ё! 1 !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ
пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข
࠻≊ී قݔऌτᏱၦଊᆔ౪Ᏹ
ݭݎࢋ قݔऌτᏱၦଊᆔ౪Ᏹ
༂߭ሠ قݔऌτᏱၦଊᆔ౪Ᏹ
ᄣ् ٿң٪ࢴᡞٻឋᚡȂҭࠊႈޠᑺକȂႬဟԋӓԚ࣐Κঐ२्ޠᓎᆪርᆪၰ ޠᒧȶࢴጇȷᇅȶ௮ࢴЖᔞȷٸл्ښࢴᐡ٪ޠખᚾȄޠៗႬဟռܼࢴ٪ ࢴР٪ޠུࢴҢȂࢴጇུޠ ҂ְؑЉԥ 8~10فϘႲ٪ུࢴȄᐄःུ ಜӶུࢴя౫ՅۧґԥขࢴጇقࢴȂޠུژࢴጇϟࠊȂขུᒳݳءԓ Ңޠࢳߩள৶йӡᓏޠȄҐ፤НණяпҐᡞ፤Мන໐ӈࢴ࣐ขІ ᜌҐᡞȂпᆔ౪໐ӈࢴޤ࡛Ҵ໐ӈࢴܓ੬ޠРݳȂଭᄈ໐ӈࢴޠᜌᆔ౪ޤڐ ᜱ߾ޠϟ܉ᇅ྆܉ᜌҐᡞ྆ޤᐄ໐ӈࢴٯᐄпข໐ӈࢴȂٯᜌޤ࣐ࣻᜱ ൹Τޠණяහኌفᄙᙾඳ࣐ዂጚࣃᆶᆪၰ๗ᄻໍ௱፤Ȃпข໐ӈࢴȄҐःם ಜȂഇႇ໐ӈࢴ௱፤ЖᔞȂق໐ӈԋӓޠԓ໐ӈႇᘯ၇ဋȂ࢝೪ܼႬφ໐ӈႣၿπ web-based ᆔ౪Ϯ८ȂР߰ᆔ ޠЅٽಜණقϟႬφ໐ӈႇᘯفႇᘯ໐ӈࢴȄҐः Ԟึ߭ӈȄٿңٻಜᆔ౪ІΚૢق౪ໍ
ಜقᜱᗥມȈҐᡞ፤ȃዂጚࣃᆶᆪၰȃ໐ӈࢴȃ൹Τԓ ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 2
Ontology-Based Malicious Email Detection
Hsiu-Sen Chiang Department of Information Management, National Yunlin University of Science and Technology
Dong-Her Shih Department of Information Management, National Yunlin University of Science and Technology
Shin-Chuan Huang Department of Information Management, National Yunlin University of Science and Technology
Abstract The widespread of Internet causes computer security becomes an important issue. Currently, anti-virus software is the primary mechanism to prevent computers from the damage of virus. Such mechanism relies on the update of virus pattern (or signature) and scan engine to detect a new virus. Eight to ten viruses are created every day and most cannot be accurately detected until signatures have been generated for them. During this time period, systems protected by signature-based algorithms are vulnerable to attacks. We propose a method that uses ontology to support the behavior detection and the knowledge management of email virus. It constructs the ontology of the email virus in accords with the behavior characteristics of the email virus. It then uses the ontology to detect as well as manage the behavior of mail virus. This paper transforms the ontology into fuzzy Petri-Nets to detect the email virus and transforms it into fuzzy Petri-Nets automatically. Finally, we use Protégé 2000 to implement and manage the email virus behavior ontology. We designed and implemented an intelligent email filter with embedded system. It acts as an email gateway to filter inbound messages by enforcing an email virus rule’s policies. In the embedded system, we also provided a web-based administrative interface for the system administrators to do the system configuration and to set up their email virus rule filtering policies.
Key words: Ontology, Fuzzy Petri Net, Email viruses, Embedded System пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 3
൧ȃᆲ፤
໐ӈԚུ࣐ޠх༉ಜڦητൾቩߞȂᄛᄛםңٻޠூႬφ໐ӈٻІηޠᆪၰ ژႬφ໐ӈ໕ႁ 100 ቈࡍȂႲॏޠРԓȂIDC զॏ 2001 Ԓӓ౩҂ְΚЉึяྜྷޠ Ϝኈഷڐ౿ोҢя೩ӼୱᚡȂޠቈࡍȄႬφ໐ӈ 350 ژԒȂ໕ཽђॼԚߞ 2005 ߓұȈ܇ୱᚡȄᗎ༗ऌМනഌစ౪ݔᓇޠ໐ӈֲۀ߰Ⴌφ໐ӈࢴᇅޠτ ΩᇅҢΩȂկӤލഁӵቩђӍཿᝰץңȂٻހኅޠІᇅӍཿႬφ໐ӈޠ ȶInternet Ӷ܂܂Ⴌφ໐ӈȂޠ༉࢘൭ϮȄߤழԥࢴᔭޠഁץژ׳ȂηᡲႬဟࢴޠኻ ϵܛ (ICSA) ཽڟਣϲΚ༉ΫȃΫ༉ԼȂആԚଽทਞᔗԓഀᚈད࢘ȄርႬဟԋӓ ༉ޠᡘұȂႬφ໐ӈ៛Ё࣐Ⴌဟࢴഷл्ݏȶ2005 Ԓ࡚ࢴ༉ክᗎ༗ൣ֚ȷ๗ޠո ഷл्൭ϮȂԄޠክ൭ϮȂԄߓ 1ȄඳّϟȂႬφ໐ӈϑစԚ࣐Ⴌဟࢴ༉ሏད࢘ τ໕༉ژႁٿHappy99ȃMelissaȃؒᙜ߭ȃLoveletterȃWinbird.a ๊എᙥҦႬφ໐ӈ ୱᚡȄޠȂӱԫԄե٪ጓႬφ໐ӈַழႬဟࢴϑϛூϛೞ२ຝޠҭޠክ
(ȈICSAȂ2005ྜٿߓ 1Ȉࢴ༉ክ൭ϮЩၷߓ! 1996-2004 (ၦਠ
Virus Source 1996 1997 1998 1999 2000 2001 2002 2003 2004 Email Attachment 9% 26% 32% 56% 87% 83% 86% 88% 92% Internet Downloads 10% 16% 9% 11% 1% 13% 11% 16% 8% Web Browsing 0% 5% 2% 3% 0% 7% 4% 4% 2% Other Vector 0% 5% 1% 1% 1% 2% 3% 11% 12% Software 0% 3% 3% 0% 1% 2% 0% 0% 0% Distribution Diskette: other 71% 84% 64% 27% 7% 1% 0% 0% 0%
ആԚܛզॏȂ҂ְᛗึΚࢴȂՎЎݱІ 25 ѯႬဟȂཽڟርႬဟԋӓ ޠ՞ԚҐѷӶ 8,000 जϰпαȄᆪርᆪၰޠึႁആԚႬဟࢴ༉ክޠഁ࡚ߩள τȂખᚾޠആԚܛખᚾȄ໐ӈࢴޠܓՅӓ౩ܓୣܗȂϛӶѬ४ܼঐץ ᡑᆎࢴȂആԚޠKlez ؒᙜ߭ࢴಒΚঐᐤစΚԒ ޠಜॏȂ2003 Ԓޠᐄᗎ༗ऌ SQL Slammer ࢴȂആ ޠᔟȇ2004 ԒڨȂົႇϳԼѯႬဟڨӓ౩ΟΫቈजϰ ѷளளᜳпޠആԚܛȂົႇΚԼѯႬဟೞᔟȄႬဟϜࢴࡤڨԚӓ౩Ϋቈजϰ ਞ౦ȃޠםฯȂณޠਣȃΩȃߝᓁঐңЙᇅӍཿңЙޠΤܛಜঔඉقզॏȂ ࢴད࢘ڨࣽяȈ࿌ಣᙒ᎐ޠѠ݃ᡘณݳզॏȄშ 1 ϜȂඉȂޠ୧៘ȃၦਠ ࡤȂሇࠍኈঐϏձਞ౦ȇ२ࠍആԚᐍঐಣᙒᕋၽᘜȂܛആԚޠѷϛզॏȄ ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 4
შ 1ȈࢴӶಣᙒϲഌܛആԚޠѷ௷ӫ
