for internet security attacks”, In Proc. of the 21st NationalInformation Systems Security Conference, pp.99–110, 1998.

[118] Z. Chen, L. Gao, K. Kwiat, “Modeling the spread of active worms,” in Proc. of IEEEINFOCOM, pp.1890–1900, Mar. 2003.

[119] S. Chen and S. Ranka, “An internet-worm early warning system,” in Proceedings of theIEEE Globecom 2004 – Security and Network Management, Vol.4, pp.2261–2265, Novem-ber 2004.

[120] C. C. Zou, W. Gong, D. Towsley, L. Gao, “The Monitoring and Early Detection of InternetWorms”, IEEE/ACM TRANSACTIONS ON NEETWORKING, Vol.13, No.5, October,2005.

[121] E. Cooke, M. Bailey, Z. M. Mao, D. McPherson, “Toward Understanding DistributedBlackhole Placement”, in Proc. of WORM’04, Washington DC, USA, October 29, 2004.

[122] David Geer, “Malicious Bots Threaten Network Security”, Computer, Published by theIEEE Computer Society, pp.18–20, Jan 2005.

[123] S. Staniford, V. Paxson, and N. Weaver, “How to Own the Internet in Your Spare Time,”Proc. of 11th USENIX Security Symposium, San Francisco, August 2002.

[124] J. Aslam, S. Bratus, D. Kotz, R. Peterson, B. Tofel, D. Rus, “The Kerf Toolkit for IntrusionAnalysis”, IEEE SECURITY & PRIVACY, Vol.2, No.6, pp.42–52, Dec. 2004.

[125] R. P. Goldman, Heimerdinger, S. A. Harp, C. W. Geib, V. Thomas, R. L. Carter, “Infor-mation Modeling for Intrusion Report Aggregation,” in Proc, of the DARPA InformationSurvivability Conference and Exposition (DISCEX II), pp.329–342, 2001.

[126] Joshua Haines, Dorene K. Ryder, Laura Tinnel, Stephen Taylor, “Validation of SensorAlert Correlators”, IEEE SECURITY & PRIVACY, Vol.1, No.1, pp.46–56, JAN/FEB2003.

[127] Kiran Lakkaraju , William Yurcik, Adam J. Lee, “NVisionIP: NetFlow Visualizations ofSystem State for Security Situational Awareness”, in Proc. of the 2004 ACM workshop onVisualization and data mining for computer security, pp.65–72, Oct. 2004.

[128] Thomas M. Chen, “INCREASING the OBSERVABILITY of INTERNET BEHAVIOR”,COMMUNICATIONS OF THE ACM, Vol.44, No.1, pp.93–98, Jan. 2001.

[129] R. Pang, V. Yegneswaran, P. Barford, V. Paxson L. Peterson, “Characteristics of Internetbackground radiation”, in Proc. of Internet Measurement Conference (IMC), pp.27–40,Oct. 2004.

[130] Balachander Krishnamurthy, Subhabrata Sen, Yin Zhang, Yan Chen, “Sketch-based ChangeDetection: Methods, Evaluation, and Applications”, in Proc. of ACM SIGCOMM InternetMeasurement Conference (IMC ’03), pp.234–247, Oct. 2003.

[131] A. Valdes, K. Skinner, “Probabilistic Alert Correlation,” in Proc. of the 4th InternationalSymposium on Recent Advances in Intrusion Detection (RAID 2001), LNCS 2212, pp.54–68, 2001.

[132] Steven J. Templeton, Karl E. Levitt, “Detecting Spoofed Packets”, in Proc. of the DARPAInformation Survivability Conference and Exposition (DISCEX’03), Washington DC, April2003.

[133] Salvatore J. Stolfo, “Worm and Attack Early Warning”, IEEE SECURITY & PRIVACY,Vol.2, No.3, pp.73–75, May/June 2004.

[134] Cliff C. Zou, D. Towsley, W. Gong, S. Cai, “Routing Worm: A Fast, Selective Attack Wormbased on IP Address Information”, in Proc. of the 19th ACM/IEEE/SCS Workshop onPrinciples of Advanced and Distributed Simulation (PADS’05), Monterey, June 1–3, 2005.