ޠفขηөРःޠႬဟࢴٿȂӱԫߗԒུϛᘟᅌᡑޠҦܼႬဟࢴ ࢴขޠ܂Κ२्ୱᚡȂႇޠ؛྄ࡠೞ၍Ⴌဟࢴޠޤ२ᘉȂՅขґ ޠࢴ੬ኊȂึяѠขفࢴя౫ࡤȂӕःژᇅ٪ࢴᡞԥΚ२τુѷȂ๊߰ ηԥࣻ࿌ӼٿખᚾȄߗޠਣȂࢴϑစആԚᝓ२ٿяفࢴጇःޠࢴጇȂԄԫӶུ ୱᚡ྄ޠРݳϜΚኻηԇӶࣻ࿌ӼٳขȂดՅӶޠႬဟࢴޤଭᄈґفःޠ ୱᚡȄޠᇅଇ؛ਞ๊എሰ्၍ޠข౦ȃᇳց౦пІขޠࡠջ݉ȂԄขࢴ ౫ϭޠ໐ӈࢴขᏣளԥѳঐુᘉȂ(1)ณ፤ᡞቌੀࣲߩள݂ີȂሆ ঐᡞՅّԚҐഎࣻ࿌ାȂ(2)ӶࢴขႇโϜȂ٪ࢴᡞխܗΫϰȂᄈӍཿȃಣᙒ ུңՍٻϛ߰Ȃ(3)٪ࢴᡞ҇Ꭽޠңα྄τٻңٻಜၦྜȂആԚقңЋӼ ޠԥኻءٯңՅّȂٻޠᄙȂᄈτഌϸޒޠಜܼԋӓقޠࢴጇȂϘጃߴՍϐ ԥءၸڤٟഁٯഁȂץ༉ክߩளޠࢴȄђα౫ϭࢴޠȃུޤȂ(4)ґขґ܉ᢏ ѷȄޠࢴᡞȂᡷԚѽτ٪ޠུ ขٿ੬ኊ࣐ٳ੬ኊȂᐄޠగഇႇϸݚ໐ӈࢴ࣐ϜณݳفҐः ܛࢴٯࢴጇȂηԥਞขяࢴȂུࢴȂԄԫࠍϛ҇ۢޠޤȃґޠུ ᔗң८ߩளኅڐ౫ᇅߓұ֖ޠᜌᎍ࿌ޤᜌҐᡞ፤ޤഷմȄҦܼژ།ড়७ޠആԚ ౫֖ޠԥਞܓ੬ޠᜌߓұޤ ࣐ዂԓȂഇႇҐᡞ፤ OntologyޠᔤϸݚࢴفȂҐःހ ޠ ၽң Petri NetٯᐄȂٸޠҐᡞ፤ձ࣐ႇᘯࠍޠࢴ࣐੬ኊȂ࡛Ҵ໐ӈࢴ࣐ ࢻโցᘟዂԓȂ໐ӈࢴ࣐Ґᡞᙾඳ࣐ࢴขޠ௱፤ЖᔞȂԥਞႇᘯϑޤᇅґ ಜପقණяϟ໐ӈࢴႇᘯ࢝ᄻ௵ң൹Τԓف໐ӈࢴȂড়७ՎഷմȄҐःޠޤ Ϯ८ޠңഇႇᎍ࿌ٻಜԚҐȂйҐ࢝ᄻϟ೪ॏȂᡲقӬ Linux ҂ѯȂԥਞ७մ ೪ॏଷණାԋӓޠঐлᐡȂኻژಜᘳ៕߭ӈȂՅϛң߭ӈίၸقΤ൹Τԓี ಜਞȄقңщϸၽңٻୱᚡȂᡲޠಜၦྜقᗘռխңѵȂܓ
ະȃНᝧଇ
ࣻᜱНᝧђпଇȂᙥпᘫޠಜقଭᄈ໐ӈࢴȃࢴขРݳȃ൹ΤԓفҐः ୱᚡȄޠԇӶܛᔯຝҭࠊขРݳٯȂܓԥϟ੬ڏܛાяႬဟࢴᇅ໐ӈࢴ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 5
Κȃ໐ӈࢴ
ΩȂࢴҐٙፓᇨࡤ᠍ޠಜଛ໐ӈقூ၏ڦ໐ӈࢴӶஉખᚾਣȂཽ ໐ሏଛяџ(Kienzle and Elder, 2003)Ȃቔ (2001)ۢဏδഇႇႬφ໐ӈձ࣐༉ٯ (ជᙬ(Worm)Ȃְᆏ࣐໐ӈࢴȂTakeshi and Yoshiteru (2002ܗ(ࢴ(Virusesޠክᆔၿ ಜ(ԄᔭፓᇨȂᔭ༉ᒰقңᐈձٻಜࡤȂϛᎭقࠍᇰ࣐໐ӈࢴ൸Ӷࢴད࢘ Ⴌޠ༉ክ൭ϮȄӱԫ໐ӈࢴ൸ϛᆔӉեᆎڐයክࢴȂՅпႬφ໐ӈձ࣐ٿ(๊ ༉ክڐಜࡤȂпႬφ໐ӈձ࣐ق߮ΤܗဟࢴȂԄ੬ࣅӁФ଼ȃជᙬȃࢴ๊Ȃད࢘ улᐡයክяџȄڐ൭ϮȂࢴҐٙӪᆪၰޠ ޠಜҐٙق໐ӈࢴЩၷહȂւңޠࡿяȂԟفःޠ(Kienzle and Elder (2003 Ӽঐ໐ӈ՞ܗΚژࢴጇଛޠፓᇨשโԓȂՍޠ Ѫஉ໐ӈ APIڴܗ໐ӈᡞ ໐ӈโޠಜقᎭٸSMTP โԓȂϛӕѬ ޠ໐ӈࢴࠍഃᅛᅌᡑԚ᐀ԥՍϐޠࡤڐȄ֮ ಭᄜȂޠϑစۗւңউᙾႬφ໐ӈȂ໐ӈࢴٿȂߗԒޠҭޠයክڐژႁٿԓ ֆࢴයոȄڟޠңα࿌ȂໍΚؐٻЖᇷٿКࢳޠᝀٳߤђΚ ȞΚȟ໐ӈࢴད࢘ޠРԓ ഌϸȂӱԫޠঐഌϸȂΚ໐ӈҐНȂΡߤӈַழᔭڎႬφ໐ӈл्Ѡпϸ࣐ ᆎȈڎРԓл्ԥޠད࢘ڐයክ༉࢘Ȃٿ໐ӈࢴ्ഇႇႬφ໐ӈ ˬȃഇႇߤђᔭ ᔭΚକଛȂӱԫႬဟޠԓםңѠпַழӉեٻึႬφ໐ӈਣȂ ᆪၰϟژழᔭϟϜ߰ѠпᙥႬφ໐ӈՅයክַٳࢴѬ्ᗵୢӶ ϜȂᆎРԓηΚૢၷ࣐༉ಜޠРԓȂҦࠊख़Ⴌဟࢴޠ੬ܓϜτഌϸޠ ႬဟࢴഎѠпᗵୢӶᔭϟϜȄ ˭ȃഇႇ໐ӈҐН ໐ӈҐНޠੀԓл्Ѡпϸ࣐હНԆੀԓᇅ HTML ੀԓȂӶહНԆੀԓ Ⴌဟࢴޠ౿ȂུᆎޠࡅૐȄҦܼᆪርᆪၰޠӶڏ໐ӈҐНЩၷϛޠί ໐ӈҐНϜၷৡཽܿԥႬဟޠΩȂӱԫ HTML ੀԓޠറᙡୢܼᆪॳϟϜڏ пৡܿӶܛ໐ӈԞ߭ᡞཽՍᘳ៕໐ӈҐНȂٳϜȂӕђαԥڐࢴᗵୢ ആԚαख़ޠϛՍញϟϜដึΠႬဟࢴՅആԚད࢘Ȅ໐ӈࢴ௵ңϛӤ ᅔࢿȃJava applet ๊ޠᆎ༉ክዂԓȂւң SCRIPT ᇮݳȃMIME ੀԓαڎ ༉ክȄٿᔭੀԓޠϲ൹ܼ໐ӈҐНϜȂւңߤђඍཏ ȞΡȟ໐ӈࢴޠୄ၇Рԓ ्ᑏܗңα࿌ٻ࠻≊ී (2003)ᢏᄇࡿя໐ӈࢴ࣐ΠᗵୢՍϐҐٙȃЖᇷ ϮಞȄޠРݳ྆ٳРݳȂпίଭᄈޠңөᆎୄ၇ٻЗȂޠר७մឍڐٻңٻ ᡑޠȃ໐ӈዀᚡᇅϲৡˬ Ϥࣻཧܗዀᚡᇅϲৡᡑޠ৶ᘉȂ໐ӈܗ܉ᢏޠЗ౪αٳւңΚ ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 6
Сφ(ဒޠ੬րڐЗȂЏۊԂޠЖึԞӈܗЗרឍޠପȂп७մԞӈ உߤђᔭܗӈ(911ȃᖃ ಜ τ ᒶ )ȂᡲԞӈః߭ӈٲޠ੬րܗ(ܗ ԞӈϜࢴȄٻȂ ˭ȃฺңӈӫᆏ ௵ூ໐ӈखᓄڦܗӫޠ໐ӈଊᓄϜڐ໐ӈࢴད࢘ႬဟࡤȂཽߤՎ ݸίȂޠ߭ȂӶరณ٪റޠٿዤܗРԓȂഎᡲԞӈп࣐݊ЅޠӲ߭ ಜϜࢴȄقᏳय ˮȃᡑַழᔭᔭӫ ᔭӫޠࣻᜱٳᔗңโԓȂ࢛ޠಜᐄᔭӫఃఃஉق windows ᔭޠԥஉโԓΩڏஉȂӱԫܛೞӤΚᔗңᡞܗ௦உޣѠೞ ϜࢴȄկڐٻឍញЗȂໍՅޠңٻᔭੀԓȂп७մޠӫᡑԚϛளُ ಣӬԄίȈXLS ІޠᔭϘҢਞȂளُޠᔭӫሰପӬࣻӤ ᔭੀԓȂл्ւң OfficeޠٽDOCȈΡᆎᔭੀԓഎ឵ܼMSOfficeණ ᆎᔭੀԓαᙾඳȄڎூࢴѠпӶٻȂܓӔޠѽ ˯ȃୄ၇ᔭӫ ޠңٻ७մٿߤᔭӫȂޠңȂ໐ӈࢴཽୄ၇ߤђᔭٻ࣐Πᝀ ܗ РԓȂԄ readme.txt.exeޠңᚗ२ᔭӫٻࢴཽޠឍញЗȂτഌϸ ᄃ EXE Ѡஉڐңп࣐ঐહНԆᔭȂٻޠgoldfish.doc.pifȂᡲಘЗ ᔭȂӫޠ Nimda ࢴη௵ңᆎРԓȄ ˰ȃᗵୢӶߤђᔭϜ ໐ӈዀᚡᇅϲৡࣻପӬȂԞӈӶஉߤђᔭڸᆎᝀРԓளཽ ԥӉեݏ๗ޠձ௬ႻȂࢉԞӈϛཽᄈஉݏஉਞޠуโԓڐࡤȂҦܼԥ (ЅȂԄဒࢴ(WORM_MALDAL.C݊ޠՅᙾՍϐໍདញȄޠள ֊п Flash ฬձ௬ႻȄ Ȟήȟ໐ӈࢴ༉ክΩ ᆎȂΚᆎ࣐τ໕༉ክȂڎ༉ክΩѠϸ࣐ޠࡿя໐ӈࢴفःޠ(ቔ (2001 ѫΚᆎ࣐ߩτ໕༉ክȂϸրវख़ԄίȈ ˬȃτ໕༉ክޠ໐ӈࢴ ίΚۢ؛ٿଊᓄӫȂޠҭዀᐡᏣϜޠӫȈഇႇೞད࢘ޠଊᓄٸ Ȅޠঐ༉ክҭዀȄᆎРԓഷளُ ˭ȃߩτ໕༉ክޠ໐ӈࢴ ޠϛӶܼ༉ክᘉኅȂՅӶܼ༉ክٯޠҭڐ໐ӈࢴၷࠊᆡѾȂޠ Ԅ W32.Navidad ֊࣐پϛӼȂٯޠ໐ӈࢴпᆎРԓ༉ክޠȄ౫ԥܓᗵஞ ໐ӈ࣐ޠ໐ӈ࣐ȂւңҔளޠད࢘Ⴌဟڨ໐ӈࢴཽᆀຝޠȄپΚ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 7
ಜϜق КݳȂഇႇඳ windowsޠழ໐ӈࢴՎίΚঐ༉ክᘉȄளַُٿ ֊ Happy99.Worm ޠȄӫޠҭޠᆀຝᇅঔ໐ӈژႁٿwinsock.dll ᔭȂ ޠ Ȅپ࣐Κ
РݳϮಞޠΡȃࢴข
1987 ԒȂႬဟࢴޠୱᚡॷԪೞ२ຝȂՍԫϟࡤႬဟࣩึΠᆎႬဟࢴޠ ࢴขРݳτޠขРԓȂᐄᗎ༗ऌȃᗊߟ២ࡋȃ࿆ऌ٪ࢴϜЗߓұȂҭࠊ ङԥίӗංᆎȈࢴጇЩᄈݳ(matching virus definition patterns)ȃђᖃЩᄈݳ(check sum)ȃ֊ ਣ I/O ௮ඣݳ(real time I/O scan)ȃ࣐ϸݚݳ(Behavior-Based virus detection)ȃ ࢴขРԓٳහኌх౪ขݳ(Agent-Based virus detection)๊ȂпίϮಞΚ (Zenkin, 2001ȇLee et al., 1997)Ȅ ȞΚȟࢴጇЩᄈݳ ࢴ੬ޠᒞܛโԓጇȂη൸ޠၷ࣐੬ੇܗԥ੬ՔڏࢴጇࡿࢴϜΚࢳ २्ޠࡿવᇅ DNA ΚኻȂᒲրႬဟࢴޠউؑঐഎԥ੬ۢשኊȂࢴጇ൸ ࢴጇၦਠ৳Ȃؑ࿌உข௮ඣโޠᐄȂࢴጇ௮ඣݳ൸࡛ҴକؑႬဟࢴٸ ࢴጇᇅโԓᔭձЩᄈȂᔯขԥႬဟࢴԇӶޠԓਣȂ൸ཽᐄࢴၦਠ৳Ϝ ጃȂѬ्ϑԇӶྦݏȂข๗ٺᓻᘉஉਞޠᔭϟϜȄࢴጇ௮ඣݳഷτܼ ࢴᡞְ௵ңᆎข٪ޠȂҭࠊҀ८ατӼٿࢴΚཽۢೞขяޠ৳ࢴၦਠ Ⴌဟࢴ(Phillippo, 1990; Cohen, 1991)Ȃ࿌ޠޤᘉѬขяϑુڐ௮ඣРԓȂկ ,ࢴ(ZenkinޠࢴІᡑᆎུޠޤґژԥ၏ࢴၦਠਣࠍณݳขء৳ࢴጇၦਠ 2001)Ȅ ȞΡȟђᖃЩᄈݳ ߤٸࢴཽޠȂӱ࣐τӼܓᐍޠᅌᆘݳᔯᡜᔭޠঐРݳл्ւң੬ۢ ᔭСܗݸҢޒޠโԓཽԥᔭτϊቩђޠпೞད࢘ܛโԓȂޠуڐҢܼܗ ӫᆏȃτϊȃਣȃСІϲৡȂђᖃ࣐ΚޠȄӱԫᐄؑঐโԓᔭםޠೞঔ ঐᔯࢦጇȂӕᔯࢦጇߤܼโԓޠࡤ८ȂܗܛԥᔯࢦጇܺӶӤΚঐၦਠ৳ϜȂӕ ȂпցᘟϜࢴȄᔯࢦጇ᎐ޠଅᓄؑঐโԓٯಜȂଢᙺق ւңԫ Check-sum ᘉ൸ᇳցାȂйณݳጃᇰᆎࢴདુޠࢴȂկഷτޠөԓژᆎѠข ȂЇՅᡑூϛϹᄃር(Luke andܓኇޠಜҐٙقΠձཿښขРݳη४ޠȂՅኻޠ࢘ Harris, 1999)Ȅ Ȟήȟ֊ਣᒰя/ᒰΤ௮ඣݳ ၦਠࢻٳйᄈٯᒰΤ/ᒰяձȂޠРݳл्֊ਣӵᄡၦਠޠI/O ௮ඣ ޠਣ֊ хΠ༉ڦȄᆎРݳٿగӶࢴۧґೞஉϟࠊȂ൸٪ஈίוࢴጇ௮ඣȂ Ȃޠᇅࢴጇ௮ඣݳࣻӤښࢴ௮ඣᐡޠᘉȂկᐍᡞુޠಜࢴጇ௮ඣ੬ۢਣ௮ࢴ /ԥᒰяܛಜقៗΩȂՅйኻᄡ٪ޠԥਞڏႬဟࢴϛޠޤӱԫঐРݳΚኻᄈґ ኈԇӶ(Phillippo, 1990)Ȅޠၦਠ༉ᒰਞ౦ԥΚۢโ࡚ޠಜقձ֊ਣ௮ඣȂཽᄈٯΤձ ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 8