[135] S. Panjwani, S. Tan, Keith M. Jarrin, M. Cukier, “An Experimental Evaluation to Deter-mine if Port Scans are Precursors to an Attack”, in Proc. of the International Conferenceof Dependable Systems and Nerworks (DSN ’05), pp.602–611, 2005.

[136] 田村研輔, 松浦幹太, 今井秀樹, “定点観測システム収集データを利用したインターネット空間補間手法の提案と早期異常検知への適用”, 2005年暗号と情報セキュリティシンポジウム (SCIS2005), Vol.3, pp.1381–1386, Jan. 2005.

[137] B. H. Bloom, “Space/time trade-offs in hash coding with allowable errors”, Communica-tions of ACM, Vol.13, No.7, pp.422–426, Jul. 1970.

[138] R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, In Proceedingsof the 9th Usenix Security Symposium, pp.199–212, Aug. 2000.

[139] H. Burch and B. Cheswick, “Tracing Anonymous Packets to Their Approximate Source”,In Proceedings of the 14th Conf. Systems Administration, pp.313–322, Dec. 2000.

[140] A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent andW. T. Strayer, “Hash-based IP Traceback”, In Proceedings of the ACM SIGCOMM 2001Conference, pp.3–14, Aug. 2001.

[141] A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S.T. Kent and W. T. Strayer, “Single-Packet IP Traceback”, IEEE/ACM Transactions onNetworking, Vol.10, No.6, pp.721–734, Dec. 2002.

[142] S. M. Bellovin, M. D. Leech and T. Taylor, “ICMP Traceback Messages”, Internet Draft,draft-ietf-itrace-01.txt (Oct. 2001; work in progress).

[143] S. Savage, D. Wetherall, A. Karlin and T. Anderson, “Practical Network Support for IPTraceback”, In Proceedings of the 2000 ACM SIGCOMM Conference, pp.295–306, Aug.2000.

[144] S. Savage, D. Wetherall, A. Karlin and T. Anderson, “Network Support for IP Traceback”,IEEE/ACM Transactions on Networking, Vol.9, No.3, pp.226–237, Jun. 2001.

[145] D. X. Song and A. Perrig, “Advanced and Authenticated Marking Schemes for IP Trace-back”, In Proceedings of the IEEE INFOCOMM 2001, Apr. 2001.

[146] D. Dean, M. Franklin and A. Stubblefield, “An Algebraic Approach to IP Traceback”, InNetwork and Distributed System Security Symposium (NDSS ’01), pp.3–12, Feb. 2001.

[147] S. Belenky and N. Ansari, “IP Traceback With Deterministic Packet Marking”, IEEECommunications Letters, Vol.7, No.4, pp.162–164, Apr. 2003.

[148] A. Yaar, A. Perrig and D. Song, “Pi: A Path Identification Mechanism to Defend againstDDoS Attacks”, IEEE Symposium on Security and Privacy 2003, May 2003.

[149] Micah Adler, “Tradeoffs in Probabilistic Packet Marking for IP Traceback”, In Proceedingsof the STOC 2002, pp.407–418, May. 2002.

[150] Micah Adler, Jeff Edmonds and Jirı Matousek, “Towards Asymptotic Optimality in Prob-abilistic Packet Marking”, In Proceedings of the STOC 2005, pp.450–459, May. 2005.

[151] 澤井裕子, 大江将史, 門林雄基, “IPトレースバック逆探知パケット方式のトラフィック量と攻撃経路再構成時間の性能評価”, 電子情報通信学会通信ソサイエティインターネットアーキテクチャ研究会 2002年度第 2回研究会, Jul. 2002.

[152] 細井琢朗, 松浦幹太, 今井秀樹, “IPデータグラムが正規に変換される場合の IPトレースバック技術について”, 2004年暗号と情報セキュリティシンポジウム予稿集, pp.1369–1374,Jan. 2004.

[153] 細井琢朗, 松浦幹太, 今井秀樹, “Bloomフィルタを用いたパケットマーキング法による IPトレースバック”, コンピュータセキュリティシンポジウム 2004論文集, pp.181–186, Oct.2004.

[154] 細井琢朗, 松浦幹太, 今井秀樹, “Bloomフィルタを用いたパケットマーキング法による IPトレースバックの擬陽性確率について”, 2005年暗号と情報セキュリティシンポジウム予稿集, pp.1555–1560, Jan. 2005.

[155] S. Belenky and N. Ansari, “On IP Traceback”, IEEE Communications Magazine, Vol.41,No.7, pp.142–153, Jul. 2003.

[156] 門林雄基, 大江将史, “IPトレースバック技術”, 情報処理, Vol.42, No.12, pp.1175–1180,Dec. 2001.

[157] Kihong Park and Heejo Lee, “On the Effectiveness of Probabilistic Packet Marking forIP Traceback under Denial of Service Attack”, In Proceedings of the INFOCOM 2001,pp.338–347, April 2001.

[158] J. Postel, “Internet Protocol - DARPA Internet Program Protocol Specification”, RFC791, Sep. 1981.

[159] A. Gray, M. Haahr, “Personalised, Collaborative Spam Filtering”, First Conference onEmail and Anti-Spam, CEAS2004, 2004.

[160] A. Kornblum, “Searching For John Doe: Finding Spammers and Phishers”, Second Con-ference on Email and Anti-Spam, CEAS2005, 2005.

[161] B. Leiba, J. Ossher, V. T. Rajan, R. Segal, M. Wegman, “SMTP Path Analysis”, SecondConference on Email and Anti-Spam, CEAS2005, 2005.

[162] B. Leiba, N. Borenstein, “A Multifaceted Approach to Spam Reduction”, First Conferenceon Email and Anti-Spam, CEAS2004, 2004.

[163] B. Whitworth, E. Whitworth, “Spam and the Social-Technical Gap”, Computer, Vol.37,No.10, 2004.

[164] D. Lowd, C. Meek, “Good Word Attacks on Statistical Spam Filters”, Second Conferenceon Email and Anti-Spam, CEAS2005, 2005.

[165] E. Gabber, M. Jakobsson, Y. Matias, A. Mayer, “Curbing Junk E-Mail via secure Clas-sification”, Financial Cryptography ’98, LNCS 1465, pp.198–213, International FinancialCryptography Association, Springer, 1998.

[166] G. Caldarelli, F. Coccetti, P. D. L. Rios, “Scale-Free Topology of E-Mail Networks”, Phys-ical Rev. E, Vol.70, No.027102, 2004.

[167] G. Cormack, T. Lynam, “Spam Corpus Creation for TREC”, Second Conference on Emailand Anti-Spam, CEAS2005, 2005.

[168] G. Hulten, A. Penta, G. Seshadrinathan, M. Mishra, “Trends in Spam Products and Meth-ods”, First Conference on Email and Anti-Spam, CEAS2004, 2004.

[169] G. L. Wittel, S. F. Wu, “On Attacking Statistical Spam Filters”, First Conference on Emailand Anti-Spam, CEAS2004, 2004.

[170] G. Robinson, “Spam Detection”,http://radio.weblogs.com/0101454/stories/2002/09/16/spamDetection.html, 2002.

[171] G. Robinson, “A Statistical Approach to the Spam Problem”, Linux Journal, Vol.107,2003.

[172] H. Ebel, L. I. Mielschm S. Bornholdt, “Scale-Free Topology of E-Mail Networks”, PhysicalRev. E, Vol.66, No.035103, 2002.

[173] H. Lee, A. Ng, “Spam Deobfuscation using a Hidden Markov Model”, Second Conferenceon Email and Anti-Spam, CEAS2005, 2005.

[174] J. Golbeck, J. Hendler, “Reputation Network Analysis for Email Filtering”, First Confer-ence on Email and Anti-Spam, CEAS2004, 2004.

[175] J. Hovold, “Naive Bayes Spam Filtering Using Word-Position-Based Attributes”, SecondConference on Email and Anti-Spam, CEAS2005, 2005.

[176] J. Ioannidis, “Fighting Spam by Encapsulating Policy in Email Addresses”, Network andDistributed System Security, 2003.

[177] J. Levine, “Experiences with Greylisting”, Second Conference on Email and Anti-Spam,CEAS2005, 2005.