Ȟѳȟ࣐ϸݚݳ ࣐ІࡿޠϛҔளٳขႬဟϜΚܗ࣐੬ኊޠ੬ԥޠ࣐ϸݚݳւңࢴ ӔӤ࣐Ȃޠ࣐ࢴٳȂԥΚفᢏᄇȃःޠРݳȄႇᄈࢴӼԒޠᆀขࢴٿц ࣐ȂԄڐȄ࿌โԓၽਣȂᆀຝُك࣐ЩၷٳՅйЩၷ੬ੇȄӶҔளโԓϜȂ ձٿձޠϛҔளٳࢴᡞւңϸݚᔭϜΚ٪ٳ౫Πࢴ࣐ȂҴ֊ൣឍȄΚึݏ ಜၦਠַϜقփଷܗੀԓϾᆅᆆȃӤਣஉ೩ӼஉᆲȃޠԄณႲឍپࢴขȂ ӼࢴȄկѻޠޤࢴȃѠࣻ࿌ྦጃӵႲൣґޤᔭ๊๊Ȅ࣐ϸݚݳѠึ౫ґޠ ࡚ȄᜳޠϛᜌրࢴӫᆏȂՅйӶᡞᄃ౫ਣԥΚۢ РݳȂཽӒϸݚяࢴѠӶโԓϜޠໍΠαख़ޠ Bloodhound ޠᗊߟ២ջ โԓᡓᒯ(program logic)ցᘟ၏ޠ(ӵРȂ௦ϸݚࢳโԓୣ(program regionޠᙡٙ ٯಜആԚড়ȂقโԓୣཽᄈޠձցᘟࢳٳձȂစҦޠโԓѠҢ ScriptTrap ௮ᆁཽਕࢴད࢘ ޠ्ึяឍଊȄᗎ༗ऌۢ؛ٿݏցᘟ๗ٸ ൹ΤโԓጇՎܗѠᜌખ JavaScript ᇅ VBScript ࢴᡑᆎٯࡿцȂޠяึܛᔭਣ Щᄈٿ৳ࢴࣁၦਠޠޤHTMLȃXML ๊Ӊեୄ၇КݳȂւңࢴዂԓᔭϜϑ ᑀҴϰષȂसึ౫֜ӬȂ၏โԓጇೞࡈ࣐֚ᡑᆎȂ௮ᆁЖᔞᓎ֊ᔯขя၏ࢴȄٳ ٿᐚᇅ Naive BayesȃSOM ᇅ K-Medoids ๊ၦਠଢ଼Рԓ๋؛ңٻفԫѵȂ೩Ӽः ขґޤࢴ(Shih et al, 2004ȇ2005)Ȅ ขݳޠȞϥȟпх౪โԓ࣐ஆᙄ ࢴ(intelligent virus)ȄҦܼܓࢴІහኌޠޤӶขґޠҭޠঐРݳл् ޠࢴژڨ௦ޣпх౪โԓ(agent)ҐٙЎܛಜ࣐лȂقҭዀளпձཿޠࢴખᚾ ೩ӼٿпߗԒܛӵР೪ဋȂޠѠпӶᆪၰαሰ्ܓ੬ޠ(ࡅૐȂйх౪ᐡ(Mobile ȄСҐ T. Okamoto ๊ᏱࠍණяѫΚᆎفኆ୧Ԅ IBM η්ঐስΤःޠӫޤ ፵лᐡစҦٳРݳȂޠ(೪ॏӼ२፵лᐡх౪(heterogeneous agentsڐձݳȂ ֊ད࢘ȞҼژᔭ᎐ޠӶлᐡܛх౪Ϥࣻᔯࢦܓ፵ٳȂഇႇٿᆪၰഀ๗କ ࢴڐлᐡᔭඉȂඳѰၘᇴȂޠೞད࢘ءуڐȂࠍཽၘޠঔȟȂसژ᎐ ձȄҦܼх౪โԓϬᙥҦϸݚᔭޠᡑԚΚঐᔭറӌᇅᗚښᐡޠขᇅ٪ࢴ پਞңΠȂڐࢴ൸ณݳึදޠ੬ੇٳΚژпᆎРݳႅܛցᘟԇӶࢴȂٿ ࢴȄޠץԄ༉ክഁ࡚ ၷ໕ҘሊηϛཽޠϟޠȂႬဟࢴᇅЇࢴؐໍޠᓎႬဟϛᘟ ЦȂ౫ϭޠႬဟࢴϑϛӕࠊΚኻޠહȂளഎፓӬӼᆎࢴܗជᙬޠ੬ܓȂ РޠขȂӱԫ٪ࢴϛᔗӕࠂ४ܼΚޠᗘ٪ࢴᡞٿРԓޠпөᆎୄ၇ᗵୢ ࢴጇขȃ௮ඣݳȂࣦՎఃึԓϸݚݳ๊٪ࢴഎႇܼݨ२ᓘᄙ੬ኊޠݳȂ༉ಜ ࣐ȂޠȂйច֥ፓᚖܓ੬ޠഁᇅՍᡑᆎץറፓӬȃ༉ክڏขȂՅ౫ϭ໐ӈࢴޠ ޠᇳց౦ηᓎϟණЁȄᄈܼ౫ϭࢴޠூႇџРݳٻୄ၇ᇅᝀКݳȂޠཧପϛӤٯ ಜၦྜȄقޠࣻ࿌τޠขРݳԚਞԥ४ȂйխңޠᇅึȂႇџܓ੬ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 9
੬ኊКȂ࣐ᄈࢴፓӬᇅޠขϑ්ࢴϛѠᡑޠࢴޤҭࠊଭᄈґ ւңҐᡞ፤(Ontology)ԥਞفȂࢴ࣐੬ኊขϑҭࠊлࢻȄࢉҐःܓ੬ޠӼᡑ ߓұȂၽңዂጚࣃᆶᆪၰޠȂ໐ӈࢴ࣐ࢻโᇅၽձᎍ࿌ܓ੬ޠᜌҐᡞޤ౫֖ Ԛዂጚם࣐੬ኊȂޠѓңȂዂᔤя໐ӈࢴӼᡑޠᄙᙾඳޒFuzzy Petri Net)ඣᛳ) ௱፤Ȅ८ᄈ౫ϭ໐ӈࢴޠࠍ(Fuzzy Rule)ȂଭᄈөᆎϛӤݸᇅ࣐Ȃձяഷᎍ࿌ ᜱ߾ȂՅዂጚࣃᆶᆪޠፓᚖڐᡞ֖౫ڏȂҐᡞ፤ܓፓᚖ੬ޠഁץӼᡑȃፓӬᇅ༉ክ ७ٯขяࢴȂޠցᘟȂԥਞޠݸȂഇႇዂጚ௱፤ႇโձᎍ࿌ޠᐄϛӤٸ(ၰ(FPN մᇳցޠѠܓȄ
ಜقήȃ൹Τԓ
Ꮳȃ߭ဵ౪ᏣȃϏཿښȂԄᔗңӶཌྷ౪ᐡހಜᔗңጓ൝ߩளኅقӶ൹Τԓ ൹ΤԓᡞԄ x86 ࢝ᄻȃARM ࢝ᄻȃMIPSޠPDA ๊Ȅளң ڸңႬဟȃၦଊঢ়Ⴌȃ ౪Ꮳл्ϸ࣐ήτȈޠࣻৡܼ Linux ٯ࢝ᄻ๊Ȅҭࠊளُ ARMȈARM7,ARM9,Xscale,StrongARM ᔗңޠހStrongArm CPUȂ౫ࢳೞኅ ޠ Intel ϵѨޠӗ CPU Ϝഷளُق ARM CASIO Cassiopeia E-115ȃಁ ޠ iPAQȃCASIO ޠ ԄȈCOMPAQپӶ Handheld PCȂ ޠ LEO FreeStyle E300 ๊๊Ȅ PowerPC:4xx,7xx,9xx ӗ CPUȂق Motorola ϵѨϟ DragonBall ޠң௵ܛ ӗ CPU Ϝ࿌௱ Palmق PowerPC ӗȂHandspringق ӗȃmق ԄȈPalm VپȂޠࣻৡᐡᆎᔗ၏τঢ়ഷՇዤၐޠ Palm ӗ PDAȄق Sony CLIE PEG ޠӗȂцᡚᢪق Visor ޠ ಜҭࠊηІق൹Τԓޠx86:x86 ࢝ᄻ ޠಜ࣐лȂԄजঢ়љᏳᡞ(NS)ϵѨقӗ CPU ଭᄈ൹Τԓق x86 ޠᜟࡿ ӗ CPUȄق Geod ৰӶܼ ARM ഻ആΠմԚҐІմޠഷτޠуཌྷ౪ᏣڐARM ཌྷ౪ᏣᇅҀൠα ᔗޠཌྷ౪Ꮳ.п ARM ࣐ਰЗޠܓ࢝ᄻࠍ२ܼණାޠуڐRISC ࢝ᄻȂՅ ޠႬ ңශбȂࠣᆎႈІ PDAȂ՞ࣻᐡȂᙣ߄ȂVoIP(Voice over IP)ᆪၰ౪Ꮳ Smart Phone)๊өԓөڐnetworking processor)Ȃᐡα౾(Set-Top Box)ȂႬၘ(Џ) ಜ(RealقႬφІଊࠣȄԫѵȂARM ηᕖூ೩Ӽ֊ਣձཿܓႬဟ໋ᜟȂຳޠኻ Time Operating System, RTOS)ޠМනȂЩၷޤӫޠԥ Windows CE, Linux, pSOS, ϛւȄ܂ณᔗңስޠVxWorks, EPOC, uCOS, BeOS ๊ȂӶ൹Τԓࠣ Ԅ೩ӼႫৣӠߓپӵዻȂލ൹ΤԓҀൠޠߩᇅԥٯx86 ၯໍ൹ΤስᔗңȂ ᆅᆆଳӗܗң MIPS ਰЗ౪ᏣȂٻ೩ӼᆪၰһඳᏣܗң AMD 29000 ౪ᏣȂٻᐡ ࢌԥስϜ x86 ౪ᏣࣲณϹΤᓻ༗Ȃx86 ٳI/O ౪ᏣȂӶ ޠ ң Intel i960ٻћ ౪Ꮳޠ൹ΤԓᔗңӼљӶུᙾϾᄙޠᡞαԥܛึදȄӶ൹Τԓ CPU ስϜȂජ Ϝ ARMȃ ڐMIPS ๊Ȅ ڸ ϵѨԥ Transmetaȃࡅ ౿ (VIA)ȃARMޠඬ൹Τԓ CPU ਰЗ ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 10
ւڐڨಜηقᡞکϵѨӬձȂཏޠ࢝ᄻȂᇅޠCPU ௵ңӓུ ޠ MIPS ࢝ᄻȂѠпР߰ӵւޠࣻৡܗ x86ޠCPU ௵ң ޠ ȄՅࡅ౿ȃTransmetaښ४ޠ ࡏሬȄޠᔗңᡞȂӶЎΠΚၿึڸಜقձཿޠң౫Ԛࢻ NET-Start-IXP!Ȅ၏ึݗϜѶ౪ ޠಜ҂ѯ࣐ශኌϵѨҢقϟ൹ΤԓفҐः RISC ౪ ޠңାਞٻᏣਰЗ࣐ 32-bit Intel XScale–IXP420ȂIPX420 ӶᔗңР८ ԄȈپPCI Ϯ८Ȃ ޠᘘщϮ८ІዀྦޠΠ೩ӼٽйණٯᔗңӶᆪၰαȂހᏣȂѻೞኅ 8MB Flashȃ32MB SDRAMȃLAN port*4ȃWAN portȃ16MB NAND-FlashȃUSB ๊Ȅ ಜقLinux ҂ѯȂձཿ ޠܺۗጇޠңٻউשಜϜȂقձཿޠᡞР८ȂӶಁӼ ᡞ–Apache+PHP Server ࣐໐ӈࢴޠйԋ၇αӤኻܺۗጇٯ࣐ BusyBoxȂ ႇᘯᏣϟժ݉ᏣȄ
Рݳفȃः
ᜌҐᡞȂඣᛳᇅఅޤޠᔤ௵ңҐᡞ፤(Ontology)Ȃߓұᇅ֖౫໐ӈࢴ࣐فҐः ख़ө࣐Ґᡞϲഌր(Class)ᇅኻԓ(Individual)ޠ྆܉ȂпІϟࣻପӬޠ឵ܓ ᜌޤΩȂ໐ӈࢴޠ༮ዂםProperty)ᜱ߾Ȃၽңዂጚࣃᆶᆪၰ(Fuzzy Petri Net)შ) Ȃۢဏөܓ੬ޠցᘟࠍ৳Ȃӕւңዂጚ౪፤ٺҐᡞᙾඳԚ࣐ᆪၰȂగ࡛Ҵഷ ඊ࣐੬ኊᆪၰցᘟٸ(Membership Function)Ȃഇႇዂጚ௱፤Рݳړᗶ឵ޠ࣐੬ኊ Ⴌφ໐ӈᘫ឵ܼ໐ӈࢴȄ
ΚȃҐᡞ፤(Ontology)
ስϜϑစԇӶεȂӶᏱ Bunge (1977)ᄈԫۢဏȈȶᜱޠOntology ӶলᏱ ܼᄃзࣩޠஆҐ੬ܓȷȂկ౫Ӷԥ೩ӼᏱւңԫ੬ܓȂԫᔗңӶႬဟऌᏱስ ᜌߓႁȞknowledge representationȟȃޤᜌϏโȞknowledge engineeringȟȃޤԄپαȂ ༮ዂȞqualitative modelingȟȃᇮ ّ Ϗ โȞlanguage engineeringȟȃၦਠ৳೪ॏȞdatabaseܓۢ designȟȃၦଊ༮ዂȞinformation modelingȟȃၦଊᐍӬȞinformation integrationȟȃ Ȟinformation retrieval andڦӈᏳӪϸݚȞobject-orient analysisȟȃၦଊᔯસᇅԇޑ extractionȟпІޤᜌᆔ౪ᇅಣᙒȞknowledge management and organizationȟ๊ (Guarino, 1998)Ȅ ȞΚȟOntology ϟۢဏ ȂՅঐܓஆҐ੬ޠཏဏ၍ម౫ᄃԇӶڐȂٿOntology ঐԆഷԟলᏱՅ ဏȂᇰ࣐ ontology ۢۢܛ(ᜌϏโР८ȂഷԟҦ Neches et al. (1991ޤԆᅛᅛೞңܼ ಣԚȂԫܛ(Ԇཋ(vocabularyޠйҦл्ስٯဏஆҐມཋ(terms)пІᜱ߾(relations)Ȃ ԆཋȄSwarout et al. (1997)ᇴ݃ޠހѠۢဏኅࠍȂޠѵȂւң๗Ӭມཋᇅᜱ߾ йೞңٯᜌȂޤມཋѠпඣख़ስٳOntology Κᆎԥቺ࢝ᄻϟມཋӬȂՅ й೪ॏٯӬȂޠஆᙄ࢝ᄻȄGuarino (1998)ۢဏ Ontology ᡓᒯ౪ޠᜌ৳ϜޤӶ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 11