[178] J. R. Harrald, C. Hekimia, S. Shrestha, “Framework for Pinpointing the Point of Compro-mise of E-mail Addresses”, 2004 IEEE International Engineering Management Conference,Vol.2, No.04CH37574, 2004.

[179] J. R. Tyler, D. M. Wilkinson, B. A. Huberman, “EMail as Spectroscopy: AutomatedDiscovery of Community Structure within Organizations”, preprint,http://xxx.lanl.gov/abs/cond-mat/0303264.

[180] J. S. Kong, P. O. Boykin, B. A. Rezaei, N. Sarshar, V. P. Roychowdhury, “Scalable and Re-liable Collaborative Spam Filters: Harnessing the Global Social Email Networks”, SecondConference on Email and Anti-Spam, CEAS2005, 2005.

[181] K. Albrecht, N. Burri, R. Wattenhofer, “Spamato - An Extendable Spam Filter System”,Second Conference on Email and Anti-Spam, CEAS2005, 2005.

[182] K. Li, M. Ahamad, “Resisting Spam Deliery by TCP Damping”, First Conference on Emailand Anti-Spam, CEAS2004, 2004.

[183] L. H. Gomes, R. Almeida, L. Bettencourt, V. Almeida, J. Almeida, “Comparative GraphTheoretical Characterization of Networks of Spam”, Second Conference on Email and Anti-Spam, CEAS2005, 2005.

[184] Mailblocks, http://www.mailblocks.com/.

[185] M. E. J. Newman, “Assortative Mixing in Networks”, Physical Rev. Letters, Vol.89,No.208701, 2002.

[186] M. E. J. Newman, “Fast Algorithm for Detecting Community Structure in Networks”,Physical Rev. E, Vol.69, No.066133, 2004.

[187] M. E. J. Newman, J. Park, “Why Social Networks Are Different from Other Types ofNetworks”, Physical Rev. E, Vol.68, No.036122, 2003.

[188] M. E. J. Newman, M. Girvan, “Finding and Evaluating Community Structure in Net-works”, Physical Rev. E, Vol.69, No.026114, 2004.

[189] M. E. J. Newman, S. Forrest, J. Balthrop, “Email networks and the spread of computerviruses”, Physical Rev. E, Vol.66, No.035101, 2002.

[190] M. Jakobsson, J. Linn, J. Algesheimer, “How to Protect Against a Militant Spammer”,Cryptology ePrint archive, report 2003/07, 2003.

[191] M. Sahami, S. Dumais, D. Heckerman, E. Horvitz, “A Bayesian Approach to FilteringJunk E-ail, Learning for Text Categorization”, AAAI Workshop, pp.95–98, 1998.

[192] P. Graham, “A Plan for Spam”, http://paulgraham.com/spam.html, 2002.

[193] P. Graham, “Better Bayesian Filtering”, 2003 Spam Conference,http://spamconference.org/proceedings2003.html, 2003.

[194] P. O. Boykin, V. Roychowdhury, “Leveraging Social Networks to Fight Spam”, IEEEComputer, Vol.38, No.4, pp.61–68, 2005.

[195] Pobox.com, http://spf.pobox.com/.

[196] P. Pantel, D. Lin, “SpamCop-A Spam Classification and Organization Program, Learningfor Text Categorization”, AAAI Workshop, pp.55–62, 1998.

[197] R. Clayton, “Stopping Spam by Extrusion Detection”, First Conference on Email andAnti-Spam, CEAS2004, 2004.

[198] R. Clayton, “Stopping Outgoing Spam by Examining Incoming Server Logs”, Second Con-ference on Email and Anti-Spam, CEAS2005, 2005.

[199] R. J. Hall, “Channels: Avoiding unwanted electoronic mail”, 1996 DIMACS Symposiumon Network Threats, pp.85–103, American Mathematical Society, 1997.

[200] S. Ahmed, F. Mithun, “Word Stemming to Enhance Spam Filtering”, First Conference onEmail and Anti-Spam, CEAS2004, 2004.

[201] T. A. Meyer, B. Whateley, “SpamBayes:Effective open-sorce, Bayesian based, email clas-sification system”, First Conference on Email and Anti-Spam, CEAS2004, 2004.

[202] Yahoo!, http://antispam.yahoo.com/domainkeys.