ቺోဏȄޠᇴ݃ԆཋٿԚѠң ޠϾ܉ᜌᙾඳԚ྆ޤޠဏȂontology ւңᡓᒯ౪፤ȂስϜۢޠᖃ๗αख़ ᇮّ֖౫Ȃпޠйւңቺ࢝ᄻпІҔԓϾٯᜌє֥ມཋᇅϟᜱ߾ȂޤϜڐࠍȂ ӕւңȄܗٵӔޠᜌޤٽණ ȞΡȟOntology ϟ੬ܓ τȂΚᆎᐡఢ౪፤ڎԥ౪፤Ѡпϸ࣐ܛChandrasekaran et al. (1999)ߓұ (Mechanism Theories)ȂѫΚᆎϲৡ౪፤(Content Theories)ȄՅ Ontology Κᆎϲৡ ٯᜱ߾ȂޠӈϟѠޑȃܓӈ឵ޑӈȃޑᜌϟϜȂ֖౫ޤ౪፤ȂѠпӶ੬ੇስ йԥίӗ੬ܓȈ Ontology ΚᆎԆཋ(Ontology as vocabulary) ޠଡ଼ϟٲঐڎȂՅӶϏහኌαଇޑٲޠOntology ӶলᏱϜл्ଇԇӶ ፤ᚡܗ੬ੇስٿԆཋȂഷள࣐ңޠࣻᜱཏဏȄಒΚȂOntology Ѡຝ࣐Κᆎߓႁ ΠΚٽᜌȂඳّϟȂOntology ණޤޠඣख़࢛ስٿ સȄಒΡȂளւң Ontologyޠ ඣख़ስຬޠख़ᇮȄ Ontology ϲৡ౪፤(Ontology as content theories) ءȂϛښȂઢစᆪၰȃዂጚᡓᒯ๊ᐡښᐡޠထϜȂΚঐԂަفӶϏහኌः ᇮّȄՅ Ontology Κঐϲৡ౪ޠМනȂпІሰ्֖౫ٿስϲৡ౪፤ޠԥΚঐԂ ᜱ߾Ȅ༂ઊ (2002)ᐍ౪яޠੀᄙϟޠӈޑя׳л्ଔᝧӶޠ፤Ȃӱ࣐ѻ ȞSyntacticܓϤޠᇮݳژȇಒΡȃႁޑٲԥܛȂಒΚȂѠඣख़зܓήঐ੬ޠ ontology ȞSemantic InteroperabilityȟȄܓϤޠᇮཏژInteroperabilityȟȂಒήȃႁ Ґ፵ȂՅйѠпၐಡඣޠᜌޤѠпΠ၍Ȃontology ϛկѠп֖౫ስܓҦпα੬ ख़ޤᜌϲৡޠ྆܉ȃ឵ܓȂпІ྆܉ϟޠᜱ߾ȄӱԫȂѠпഇႇ ontology ޠ౪፤ஆ ᜌϲৡȄޤᜌ๗ᄻȂпѠᐍйఽྀඣख़ስޤ౫֖ٿᙄȂ ȞήȟOntology ϟ࡛ҴРݳᇅРݳ፤ ontology ࡛ဋРݳᇅРݳ፤Ȃϟࡤഛ ޠUschold and King (1995)ಒΚঐණя݃ጃ ៊ԥ TOVE (Gruninger and Fox, 1995) ȃ KACTUS (Bernaras et al., 1996) ȃ METHONOLOGY (Gomez-Perez et al., 1996)ȃ SENSUS(Swarout et al., 1997)пІ ᜌޤᔗңӶϛӤስٯ੬ՔڐOn-To-Knowledge(Staab et al., 2001)ȄՅϛӤРݳ፤എԥ Рݳ፤Ȃޠ ӗ 8 ᒌ໕ࡿዀϸݚ ontologyܛ(αȂӱԫւң Fernandez-Lopez et al. (1997 ᒶᐆഷᎍܓᜌ੬ޤޠስᑀ੬ྲٸಓӬዀྦȄϛӤስѠпܓРݳ፤ϟ੬ڐϸݚ Ϝ๗ӬϾᏱϰષ(єڐԄȂւң METHONOLOGY ࡛ҴϾᏱ ontologyȂپРݳ፤ȂޠӬ (ঐ classes пІ 103 ঐ instances)ᇅϾᏱශᡞ(є֥ 19 ঐ classes пІ 66 ঐ instances 16 ֥ ᜌ࢝ᄻпІᜱ߾(Fernandez-Lpoez et al., 1999)Ȅޤޠᆎ ontologyȂ֖౫ϾᏱስڎ ᜌߓұᇅ֖౫ΩȂඣᛳᇅఅख़໐ӈࢴޤޠᔤ௵ңҐᡞ፤(Ontology)τفҐः Ґᡞޠөᆎ࣐ȂпІϟࣻପӬޠ࣐឵ܓᜱ߾Ȃп࡛ᄻ໐ӈࢴ࣐ޠޤᜌҐᡞȂ ᐄȄٸᜌޤஆᙄޠ(Ԛ࣐࡛ᄻዂጚࣃᆶᆪၰ(Fuzzy Petri Net ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 12
ΡȃዂጚࣃᆶᆪၰȞFuzzy Petri netȟ
Petri net ౪፤Ȃᙐᆏ PNȂܼ 1962 ԒҦᏱঢ় Carl Adam Petris ණяȂΚঐ ಜ(Murata, 1989)ȄՅ PNقၦଊࢻโفȂѠпඣख़ᇅःڏዂಣϏޠϾᇅᏱዂԓםშ റᎍңܼߓڏȂ឵ܼᄙዂಣ(Dynamic modeling)ȂଷΠڏ༮ዂϏםშޠԥրܼΚૢ قٽᏱ౪፤пٽშұРݳȂҼණޠಜϟᄙ࣐Ȃᙐйቺԓق౫҂ᇅϸයԓ ѠໍΚؐӵึӶ੬ੇࢻโα८ȄዂጚࣃᆶᆪၰȂᙐᆏϸݚȂޠ໕ۢܗܓಜձۢ FPNȂዂጚ௱፤ႇโᒋΤࣃᆶᆪၰϟϜޠΚᆎାࣃᆶᆪၰ๗ᄻȂѠ࢝ᄻӶԥ ௱፤ႇโȂᙥҦዂጚࣃᆶڐѠඣख़ٯᜌࠍޤዂጚޠಜϜȂңпҢུق৳ᜌޤࠍ ੬ԥϟᙾಌᘉ௱ڐҢϟዂጚҢࠍ(Fuzzy production rule, FPR)Ȃഇႇܛᆪၰ ᜱ߾Ȅߓ 2 ࣐ዂጚࣃᆶᆪၰዂಣಓဵۢݏᄙᘉϟӱޒȂ௱፤яᒰΤ/ᒰяښ፤ᐡ ᇴ݃өپშٯᄙᘉϟஆҐዂጚࣃᆶᆪၰዂಣȂޒঐڎဏȂშ 2 ࣐є֥ΚᙾಌᘉІ ಣԚϰષϟߓұݳȈ
ߓ 2ȈFuzzy Petri net ϟۢဏ
Κঐ FPN ԥΥঐᡑঅȂFPN = (PȃTȃDȃIȃOȃfȃĮȃȕ)Ȉ P = { p1, p2, … , pm }࣐ޒᄙᘉܛᄻԚޠԥ४ӬȂm ߓұӶዂጚࣃᆶᆪၰϜޒᄙ ᘉޠঐȂm Њ 1Ȅ T = { t1, t2, … , tn }࣐ᙾಌᘉܛᄻԚޠԥ४ӬȂn ߓұӶዂጚࣃᆶᆪၰዂಣϜᙾಌ ᘉޠঐȂn Њ 1Ȅ D = { d1, d2, … ,dm }࣐ޒᄙᘉϜϟޒᄙඣख़(propositions)ܛᄻԚޠԥ४ӬȂm ߓұ ӶዂጚࣃᆶᆪၰϜޒᄙඣख़ޠঐȂm Њ 1Ȅ ᙾಌᘉϟጤࢳȄژᄙᘉޒȂߓړIȈPĺT ࣐ᒰΤ ᄙᘉϟጤࢳȄޒژȂߓᙾಌᘉړOȈTĺP ࣐ᒰя (association function)ȂঅϮܼ 0ʂ1 ϟᄃȄړfȈT ĺ[0, 1]࣐ᙾಌᘉϜঅϟᜱᖓ (association function)ȂঅϮܼ 0ʂ1 ϟᄃȄړᄙᘉϜঅϟᜱᖓޒĮȈP ĺ[0, 1]࣐ (association function)ȄړᄙᘉϜНԆඣख़ϟᜱᖓޒȕȈPĺD ࣐
Ȅ(2)ᙾಌᘉ(transition)Ȃםᄙᘉ(place)Ȃ࣐༬ޒ(FPN ԥήঐஆҐಣԚ՞Ȉ(1 ᄙᘉᇅᙾಌᘉȄFPN ౪፤ഷл्ޒarcs)Ȃ࣐ဵȂഀ௦)܀Ȅ(3)РӪם࣐ߞ Ω(enable)ᇅᙾᡑដึᘉޠஉࠍӶ።ᙾᡑڐӶܼᄙࢻโϟଇȂӱԫ (fire)Ȃη൸ដึ(fire)ԥΩ(enable)ޠᙾಌᘉ(transition)ȂՅӶޒᄙᙾᡑਣȂᐄ ኈᇅޠᄙޒᄙᄈࡤޒኈࠊفΩȂໍΚؐޠᄙដึՅђΤዂጚ௱፤ޒϛӤӈ ᄙ(initialޒȂϲ֥ΚঐߒۗݸȂѠпᆏ࣐ߒۗם௦შޣޠᜱ߾โ࡚ȄFPN ᆎ੬ੇ marking)ȂM0Ȅ೪ N ࣐Κঐ FPNȂࠍ N ཽԥޒᄙᘉ(place)ᇅᙾಌᘉ(transition) ܗ(Κঐᙾಌᘉ(transitionژᄙᘉ(place)ᜱ߾ޒarcs)Κঐ)܀ᆎᘉȂՅРӪڎ arcs)ཽϡ)܀йРӪٯᄙᘉ(place)ȂޒΚঐژΚঐᙾಌᘉ(transition)ᜱ߾ ᄙኈޒ fȂϛӤࠊړΚঐ᠍२(Ҕᐍ)ȂՅᙾಌᘉ(transition)є֥Κঐዂጚᜱᖓ ࡤޒᄙޠᜱ߾ᙾඳԚᎍ࿌ޠߓұঅȄޒᄙ(marking)ࡿࣃΚঐߩ॓ᐍȂҼߓዀᇭ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 13
ᄙޒژ ᄙ(marking)ࡿࣃΚঐߩ॓ᐍ yޒᄙᘉ(place)ȂԄޒΚঐؑژtoken)Ȃ) ᘉ(place) pȂߓұ p ԥ y ঐዀᇭ(token) (Chen et al, 1990ȇMurata, 1989)Ȅ
di dk
Pi Pk tik FPN = (P, T, D, I, O, f, Į, ȕ) P={Pi, Pk}, D={di, dk}, T={tik} I(tik)={Pi}, O(tik)={Pk} Į(Pi), Į(Pk) = [0~1] ȕ(Pi)=di , ȕ(Pk)=dk
შ 2Ȉዂጚࣃᆶᆪၰۢဏߓұშ
ᄙޒᙥҦϛӤᄙϟዂጚҢࠍ(FPR)ȂᐄϛӤښዂጚࣃᆶᆪၰϟ௱፤ᐡ ዂጚ௱፤РԓȂ௱፤ޠȂഇႇ੬ԥړᄙᘉᇅᙾಌᘉዂጚᜱᖓޒᘉᒰΤȂՄኍ ίΚޒᄙᘉޠѠޒᄙȄშ 3a Іშ 3b ϸրߓΚᒰΤޒᄙᘉដึࠊࡤϟዂጚҢ
ұȄܛ(ᒰяᘉϟዂጚঅॏᆘȂԄϵԓ(1ڐࠍȂ࿌ᙾಌᘉ t1 ដึࡤȂ
µ Attachment ? µ=0.8 File is “exe” Attachment ? =0.8 File is “exe”
Į(P1)=1 Į(P )=0 Į(P1)=1 Į(P2)=0.8 t1 2 t1 (a)ដึࠊ (b)ដึࡤ
შ 3ȈType 1 ដึࠊࡤϟዂጚҢࠍ
ϜȂᙾಌᘉ t1 ೞដึࠊȂP = { p1, p2 }ȇT = { t1 }ȇD = { Attachment ?, File isڐ exe}ȇI(t1) = { p1 }ȇO(t1) = { p2 }ȇf(t1) = µ1 = 0.8ȇĮ(p1) = 0.9ȇĮ(p2) = 0ȇȕ(p1) = { d1 }
=“Attachment ?”ȇȕ(p2) = { d2 } =“File is exe”Ȃᙾಌᘉ t1 ೞដึࡤȂĮ(p2) = 0.8Ȃх
ߓ ȕ(p1) = { d1 } =“Attachment ?”ࠊޒᄙᘉᄈ ȕ(p2) = { d2 } =“File is exe”ࡤޒᄙᘉ ആԚኈޠѠโ࡚࣐অ 0.8Ȅ ȞΚȟዂጚҢࠍ(Fuzzy production rule) РݳђΤܓϛጃۢӱષȂዂጚᡓᒯ౪ϛጃۢޠዂጚࣃᆶᆪၰϜՄኍ௱፤ႇโ ԓዂጚҢࠍםȄዂጚঅђΤࣃᆶᆪၰϟࡤȂҢϥᆎϛӤښ௱፤ᐡޠࣃᆶᆪၰ ख़(Chen et al., 1990)Ȉܛ௱፤ႇโȂԄίڐFuzzy production ruleȇFPR)Ȃ)
௱౪ႇโѠпഇႇϵڐዂጚҢࠍޠԓםType 1: IF dj THEN dk (CF= µ). ᆎ ඣख़ٿԓםޠ( ԓ( 1 α()= α( ) µ Pk Pj * (1) ڐዂጚҢࠍޠԓםType 2: IF dj1 and dj2 and….and djn THEN dk (CF= µ). ᆎ ඣख़ٿԓםޠ( ௱౪ႇโѠпഇႇϵԓ( 2 ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 14
α()= {α( ) α( ) α( )} µ Pk min Pj1 , Pj2 ,.... Pjn * (2) ڐዂጚҢࠍޠԓםType 3: IF dj THEN dk1 and dk2 and….and dkn (CF=µ). ᆎ ඣख़ٿԓםޠ( ௱౪ႇโѠпഇႇϵԓ( 3 α()=α( ) µ α()= α( ) µ α()= α( ) µ Pk1 Pj * , Pk 2 Pj * ,…. Pkn Pj * (3) ௱౪ڐዂጚҢࠍޠԓםType 4: IF dj1 or dj2 or….or djn THEN dk (CF= µi). ᆎ ඣख़ٿԓםޠ( ႇโѠпഇႇϵԓ( 4 α ()= {α ( ) µ α ( ) µ α ( ) µ } = Pk max Pj1 * i , Pj 2 * i ,.... Pjn * i ,i 1,2,...n (4) ௱౪ڐዂጚҢࠍޠԓםType 5: IF dj THEN dk1 or dk2 or….or dkn (CF= µi). ᆎ ඣख़ٿԓםޠ( ႇโѠпഇႇϵԓ( 5 α ()= α ( ) µ α ()= α ( ) µ α ()= α ( ) = Pk1 Pj * i , Pk 2 Pj * i ,..... Pkn Pj * µi ,i 1,2,...n (5) შ 4a Іშ 4b ϸրߓដึࠊࡤϟ Type 2 ޠዂጚҢࠍȂ࿌ᙾಌᘉ t ដึࡤȂ ұȄܛ(ᒰяᘉϟዂጚঅॏᆘȂԄϵԓ(2ڐ
dj1 dj1 Į(pj1)
pj1 pj1 t t dk dk dj2 dj2 Į(p ) j2 . . Į(pk) . . pj2 . p . . p . j2 . k . pk . djn . djn
Į(pjn) pjn pjn Į(pk)=Min{Į(pj1), Į(pj2),.. Į(pjn)}*µ (a) (b) (a)ដึࠊ (B)ដึࡤ
შ 4ȈType 2 ដึࠊࡤϟዂጚҢࠍ
შ 5a Іშ 5b ϸրߓដึࠊࡤϟ Type 3 ޠዂጚҢࠍȂ࿌ᙾಌᘉ t ដึࡤȂ ұȄܛ(ᒰяᘉϟዂጚঅॏᆘȂԄϵԓ(3ڐ
dk1 dk1 Į(pk1 )
pk1 pk1 t dj t dj dk2 dk2
Į(pj) . . Į(pk2 ) . . . pk2 . pk2 . p . pj . j . dkn . dkn .
Į(pkn) pkn Į(pk1,2,.... n)=Į(pj)*µ pkn (a)ដึࠊ (b)ដึࡤ
შ 5ȈType 3 ដึࠊࡤϟዂጚҢࠍ
შ 6a Іშ 6b ϸրߓដึࠊࡤϟ Type 4 ޠዂጚҢࠍȂ࿌ᙾಌᘉ t1, t2,…,tn ដ ұȄܛ(ᒰяᘉϟዂጚঅॏᆘȂԄϵԓ(4ڐࡤȂึ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 15
t t1 1 d dj1 j1 Į(pj1) p pj1 j1
t2 dk t2 d dj2 j2 Į(pk) Į(pj2) . . . . pj2 pj2 . . . . p . . k . . tn tn d djn jn Į(pjn ) (p )=Max{ (p )*µ ), p Į k Į j1 1 pjn jn Į(pj2)*µ2),..Į(pjn)*µn} (a)ដึࠊ (b)ដึࡤ
შ 6ȈType 4 ដึࠊࡤϟዂጚҢࠍ
შ 7a Іშ 7b ϸրߓដึࠊࡤϟ Type 5 ޠዂጚҢࠍȂ࿌ᙾಌᘉ t1, t2,…,tn ұȄܛ(ᒰяᘉϟዂጚঅॏᆘȂԄϵԓ(5ڐដึࡤȂ
Į(pk1)=Į(pj)*µ1 t1 t1 dk1 dk1 Į(pk1) p pk1 k1 Į(pk2)=Į(pj)*µ2 dj dj t2 t2 dk2 dk2 . Į(pk2) Į(pj) . . . . pk2 . pk2 . pj p . . j . tn . tn . dkn dkn Į(pkn) pkn pkn Į(pkn)=Į(pj)*µn (a)ដึࠊ (b)ដึࡤ
შ 7ȈType 5 ដึࠊࡤϟዂጚҢࠍ
௱፤ᅌᆘݳޠȞΡȟዂጚࣃᆶᆪၰ ޒޠᄙᘉՎҭޒȂକۗܓ౪੬ٯዂጚࣃᆶᆪၰϟ௱፤߾ւңࣃᆶᆪၰϟ ȂӱԫȂܓၰ৸ȂпණЁ௱፤ϟഁ౦ІྦጃٺӼᆎϛӤၰ৸ϜȂᒶᐆΚഷޠᄙᘉ ᄙޒڎ(start \ gaol)ޠዂጚࣃᆶᆪၰዂϟߒۗӈȂଷߒۗዀଅѵȂҼє֥କۗȃҭ ,ႁӬ(reachable setژႁӬ(immediately reachable set, IRS)ІѠژ௦ѠޣᘉᒶۢȄ
ᄻԚϟஆҐዂጚࣃᆶᆪၰܛ ᄙᘉ p1, p2, p3ޒঐᙾಌᘉ t1, t2 ІήঐڎRS)Ԅშ 8 ࣐
ᄙᘉ p2Ȃᆏޒ௦ᙾಌՎޣᄙޒڐᄙᘉ p1 ഇႇᙾಌᘉ t1 ϟᐮึȂѠޒዂȂࠍ
Ӽঐᙾಌᘉܗঐڎᄙᘉഇႇޒႁ p2ȂҼѠቹԚ IRS(p1) = { p2 }Ȅसژ௦ޣ ࣐ p1
ᄙᘉ p1 ഇႇޒႁȂԄژᄙᘉȂࠍᆏ࣐Ѡޒ௦ᙾಌՎҭዀޣᄙޒڐϟᐮึȂРѠ
ႁ p2 ҼѠژ௦ޣ ᄙᘉ p3Ȃᆏ࣐ p1ޒ௦ᙾಌՎޣᄙޒڐᙾಌᘉ t1, t2 ϟᐮึȂѠ
(ႁӬ(RSژႁ p3 ҼѠቹԚ IRS(p2) = { p3 }ȄՅ p1 ϟѠژ௦ޣ ቹԚ IRS(p1) = { p2 }ȇp2
ࠍ࣐ RS(p1) = { p2, p3 }(Chen et al, 1990)Ȅ ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 16
p1 p2 p3
t1 t2
შ 8Ȉዂጚࣃᆶᆪၰ IRS І RS ߓұშ
ᄙᘉϜϟዂጚঅτϊՅޒٸᄙᘉ᐀ԥዀଅȂ߾ޒዂጚࣃᆶᆪၰϟө
೪ۢϟକᘉঅ(threshold value) ȜȂ֊ Į(pi) Њ ȜȂܛ๊ܼܗȂसዂጚঅ Į(pi)τܼۢ
ூዀଅȄዂጚࣃᆶᆪၰϟ௱፤߾ւңࣃᆶڦூዀଅȂЇϟࠍ pi ณݳڦ ᄙᘉ piޒࠍᆏ ӼᆎϛӤၰ৸ϜȂᒶᐆΚޠᄙᘉޒޠᄙᘉՎҭޒȂକۗܓ౪੬ٯᆪၰϟ ௱፤ᅌᆘݳϸख़ԄίȈڐၰ৸Ȃٺഷ INPUT: (a)କۗᘉᇅөᘉϟዂጚโ࡚অ Į(p)ȂĮ(p) ∈ [ 0, 1 ]Ȅ ᄙ ȕ(p)= dȄޒb)କۗᘉᇅөᘉᄈᔗϟ) c)କۗᘉᇅөᘉϟߟᘥঅ ȜȂȜ ∈ [ 0, 1 ]Ȅ) CFȄړd)өᙾಌᘉϟጃۢӱષᜱᖓ) e)өᙾಌᘉϟጃۢӱષঅ CF = µȂµ ∈ [ 0, 1 ]Ȅ)
OUTPUT:ಥᆓᘉߓႁޒᄙϟዂጚโ࡚অȂȕ(pg)= djȄ a. ߒۗӈᒰΤ
ݸ ȕ(ps)࣐ȄޒНԆඣख़ٻᄙᘉ ps ҇᐀ԥዀଅȂ֊ Į(ps) Њ ȜȂޒକۗ b. ޒᄙၦਠ༉ሏ
ᄙᘉ pg ϟҢߞᐚޒޠᄙᘉ ps Վҭޒίӗѳؐ֊ѠԚҦକۗྲٸ ᐄȄٸၰ৸ᒶᐆ௱፤ϟٺSprouting tree)࡛ҴȂձ࣐ഷ) ΚȈؐ (a)҇᐀ԥዀଅȄ
खᓄԚ(ps, Į(ps), IRS(ps))Ȃձ࣐ҢߞᐚϟକᘉȄٯ b)҇ϛಥᆓᘉȂ)
IRS(ps)ϟ ڐᄙ༉ሏՎ IRS(ps)Ȃޒᄙᘉ ps ϟޒc)ഇႇᙾಌᘉ ts କۗ)
,(खᓄ࣐(IRS(psٯȂޤዂጚঅѠစҦ Į(IRS(ps)) =Į(ps) * f(ts)ॏᆘூ