[203] 岩永学, 田端利宏, 櫻井幸一, “迷惑メール対策におけるベイジアンフィルタ実装例の比較”,暗号と情報セキュリティシンポジウム 2004 (SCIS2004), Vol.2, pp.1025–1028, 2004.

[204] 岩永学, 田端利宏, 櫻井幸一, “ベイジアンフィルタと送信者確認方式を併用した迷惑メール対策の評価”, コンピュータセキュリティシンポジウム 2003 (CSS2003), Vol.1, pp.199–204,2003.

[205] 岩永学, 田端利宏, 櫻井幸一, “チャレンジ-レスポンスとベイジアンフィルタリングを併用した迷惑メール対策の提案”, 情報処理学会論文誌, Vol.45, No.8, pp.1939–1947, 2004.

[206] 岩永学, 田端利宏, 櫻井幸一, “ベイジアンフィルタリングを用いた迷惑メール対策における多言語環境でのコーパス分離手法の提案と評価”, 情報処理学会論文誌, Vol.46, No.8,pp.1959–1966, 2005.

[207] Mihir Bellare, Sara K. Miner, “A Forward-Secure Digital Signature Scheme”, CRYPTO’99,LNCS 1666, pp.431–448, Springer-Verlag Berlin Heidelberg, 1999.

[208] Michel Abdalla, Leonid Reyzin, “A New Forward-Secure Digital Signature Scheme”, ASI-ACRYPT2000, LNCS1976, pp.116–129, Springer-Verlag Berlin Heidelberg, 2000.

[209] Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, MOti Yung, “Strong Key-Insulated Sig-nature Schemes”, PKC 2003, LNCS 2567, pp.130–144, Springer-Verlag Berlin Heidelberg,2003.

[210] Nicolas Gonzalez-Deleito, Olivier Markowitch, Emmanuel Dall’Olio, “A New Key-InsulatedSignature Scheme”, ICICS 2004, LNCS 3269, pp.465–479, Springer-Verlag Berlin Heidel-berg, 2004.

[211] A. N. Rajagopalan, Rama Chellappa, Nathan Koterba, “Robust Face Recognition in thePresence of Clutter”, AVBPA 2003, LNCS 2688, pp.1–9, Springer-Verlag Berlin Heidelberg,2003.

[212] Alexander M. Bronstein, Michael M. Bronstein, Ron Kimmel, “Expression-Invariant 3DFace Recognition”, AVBPA 2003, LNCS 2688, pp.62–69, Springer-Verlag Berlin Heidelberg,2003.

[213] Gil Friedrich, Yehezkel Yeshurum, “Seeing People in the Dark: Face Recognition in InfraredImages”, BMCV 2002, LNCS 2525, pp.348–359, Springer-Verlag Berlin Heidelberg, 2002.

[214] Chun-Nam Chun, Ronald Chung, “Iris Recognition for Iris Tilted in Depth”, CAIP 2003,LNCS 2756, pp.530–539, Springer-Verlag Berlin Heidelberg, 2003.

[215] M. Burge, W. Burger, “Ear Biometrics for Machine Vision”, 21th Workshop AustrianAssociation for Pattern Recognition.

[216] Vinod Chandran, Daryl Ning, Sridha Sridharan, “Speaker Identification Using Higher Or-der Spectral Phase Features and their Effectiveness vis-a-vis Mel-Cepstral Features”, ICBA2004, LNCS 3072, pp.614–622, Springer-Verlag Berlin Heidelberg, 2004.

[217] Anil K. Jain, Hong Chen, Silviu Minut, “Dental Biometrics: Human Identification Us-ing Dental Radiographs”, AVBPA 2003, LNCS 2688, pp.429–437, Springer-Verlag BerlinHeidelberg, 2003.

[218] Jin Ok Kim, Kyong Seok Baik, Chin Hyun Chung, “On a Lip Print Recognition by thePattern Kernel with Multi-resolution Architecture”, IDEAL 2003, LNCS 2690, pp.561–568,Springer-Verlag Berlin Heidelberg, 2003.

[219] Arun Ross, Sarat C. Dass, Anil K. Jain, “Estimating Fingerprint Deformation”, ICBA2004, LNCS 3072, pp.249–255, Springer-Verlag Berlin Heidelberg, 2004.