Į(IRS(ps)), IRS(IRS(ps)))Ȅ ΡȈҢߞᐚϟ࡛Ҵఅख़ԄίȈؐ
ᄙᘉ pe І pyȂޒႁᘉ࣐ޫӬȂژ௦ޣᄙᘉϟޒa)ಥᆓᘉȈस࢛Κ)
ѠቹԚ IRS(pe) = {φ}ܗ IRS(py) = {φ}Ȃࠍᆏ၏ޒᄙᘉ࣐ಥᆓᘉȄಥ ᆓᘉϛೞӗΤҢߞᐚϜȄ (b)ߩಥᆓᘉйณࣻ᎒ϟޒᄙᘉȈ
ᄙᘉ pj ∈ IRS(pi)Ȃй Į(pi) Њ ȜȂйᙾಌᘉ tij ϟጃۢӱષ CFijޒҭዀ
ϜȂµ ∈ [ 0, 1 ]ȂࠍѠҦࢌԥϟҢߞᐚᘉ(pi, Į(pi), IRS(pi))пڐµȂ =
ጤࢳਡዀұ µȂйܼܼٯ࡛Ҵᘉ(pj, Į(pj), IRS(pj))ȂུژΚጤࢳഀ௦ pj ϟၰ৸ԚȄ ژ ࡛ҴϟᘉਡዀұȶႁԚᘉȷȂ֊ߓұ၏Ҧ piུ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 17
(c)ߩಥᆓᘉй᐀ԥΚঐпαϟࣻ᎒ޒᄙᘉȈ
सޒᄙᘉ pu ᇅ paȃpbȃ…ȃpn ܼᙾಌᘉ tuv α࣐ࣻ᎒Ȃйҭዀޒᄙ
ᘉ pv ∈ IRS(pu)Ȃй Į(pu) Њ ȜȂйᙾಌᘉ tuv ϟጃۢӱષ CFuv = µȂ
ϜȂµ ∈ [ 0, 1 ]ȂࠍѠҦࢌԥϟҢߞᐚᘉ(pu, Į(pu), IRS(pu))пΚڐ
ጤࢳਡዀұ µȂйུܼ࡛ܼٯ࡛Ҵᘉ(pv, Į(pv), IRS(pv))Ȃུژጤࢳഀ௦ pv ϟၰ৸ԚȄ ژ ҴϟᘉਡዀұȶႁԚᘉȷȂ֊ߓұ၏Ҧ pu ήȈसณߩಥᆓᘉԇӶȂஉؐѳȂࠍၱՎؐΡȄؐ ϛژޣΡʂή࡛ҴѫΚҦକۗᘉՎႁԚᘉϟҢߞᐚȂؐٸѳȈ៊ؐ ӕԇԥӉեႁԚᘉਣϘЦҢߞᐚϟ࡛ҴȄ ࡛ҴϟؑΚၰ৸ȂࣲѠᆏ࣐ܛΚʂѳȂҦକۗᘉՎႁԚᘉؐٸϥȈؐ ࡛ٺႁԚᘉዂጚঅഷτȂ࣐ഷڐၰ৸Ϝᒶᐆٳ௱፤ၰ৸ȂӕҦ
ឋၰ৸ȄQ ߓܛԥ௱፤ၰ৸ϟӬȂS1ʂSn ߓܛԥၰ৸ϟႁԚᘉዂጚ ޒұȂߓұܛ(࡛ឋၰ৸ϟዂጚҢࠍ(FPR)Ԅϵԓ(4ٺഷڐঅȂй
ᄙᘉ pg ᄈᔗϟޒᄙ ȕ(pg)= dgȂѠ߭Ӊޠโ࡚অ࣐ zȄ
Q = {(pg, S1, IRS(pg)), (pg, S2, IRS(pg)), …… ,(pg, Sn, IRS(pg))}
Set z = max {S1, S2, …….., Sn}
ݏနȃၦਠϸݚᇅ๗
ಜ೪ॏ࢝ᄻȃଌጜၦਠІขၑၦਠقᄃᡜؐȃޠفӶԫതϜഃΚϮಞҐः ᇴ݃Ȅྜٿޠ
ΚȃၦਠኻҐ
ϟࢴኻҐп໐ӈࢴ࣐лȂࢴኻҐԞਣ 1999 Ԓ 04 УՎ 2004فҐः ӫРԓ)ȄӶঐਣϲȂδпႬڽԒ 6 У(ࢴӫᆏᐄᗊߟ២ջᇅᗎ༗ऌᆪય ᄈຬȂఅख़Ԅߓޠউϸݚשᆪᙬ(Worm)എܗ(ࢴ(Virusesޠφ໐ӈձ࣐༉ክ൭Ϯ 3 ܛұȄ
ߓ 3Ȉ໐ӈࢴኻҐ
Type Name (by Trend Corp.) Macro MELISSA.AΔGORUM.A ZAUSHKA.A-OΔJERM.AΔCOBBES.AΔMAGISTR.BΔKAMIL.BΔ Executable File BRID.AΔBAGLE.PΔBAGLE.QΔDUMARU.AΔZAFI.BΔYOUGDOS.A PTWEAK.A Δ TROODON.A Δ HYBRIS.C Δ SIRCAM.A Δ GIFT.B Δ Trojan FEVER.AΔXTC.A ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 18
JavaScriptΚ GERMINAL.AΔ EXITW.AΔ SEEKER.A6Δ ACTPA.AΔ EXCEPTION.GENΔVBScriptΚREPAH.AΔLOVELETTERΔHARD.AΔ NOONER.A Δ INFO.A Δ LIFELESS.A Δ NEWLOVE.A Δ CHU.A Δ Script KALAMAR.A Δ CHICK.C Δ CHICK.B Δ CHICK.E Δ HAPTIME.B Δ E D NAV. BΔGOOFFY.AΔHEATH.AΔHORTY.AΔARIC.AΔVIERKA.BΔ GORUM.BΔZIRKO.A NIMDA.A-OΔALIZΔPETIK.CΔPETIK.AΔBADTRANS.BΔGIZER.AΔ ENVIAR.BΔGOKAR.AΔRADIX.AΔUPDATR.AΔKLEZ.EΔKLEZ.HΔ LASTWORD.AΔLOHACK.AΔZAFI.DΔMERKUR.AΔMYLIFE.EΔ PLAGE.AΔ PROLIN.AΔ SOLVINA.BΔ SHOHO.GENΔ DESOR.AΔ PET.TICK.Q Δ PETIK.E Δ ZHANGPO.A Δ ZOHER.A Δ SOBIG.A Δ Worm YAHA.E Δ BUGBEAR.AΔ BLEBLA.CΔ GAGGLE.CΔ SIRCAM.AΔ YAHA.GΔLOVGATE.AΔLOVGATE.BΔLOVGATE.CΔLOVGATE.GΔ CODΔBAGLE.AΔBAGLE.CΔBAGLE.JΔBAGLE.UΔBAGLE.XΔ BAGLE.ZΔ NETSKY.CΔ NETSKY.DΔ MYDOOM.AΔ MIMAIL.AΔ SWEN.AΔSOBER.A
Ρȃ໐ӈࢴ࣐ޤᜌҐᡞ፤(Ontology)ϟ࡛Ҵ
ف౫ᇅߓұȂҐः֖ޠᜌᎍ࿌ޤȂҐᡞ፤ Ontology ޤစҦࣻᜱНᝧଇѠ ڏOWL ᇮّпІ Ontology Ϗ ޠϸݚȂഇႇ W3C ۢဏޠᐄαΚᄈ໐ӈࢴ࣐ л्።ੀϾفҐᡞ፤Ԅშ 9 ȄҐःޠProtégé 2000)Ȃ࡛Ҵ໐ӈࢴ࣐) గпҐᡞ፤ᄈ໐ӈࢴ࣐ձוዂԓȂޠ(Ͼ(conceptualize܉྆ژspecification)ᙾඳ) ๗ᄻȂႇᘯޠᜌޤ࣐ዂԓᇅ੬ኊȂໍՅԥਞၽңҐᡞ፤ڐଇᇅϸݚȂΠ၍ޠΤ (Protégé 2000)ڏࣻᜱ OWL ᇮݳᇅ Ontology ᐈձϏޠւң W3C ۢဏف໐ӈࢴȄҐः ӬȂԫ܉྆ޠӬ܉అख़ԄίȈ(1) Class:րΚঐє֥೩Ӽφ྆܉྆ޠϜࣻᜱڐ ٿኻԓܗφӬٳӬȂഇႇ܉Ԇ྆ޠȂច֥೩ӼࣻᜱހስోဏኅޠӬ܉྆ ᜱ߾ȂѠпఅख़ޠኻԓϟܗ܉అख़ᇅ֖౫྆ٿңܓఅख़ᇅ֖౫Ȅ(2) Property:឵ ֖ޠᜱ߾Ȅ(3) Individual :ኻԓΚঐᡞޠրᇅրȃրᇅኻԓȃኻԓᇅኻԓϟ উᐍ౪ 12 ᆎ࣐੬ኊȂשȄ܉྆ޠє֥ܛφȂңпఅख़၏րپޠ౫Ȃѻ࢛Κր ᐄȂԄߓ 4Ȅٸޠࢴ໐ӈܗձ࣐ขႬφ໐ӈ࣐Ҕள໐ӈ
ߓ 4Ȉ໐ӈࢴ੬ኊ
ᡑ NO. ੬ኊ ϲৡᇴ݃
๊…ԓ Exe, vbs, scr, pif, bat, chm, comםX1 ߤђᔭ X2 ߤђᔭτϊ ߤђᔭ໕ X3 ߤђᔭ໕ ߤђᔭ໕ X4 ϲ֥ Script โԓ JavaScript and VBScript
X5 ϲ֥ URL ՞֮ ActiveX controls URL X6 ߤђᔭ пߤђᔭРԓΤ߮ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 19
X7 ளޠ MIME ੀԓ ள MIME ޠᔭੀԓΤ߮
X8 Embedded пᢒ൹РԓΤ߮
ЗרңឍٻX9 ᡑϾߤᔭϟᔭӫ ᡑᔭӫȂ७մ
ӫᆏȃኺᆏ๊ޠң߭ӉٻX10 ୄ၇༉ଛӫԆ ௵ң ңٻX11 ୄ၇лᚡᇅ߭ӈϲৡ плᚡཧପϲৡᝀ
X12 ΚԞӈ ΚԞӈܗӼ՞Ԟӈ ȞΚȟOntology ϟ࡛Ҵ ң௵ٯᜌໍҐᡞ፤ϟϏโϸݚȂޤޠȂଭᄈ໐ӈࢴ܉྆ ң Ontology௵فҐः Protégé 2000 ձ࣐࡛ဋ ޠःึܛفѭϞդτᏱ SMIȞStandford medical informaticsȟः ໐ޠ࡛ဋ໐ӈࢴ࣐ٿРݳ፤ޠ(ᐄ Uschold and King(1995ٯȂڏᜌҐᡞึϏޤ ᜌҐᡞȂؐԄίȈޤӈࢴ ܛя໐ӈϟ׳йٯϸݚ໐ӈҐНٿРԓȂޠউഇႇϟࠊϸݚשӶ໐ӈࢴϜȂ .1 ᘫા࣐܉྆ٳȂԄߤᔭȃᔭੀԓȃߤᔭτϊȃᑏ๊РԓȂӕΚ܉ԥ྆ ဏԄߓ 4Ȅۢ܉Ȃ྆܉྆ٳߓұΚٿНԆޠңԥဏཏٻйٯȂܓ឵ܗր րІφޠϜۢဏ੬ۢ܉࡛ဋ ontologyȂӒҦ྆ٿ๋ޠί܂উ௵ңҦαש .2 ЯրӫᆏȂޠӔӤᘉϡΚঐΚૢϾޠ܉྆ٸᜱ߾Ȃӕޠϟ܉րȂпІ྆ General concept)Ȅ)܉྆ܓΚૢޠထಣӶΚକȂҢԫስޠ܉ࣻӤ྆ױйٯ 3. OWL(Web Ontology Language)л्пାቺޠඣख़ȂໍՅၦྜȃၦਠᓾԇȃ ߓұ໐ӈٿң OWL ᇮّٻউשȷᜱഀӶΚକȂӱԫޠᇅ౪ࢻโȂȶᇮཏϾ ᜌȄޤࣻᜱٳΚޠࢴ שࣻᜱ੬ኊϟࡤȂޠйഇႇ OWL ඣख़໐ӈࢴٯࣻᜱ੬ኊȂޠя໐ӈࢴ׳ .4 Ԅშ 9Ȅݏ੬ኊϟᜱᖓȂᜱᖓ๗ޠ࡛ആ໐ӈࢴϟٿ ң Protégé-2000ٻউ
შ 9Ȉ໐ӈࢴ࣐Ґᡞ፤ ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 20
ȞΡȟ໐ӈࢴ௱፤Жᔞϟ࡛ဋ ᜌҐᡞȄޤޠ໐ӈࢴژউѠூשҐᡞ፤࡛ᄻؐȂޠ(King(1995 ڸ စҦ Uschold ԚዂጚҢࠍ(FPR)ȂՅםܛܓᜱ߾឵ޠϟ܉ᇅ྆܉ᜌҐᡞϜ྆ޤҐഇႇᙾඳ అख़௱፤ЖᔞԄեցᘟႬφ໐ӈ࣐ࢴ໐ٯ໐ӈࢴϟ௱፤ࣃᆶᆪၰ๗ᄻȂژூ ዂጚҢࠍ(FPR)Ȃڸ(ᙾඳϟዂጚࣃᆶᆪၰ๗ᄻ(FPNܛᜌҐᡞޤӈȄᐄ໐ӈࢴ
Ԛ௱ם[ᆎ໐ӈ੬ኊ[x1,x2,…,x12]ጢጇԚ[0,1,…,1 12 ޠউႬφ໐ӈשშ 11Ȅڸ Ԅშ 10 ௱፤ႇڐጢጇԄ[1,1,1,0,0,1,0,0,0,0,1,1]ȂޠᒰΤԓȂ೪࢛ΚࡍႬφ໐ӈޠ፤Жᔞ โԄίȈ ጢጇಓӬ R1ȃR2ȃR3ȃޠ 1Ȉ ᐄዂጚࣃᆶᆪၰ๗ᄻ(FPN)Ȃ၏ࡍႬφ߭ӈؐ
R6ȃR11ȃR12 ϟࠍȂՅକᘉ࣐ X1ȃX2ȃX3Ȅ
௱ขঅ࣐ 0.949Ȃ௱፤ޠ௱፤ȂX6 ᘉޠ(ԓ(4ם( 2Ȉ ᐄዂጚҢࠍ(FPRؐ ႇโԄίȈ
X6=MAX(X1ĺX6ȂX2ĺX6ȂX3ĺX6)=MAX(1*0.898Ȃ1*0.924Ȃ1*0.949) =0.949
ጢጇܓ឵ޠ௱፤ȂҦܼ X9 ᇅ X10 ᘉޠ(ԓ(5ם( 3Ȉ ᐄዂጚҢࠍ(FPRؐ
࣐ 0ȂѬԥᘉ X11 ᅗ٘ӈՅೞដึȂӱԫ X9 ᇅ X10 ࣲณ௱ขঅȂX11 ޠ௱ขঅ࣐Ȃ௱፤ႇโԄίȈ
X11 = 0.949*0.898 =0.836
௱፤ȂX12 ϟ௱፤অ࣐ 0.836Ȃ௱፤ႇޠ(ԓ(1ם( 4Ȉ ᐄዂጚҢࠍ(FPRؐ โԄίȈ
X12=0836*1=0.836
௱፤ႇโᇅᘉ X12 ࣻӤȂࢉ௱፤অҼ࣐ 0.836ޠ 5Ȉᘉ X13Ȉؐ
ࢴ߭ӈȂԥޠΚࡍାॴᓏޤউѠпூש௱፤অȂޠ ᘉ X13 ңȂࡍ߭ӈᅹծࢴ߭ӈȂٻޤٯ࣐ࢴ໐ӈȂܓѠޠ83.6% ңᒶᐆᄈԫ߭ӈ౪ձȄٻ፝
R1: IF d l or d2 or d3 THEN d 6 R9: IF d 7 THEN d 12
R2: IF d 4 or d5 THEN d8 R10: IF d 8 THEN d 10
R3: IF d6 THEN d 9 R11 :IF d 8 THEN d 11
R4: IF d 6 THEN d 10 R12: IF d 8 THEN d 12
R5: IF d 6 THEN d 11 R13: IF d 9 THEN d 12
R6: IF d 6 THEN d 12 R14: IF d11 THEN d 12
R7: IF d 7 THEN d 10 R15: IF d 10 THEN d 12
R8: IF d 7 THEN d 11 R16: IF d 12 THEN d 13
შ 10ȈዂጚҢࠍ(FPR) пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 21
c16=0.898 X1 c69=1.0 X9 c9-12=1.0 c26=0.924 c6-12=1.0 X2 X6 c6-10=0.761 c6-11=0.898 c36=0.949 c X3 c7-10=0.40 10-12=1.0 X10 c c7-12=1.0 12-13=1.0 X12 X13 X7 c 7-11=1.0 c11-12=1.0 X11
c48=0.714 c8-10=1.0
X4 c8-11=1.0
X8 c8-12=1.0 c58=0.285 X5
შ 11Ȉ໐ӈࢴ࣐੬ኊϟዂጚࣃᆶᆪၰ
ήȃ໐ӈࢴႇᘯຠզ
ࢴኻҐ࣐ଌጜၦਠȂଌጜяޠԒ 2004 ژң 1999 ԒٻಜϟࢴႇᘯዂಣقҐ п 1859 ࡍҔள໐فขΩȂҐःޠ໐ӈࢴ௱፤ዂಣȄ࣐ຠզԫΚ FPN ௱፤ዂಣ уၦਠଢ଼РݳȇSOMȃNaïve Bayesڐ໐ӈࢴ࣐ขၑኻҐȂᇅ 96 ޠӈᇅଌጜၦਠ ژུNorton2007(ࢴጇ ڸ ࢴᡞ Pccllin2007٪ޠDecision tree пІҀ८α୧ཿ ڸ 2007 ѳУ)ЩၷȂЩၷ๗ݏԄߓ 5Ȅ ໐ӈࢴޠউଭᄈ 2004 Ԓ 12 УϟࡤשขΩȂޠȃུࢴޤ࣐Πขၑᄈܼґ ҭ؛ࢴȂԥਞ၍ޠޤȂґޠུژϸݚዂಣѠпขޠউשᡘұȂݏขၑȂၦਠ๗ ࢴȄߓ 6 ᡘұژࢴۢဏᔭ൸ขϛུԥءୱᚡȈޠࠊ୧ཿ٪ࢴᡞഷцၝ ޠޤDecision tree ᄈґ ڸ уၦਠଢ଼РݳȇSOMȃNaïve BayesڐРݳᇅޠউණяש ޏউขၑϟ୧ཿ٪ࢴᡞ࣐ 2007 ԒϟשЩၷ(Shih et al., 2004ȇ2005)Ȅݏข๗ޠࢴ ݏ๗ޠԥ୧ཿ٪ࢴᡞขءࢴȂӱԫུޠԒ 4 Уϟࡤ 2007 ژҐȂҦܼґԥԞ ࢴȄޠޤȃґޠȂ٪ࢴᡞԇӶϛขུفःޠ֖౫Ȃկᐄ೩ӼᏱ
ߓ 5ȈขРݳϟขΩЩၷߓ
TP TN FP FN Detection Rate False Positive Rate Overall Accuracy Naïve Baye 89 1842 17 7 92.708% 0.914% 98.772% Decision 89 1854 5 7 92.708% 0.269% 99.642% Tree SOM 87 1855 4 9 90.625% 0.215% 99.335% Pccllin2007 95 1859 0 1 98.958% 0% 99.949% Norton2007 93 1859 0 3 96.875% 0% 99.847% FPN 95 1855 4 1 98.958% 0.161% 99.795% (Detection RateȈTP/ TP + FN, False Positive RateȈFP/ TN + FP, Overall AccuracyȈTP + TN/ TP + TN + FN + FN) ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 22
ߓ 6ȈґޤࢴขၑЩၷߓ (“¥”= detected)
Virus Profile FPN SOM Naive Bayes Decision tree WORM_NETSKY.P ¥¥¥¥ WORM_MYTOB.A ¥¥¥¥ WORM_MYTOB.K ¥ - ¥¥ WORM_MYTOB.R ¥¥¥¥ WORM_MYDOOM.O ¥¥¥¥ WORM_NETSKY.Q ¥¥¥¥ WORM_SOBER.U ¥ - - - WORM_MYTOB.KQ ¥¥¥¥ WORM_MYTOB.LL ¥¥¥ WORM_LOOKSKY.A ¥¥¥¥ WORM_RONTOKBRO.C ¥¥¥¥ WORM_RONTOKBRO.J ¥¥¥¥ TROJ_YABE.A ¥¥¥¥ TROJ_YABE.B ¥¥¥¥ TROJ_BAGLE.CZ ¥ - ¥¥ WORM_AHKER.J ¥ - ¥¥ VBS_SOBER.AA ¥¥¥¥ JS_WONKA.A ¥ - - -
ಜ࢝ᄻقӃȃ
Ӷܼ٪Ц໐ӈࢴΤޠಜϜȂҭقණяΚ໐ӈࢴ௱፤ЖᔞȂဋܼ൹ΤԓفҐः ߭ӈਣȂҔڦңԞٻұȂ࿌ܛ ಜȄ൹Τԓ໐ӈࢴႇᘯᏣ࢝ᄻԄშ 12قңٻ߮ ցᘟ࣐ٿ৳ഇႇԫࠍٯԚࠍ৳ȂםႬφ໐ӈစҦᏱಭዂಣᏱಭޠளᇅள ࣐ȂसึޠցᘟႬφ໐ӈԥளٿ৳ࠍޠࢴ߭ӈȄࢴႇᘯዂಣᐄᏱಭԂ ࡛ឋȂޠၦਠַུژѫԇܗփଷٯңȂٻ࣐ਣȂཽឍ֚ޠԥளڏ౫Ⴌφ໐ӈ ңᘳ៕໐ӈȄٻ௦ҦޣसႬφ໐ӈցᘟ࣐Ҕள࣐Ȃࠍ
ࡉྤॾٙڶ
IBM M51 ႖࿇ఐॾٙ OS: Windows XP
ၡٙఐመៀᕴ Mail serverڤխሽᆰ ༊Ե OS: Linux IBM eServer X346 OS: Linux
ൄॾٙإ࠷گ IBM M51 OS: Windows XP
ൄሽᆰإ
შ 12Ȉ൹Τԓ໐ӈࢴႇᘯᏣ࢝ᄻ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 23
ಜึᕘძقΚȃ
ಜึαȂNET-Start-IXP420 п Intel Xscale ൹ΤԓࠣϜȂ࣐ᆪقӶ൹Τԓ ၰࣻᜱࠣึϟ IXP 420 CPU ࣐ᡞਰЗȂIPX420 Κঐାਞޠ RISC ᆪၰᔗң Ґ EmbeddedޏഷུޠೞңӶᆪၰ೪റϜȂђαҦශኌၦଊՍঔހ౪ᏣȂѻೞኅ ᡞ೪റᐍ౪Ԅߓ 7ȂԄ WebMailޠңٻܛᄃርαفLinux ࣐ᡞਰЗȂԄშ 13ȄҐः ޠԋӓᆔ౪ժ݉ᏣȃԞึ߭ӈޠңٻܛಜȃࢴঢ়Іཿଡ଼စ౪ق൹Τԓޠңٻܛ Ⴌဟ๊ȄޠңٻңٻMail Server ІΚૢ
ಜϟึݗقშ 13Ȉ൹Τԓ
ߓ 7Ȉᡞሰؒߓ
ᡞ ңഋ ᡞሰؒ Linux–BusyBox ಜقಜ(EEVF) ൹Τԓ໐ӈࢴႇᘯᏣϟق൹Τԓ Apache+PHP+IMAP Linux–Fedora4 ဵҢזSecurity Server ᆔ౪ຶРၦਠІ Apache+PHP+MySql+SSL Linux-Fedora4 Mail Server ໐ӈժ݉Ꮳ Sendmail+IMAP Windows–WinXP ߭ӈІᆔ౪೪ۢڦңԞٻPC(3 ѯ) Κૢ Browser
ಜѓϮಞقΡȃ