[220] Xiangqian Wu, Kuanquan Wang, David Zhang, “HMMs Based Palmprint Identification”,ICBA 2004, LNCS 3072, pp.775–781, Springer-Verlag Berlin Heidelberg, 2004.

[221] Yaroslav Bulatov, Sachin Jambawalikar, Piyush Kumar, Saurabh Sethia, “Hand Recogni-tion Using Geometric Classifiers”, ICBA 2004, LNCS 3072, pp.753–760, Springer-VerlagBerlin Heidelberg, 2004.

[222] Kun Yu, Yunhong Wang, Tieniu Tan, “Writer Identification Using Dynamic Features”,ICBA 2004, LNCS 3072, pp.512–518, Springer-Verlag Berlin Heidelberg, 2004.

[223] M. Omata, T. Hamamoto, S. Hangai, “Lip Recognition Using Morphological Pattern Spec-trum”, AVBPA 2001, LNCS 2091, pp.108–114, Springer-Verlag Berlin Heidelberg, 2001.

[224] Stuart P. Prismall, Mark S. Nixon, John N. Carter, “Novel Temporal Views of Moving Ob-jects for Gait Biometrics”, AVBPA 2003, LNCS 2688, pp.725–733, Springer-Verlag BerlinHeidelberg, 2003.

[225] 松本勉、岩下直行, “金融業務と人工物メトリクス”,「金融研究」掲載論文（2004年収録分）,第２３巻第２号, 日本銀行金融研究所, 2004年 6月発行.

[226] Tsutomu Matsumoto, “Gummy and Conductive Silicone Rubber Fingers Importance ofVulnerability Analysis”, ASIACRYPT 2002, LNCS 2501, pp.574–575, Springer-Verlag BerlinHeidelberg, 2002.

[227] Hyosup Kang, Bonku Lee, Hakil Kim, Daecheol Shin, Jaesung Kim, “A Study of Perfor-mance Evaluation of the Liveness Detection for Various Fingerprint Sensor Modules”, KES2003, LNAI 2774, pp.1245–1253, Springer-Verlag Berlin Heidelberg, 2003.

[228] Tsutomu Matsumoto, Masashi Hirabayashi, Kenji Sato, “A Vulnerability Evaluation of IrisMatching (Part 3)”, SCIS 2004, The 2004 Symposium on Cryptography and InformationSecurity, Sendai, Japan, pp.701–706, Jan. 27–30, 2004.

[229] Hsing-Hua Huang, Kanta Matsuura, “Real Time Video Security”, SCIS 2005, The 2005Symposium on Cryptographic and Information Security, Maiko Kobe, Japan, pp.991–996,Jan. 25–28, 2005.

[230] Animetrics, “WHITEPAPER: 2D to 3D Mapping Technologies as a Solution to Facial IDSystems”, http://www.animetrics.com/library/.

[231] Baback Moghaddam, Jinho Lee, Hanspeter Pfister, Raghu Machiraju, “Model-Based 3DFace Capture with Shape-from-Silhouettes”, IEEE International Workshop on Analysisand Modeling of Faces and Gestures (AMFG), pp.20–27, October 2003.

[232] Jinho Lee, Baback Moghaddam, Hanspeter Pfister, Raghu Machiraju, “Finding OptimalViews for 3D Face Shape Modeling”, IEEE International Conference on Automatic Faceand Gesture Recognition (FG), pp.31–36, May 2004.

[233] Jiangwei Li, Yunhong Wang, Tieniu Tan, Anil K. Jain, “Live Face Detection Based on theAnalysis of Fourier Spectra”, Proceedings of SPIE Volume: 5404 Biometric Technology forHuman Identification, pp.296–303, Aug. 2004.

[234] 宇根正志, 松本勉, “生体認証システムにおける脆弱性について”, Discussion Paper No.2005-J-2, IMES Discussion Paper Series, Institute for Monetary and Economic Studies, Bank ofJapan, pp.6, 2005.

[235] Amalia Rusu, Venu govindaraju, “Visual CAPTCHA with Handwritten Image Analysis”,HIP 2005, LNCS 3517, pp.42–52, 2005.

[236] Richard Bergmair, Stefan Katzenbeisser, “Towards Human Interactive Proofs in the Text-Domain”, ISC 2004, LNCS 3225, pp.257–267, 2004.

[237] Luis von Ahn, Manuel Blum, Nicholas J. Hopper, John Langford, “CAPTCHA: UsingHard AI Problems for Security”, EUROCRYPT 2003, LNCS 2656, pp.294–311, 2003.

[238] Henry S. Baird, Michael A. Moll, Sui-Yu Wang, “A Highly Legible CAPTCHA That ResistsSegmentation Attacks”, HIP 2005, LNCS 3517, pp.27–41, 2005.

[239] Tim Converse, “CAPTCHA Generation as a Web Service”, HIP 2005, LNCS 3517, pp.82–96, 2005.

[240] Daniel Lopresti, “Leveraging the CAPTCHA Problem”, HIP 2005, LNCS 3517, pp.97–1102005.

[241] John D. Woodward, Jr., Nicholas M. Orlans, Peter T. Higgins, “Biometrics”, McGraw-Hill,pp.143–144, 2003.

[242] 宇根正志, 田中裕子, “生体認証システムにおける生体検知機能について”, Discussion PaperNo.2005-J-15, IMES Discussion Paper Series, Institute for Monetary and Economic Studies,Bank of Japan, pp.20, 2005.

[243] Masashi Une, Yuko Tamura, “A Study on Security Evaluation of Liveness Detection Meth-ods in Biometrics”, Computer Security Symposium 2005 (CSS2005), pp.397–402, 2005.

[244] Jian-Gang Wang, Ronda Venktswarlu, “Pose for Fusing Infrared and Visible-SpectrumImagery”, AVBPA 2003, LNCS 2688, pp.955–963, 2003.

[245] Ashish Kapoor, Rosalind W. Picard, “Real-Time, Fully Automatic Upper Facial FeatureTracking”, Fifth IEEE International Conference on Automatic Face and Gesture Recogni-tion, Washington D.C., p.0010, May 20–21, 2002.

[246] Yunhong Wang, Tieniu Tan, Anil K. Jain, “Combining Face and Iris Biometrics for IdentityVerification”, AVBPA 2003, LNCS 2688, pp.805–813, Springer-Verlag Berlin Heidelberg,2003.

[247] Hsing-Hua Huang, Kanta Matsuura, “Real Time Video Authentication System”, CSS 2004,Computer Security Symposium 2004, Hokkaido, Japan, pp.217–222, Oct. 20–22, 2004.

[248] Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith, “SecureRemote Authentication Using Biometric Data”, EUROCRYPT 2005, LNCS 3494, pp.147–163, 2005.

[249] Yevgeniy Doris, Leonid Reyzin, Adam Smith, “Fuzzy Extractors: How to Generate StrongKeys from Biometrics and Other Noisy Data”, EUROCRYPT 2004, LNCS 3027, pp.523–540, 2004.

[250] Feng Bao, “Security Analysis of a Password Authenticated Key Exchange Protocol”, ISC2003, LNCS 2851, pp.208–217, 2003.

[251] Muxiang Zhang, “Further Analysis of Password Authenticated Key Exchange ProtocolBased on RSA for Imbalanced Wireless Networks”, ISC 2004, LNCS 3225, pp.13–24, 2004.

[252] Muxiang Zhang, “New Approaches to Password Authenticated Key Exchange Based onRSA”, ASIACRYPT 2004, LNCS 3329, pp.230–244, 2004.

[253] Ran Canetti, Shai Halevi, Jonathan Katz, Yehuda Lindell, Phil Mackenzie, “UniversallyComposable Password-Based Key Exchange”, EUROCRYPT 2005, LNCS 3494, pp.404–421, 2005.

[254] Amit Sahai, Brent Waters, “Fuzzy Identity-Based Encryption”, EUROCRYPT 2005, LNCS3494, pp.457–473, 2005.

発表文献（ヒューマンクリプトとネットワークセキュリティ）

[255] Abdulrahman Alharby and Hideki Imai, “Security Protocols Protection Based on AnomalyDetection”, IEICE Transactions, Special Issue: New Technologies and their Applicationsof the Internet, Vol.E89-D, No.1, Jan. 2006.

[256] Abdulrahman Alharby and Hideki Imai, “IDS False Alarm Reduction Using Continuousand Discontinuous Patterns”, In Proceedings of Third International Conference, ACNS2005, New York, NY, USA, June 7–10, 2005, Proceedings. Lecture Notes in ComputerScience (LNCS 3531), ISBN 3-540-26223-7, pp.192–205, 2005.

[257] Abdulrahman Alharby and Hideki Imai, “Hybrid Intrusion Detection Model Based onOrdered Sequences”, In Proceeding of Third International Workshop on MathematicalMethods, Models, and Architectures for Computer Network Security, MMM-ACNS 2005,St. Petersburg, Russia, September 25–27, 2005, Proceedings. Lecture Notes in ComputerScience (LNCS 3685) Springer, ISBN 3-540-29113-X, pp.352–365, 2005.

[258] Abdulrahman Alharby, Hanane Fathi and Hideki Imai, “Energy-efficient and Secure Cluster-head Selection for Intrusion Detection Systems in Mobile Ad Hoc Networks”, In Postersession of the 8th International Symposium on Wireless Personal Multimedia Communi-cations (WPMC 2005), Aalborg, Denmark, Sep. 18–24, 2005.

[259] Abdulrahman Alharby and Hideki Imai, “Secure Architecture For Distributed IntrusionDetection Systems”, (SITA2005), pp.893–896, Okinawa, Japan, Nov. 19–23, 2005.

[260] Abdulrahman Alharby and Hideki Imai, Security Protocols Protection Based on AnomalyBehaviour of Selected Features, In the Proceeding of The 2006 Symposium on Cryptogra-phy and Information Security (SCIS 2006), Hiroshima, Japan, Jan. 17–20, 2006.

[261] Abdulrahman Alharby and Hideki Imai, “A Continuous and Discontinuous Patterns Algo-rithm for Intrusion Detection and False Alarm Reduction”, Submitted to IEICE Transac-tions, (Available upon request).

[262] Takayuki Furuya, Takahiro Matsuzaki, and Kanta Matsuura, “Detection of Unknown DoSAttacks by Kolmogorov-Complexity Fluctuation”, In Proc. of SKLOIS Conference on In-formation Security and Cryptology, Beijing, China, Dec. 15–17, 2005.

[263] Kensuke Tamura, Kanta Matsuura, Hideki Imai, “Various viewpoints analysis of the ac-tual and large-scale data by using the data mining technique”, 2005 IEEE InternationalCarnahan Conference on Security Technology (ICCST2005), Spain, pp.283–286, Oct. 2005.

[264] 田村研輔, 松浦幹太, 今井秀樹, “インターネット空間補間技術を利用した局所的な IPアドレス範囲への攻撃予測手法の提案と事前防御への活用” （投稿中）

[265] 細井琢朗, 松浦幹太, 今井秀樹, “Bloomフィルタを用いたパケットマーキング法による IPトレースバックでの複数パケット利用追跡について”, コンピュータセキュリティシンポジウム 2005論文集 (CSS2005), pp.91–96, Oct. 2005.

[266] 細井琢朗, 松浦幹太, 今井秀樹, “暗号要素技術を用いない決定論的パケットマーキング法による単一パケット IPトレースバックについて”, 2006年暗号と情報セキュリティシンポジウム予稿集 (SCIS2006), Jan. 2006.

[267] 大福泰樹, 松浦幹太, “ベイジアンフィルタと社会ネットワーク手法を統合した迷惑メールフィルタリング”, コンピュータセキュリティシンポジウム 2005 論文集 (CSS2005), Vol.1,pp.325–330, Oct. 2005.

[268] 大福泰樹, 松浦幹太, “ベイジアンフィルタによる日本語を含むメールのフィルタリングについての考察”, 2006年暗号と情報セキュリティシンポジウム予稿集 (SCIS2006), Jan. 2006.

[269] Hsing-Hua Huang, “Digital Signature Scheme by Biometric Keys and Liveness Detection”,2006 Symposium on Cryptography and Information Security (SCIS2006), Jan. 2006.

8. humancrypt and network security (1) intrusion detection ......8. humancrypt and network security...

Documents