ᆪၰᕘძίᄃޠϑӶҐᄃᡜࡊٯಜϑ࡛ဋԚȂقϟ൹Τԓ໐ӈࢴႇᘯفҐः ಜ೪ۢᇅᐈձႇقಜஉϟᕘძ೪ۢȃقȄҐఅख़Ґښᐡޠርஉ໐ӈࢴႇᘯ ᇴ݃ᇅᄃձȄშ 14 ࣐ᄃໍٿңᡜᜍዂಣٻউॷӒଭᄈພьዂಣᇅשโᇴ݃Ȅпί ңᡜᜍዂಣϟฬ८ȂಒΚঐؐᆔ౪ีΤ೪ۢฬ८Ȃ्ཽؒᆔٻձພьዂಣᇅ ூஞጇȄಒڦພьॳ८ژ౪ᒰΤவဵІஞጇȂसಒΚԪีΤȂཽණұᆔ౪҇ሰ ४Ȅ᠍ུޠ᐀ԥࢴࠍٯসȂཽޠউשΡؐȂᆔ౪ሰ༳ΤঐၦਠпԚ࣐ ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 24
შ 14Ȉᆔ౪ພьዂಣϟᄃձฬ८შ
উӕଭᄈಒΡঐ२्ዂಣȇࢴ໐ӈႇᘯዂಣໍᇴ݃ᇅᄃձȂԄშ 15ש௦ ڐցᘟٯႬφ߭ӈਣȂࢴ໐ӈႇᘯዂಣཽ௮ඣؑࡍႬφ໐ӈȂڦңԞٻұȄ࿌ܛ Ԛ࣐ࢴ໐ӈޠѠܓȂस࢛ࡍႬφ߭ӈೞขяᅹծࢴ໐ӈȂࠍཽ࣐я౫ණұฬ ௵्ܛңᒶᐆٻᆎѓᒶᡲ 3 ٽණٯңȂԫࡍ໐ӈᅹծ࣐ࢴ໐ӈȂٻޤ८֚ ϲৡȄޠᘳ៕၏ࡍ߭ӈܗѻၦਠַȃփଷڐژᒶᐆԥಌޠٽউණשձȂޠڦ
შ 15Ȉࢴ໐ӈႇᘯዂಣϟᄃձฬ८შ
ࢴ໐ӈႇᘯዂಣޠউשዂಣȂԄშ 16Ȃུ२्ዂಣ࣐ࢴࠍޠഷࡤ्Ϯಞ ࢴུңӶґٻ໐ӈࢴȂߴሬޠޤȃґޠࢴࠍȂ߰ขུུณᓝᖆ ಜԋӓȄկस࿌ԥུࢴࠍҢȂߓұࢴϑစोҢяུقݸίȂϬߴሬޒޠጇ ࢴࠍȂᗷดϬԥขࢴϟΩȂկࢴขΩϬུԥء࣐ዂԓȂसޠ ϟفȄկҐःܓಜԋӓقѓȂпࡼ៊ᆱࡼޠུࢴࠍٽࡤเ৶Ȃӱԫණུၷ ңٻࢴጇȂϛܿആԚུޠϛᓝᖆȂࣻၷΚૢ୧ཿ٪ࢴᡞᓝᖆٯུࢴࠍ ᘚȄ֩ пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 25
ዂಣϟᄃձฬ८შུშ 16Ȉࢴࠍ
ഛȃ๗፤
ҢȂࢴᇅ٪ࢴޠ໐ӈࢴϛᘟޠུژউѠпΠ၍שᐄНᝧଇᇅᐍ౪Ȃ ࢴጇҢϬሰ्ΚࢳਣȂࢉขޠᄈᔗژϤࣻၷࠑȂུࢴҢޠϛᘟ ೪ॏΚ൹Τԓ໐ӈࢴف२ᘉȄҐःޠفयΩःܛ٪ࢴყޣΚޠࢴޤґ я໐ӈ׳ϸݚȂޠ໐ӈࢴȂഇႇᄈ໐ӈࢴ࣐ޠޤᇅґޤႇᘯᏣȂขяϑ ᜌޤ࣐੬ኊȂ௵ңҐᡞ፤(ontology)࡛ᄻ໐ӈࢴϟޠҐ፵ІณݳᡑޠࢴഷҐ Τ߮ȄޠҐᡞȃၽңዂጚࣃᆶᆪၰ(FPN)ໍ௱፤Ȃԥਞ٪ஈ໐ӈࢴ ಜȃقңٻӶܼ٪Ц໐ӈࢴΤ߮ޠණяϟ൹Τԓ໐ӈࢴႇᘯᏣȂҭفҐः й؈๙ࢴ߭ӈȄᐄٯȂښ೪ۢ٪ៗᐡޠഁץϛ߮Τԓԋ၇ȂഇႇԫᡞȂѠп ԥίӗᓻᘉȈڏفαख़ȂҐः ಜၦྜխңقϛ߮Τԓԋ၇Ȉҭࠊཿࣩ٪ࢴᡞτഎ௵ң߮Τԓԋ၇ȂᏳय .1 ಜձ࣐ႇᘯقңѵ௦ԓഇႇ൹Τԓ௵فϛ߰ȂҐःޠңαٻңٻτȂആԚ྄ ಜϟࠊȂقңлᐡϘೞขႇᘯȂՅೞႇᘯӶ໐ӈٻߩໍΤٯϜϮȂࢴ ಜၦྜȄق໐ӈٵϸܗȂηϛཽխңܓಜԋӓقΚؐණЁໍ РޠขȈΚૢ٪ࢴᡞขࢴഇႇࢴጇЩᄈޠࢴޤІґུՍ .2 ȂӱԫژޠԥӶࢴጇϜȂࠍณݳขءࢴȂसޠԓȂᄈܼؑЉུя౫ ޠ࡛ҴܛขРݳഇႇ໐ӈࢴ੬ኊޠউשࢴጇȄՅུޠ҇ሰ्ਣள ໐ӈࠍޠউשࢴȂӱԫޠޤРԓѠпขяґޠࠍ৳Ȃഇႇࢴ੬ኊЩᄈ Ȅུޠϛ҇ਣள ڐȈഷԥਞႲ٪໐ӈࢴ๋࣐ӶࢴໍΤႬဟϟࠊ൸ණࠊ٪ៗȂϛᡲܓԋӓ .3 ңІ໐ӈժٻಜȂ࣐قউ೪ॏϟ൹Τԓ໐ӈࢴשΤႬဟϲഌȂӱԫໍ ႬဟȄޠңٻژґໍΤڐٻᏣϟϜϮȂԥਞᄡࢴ໐ӈȂ݉ ޠȂആԚᇳց౦เାښ४ޠขၑႇโϜȂҦܼ࣐ขРݳޠӶᄃርஉ ցޠໍΚؐٿңҐٙٻРԓȂഇႇޠңණᒻᇅၛୱٻң௵فୱᚡȂҐः ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 26
(Рԓ(collaborative filteringޠউηՄኍ௵ңӬձႇᘯשԫΚୱᚡȄ؛၍ٿᘟȂ ข౦ᇅ७մᇳց౦ȄޠᓻᘉȂໍΚؐණЁࢴޠ๗ӬӼᆎขРݳ
ࢯȃयᗃ
Мࡼᇅ᜔ޠفসཽᄈҐःېཏُȂདᗃঢ়ऌᏱޠসϡີېདᗃή՞ቸࢦ ȄݏጢဵȈNSC 95-3113-P-224-004)ϟഌӌԚ)فֆȂҐ፤Н࣐ऌཽ၅ֆᚡः
ՄНᝧ
ȂҴݔऌτᏱၦଊᆔ౪ःف࠻≊ීȃҖ 92 ԒȂႬφ໐ӈࢴขϟः .1 ᆉς፤НȂȄܛف 2. ቔȃҖ 90 ԒȂпᐚޒᜱᖓԓ࢝ᄻขႬφ໐ӈࢴϟଇȂҴϜѶτ ᆉς፤НȂȄܛفᏱၦଊᆔ౪ः п७ң˕فᜌ৳ϟःޤ༂ઊȃҖ 91 ԒȂ࡛ᄻୋߴࠣрۢҐᡞ፤ .3 ᆉς፤НȂȄܛفȂؾҴѯіᚃᏱτᏱᚃᏱၦଊःپ࣐ 4. Bunge, M., “Ontology I: The Furniture of the World. Treaties on Basic Philosophy”, Vol. 3, 1977. 5. Bernaras, A., Laresogiti, I. and Corera, J. “Building and reusing ontologies for electrical network applications”, In W. Wahlster (Ed.) European Conference on Aritficial Intelligence, 1996, pp: 298-302. 6. Chandrasekaran, B. Josephson, J. R. and Benjamins, V.R. “What are Ontologies and why do we need them? ” IEEE Intelligent Systems, Vol. 14, No.1, 1999, pp: 20-26. 7. Chen, S., Ke, J. S. and Chang, J. “Knowledge Representation Using Fuzzy Petri Nets,” IEEE Transactions on Knowledge and Data Engineering, Vol. 2, No. 3, 1990, pp: 311-319. 8. Cohen, F. “Current best practice against computer viruses”, Security Technology, 1991. Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on, Vol.1-3, 1991, pp: 261-270. 9. Fernandez-Lopez, M., Gomez-Perez A. and Juristo, N. “METHONOLOGY: form ontological art towards ontological engineering,” Spring Symposium on Ontological Engineering of AAAI, 1997, pp: 33-40. 10. Fernandez-Lopez, M., Gomez-Perez, A., Sierra, J.P. and Sierra, A.P. “Building a chemical ontology using Methontology and the Ontology Design Environment”, IEEE Intelligent Systems, Vol.14, No.1, 1999, pp: 37-46. пҐᡞ፤࣐ஆᙄϟඍཏ໐ӈข 27
11. Gomez-Perez, A., Fernandez, A. and Vicente, M. D. “Towards a method to conceptualize domain ontologies,” European Conference on Aritficial Intelligence, 1996, pp: 41-52. 12. Gruninger, M. and Fox, M.S. “Methodology for the Design and Evaluation of Ontologies,” Workshop on Basic Ontological Issues in Knowledge Sharing, IJCAI-95, Montreal, 1995. 13. Guarino, N. “Formal ontology and information system,” 1998. available at http://www.loa-cnr.it/Papers/FOIS98.pdf 14. International Computer Security Association Lab (ICSA Lab), “ICSA Labs 10th Annual Computer Virus Prevalence Survey,” available at http://www.icsa.net/icsa/! docs/html/library/whitepapers/VPS2004.pdf 15. Kienzle, M. Darrell and Matthew, C. Elder “Recent WormsȈA Survey and Trends”, ACM workshop on Rapid Malcode, Washington, DC, USA, 2003, pp1-10 16. Lee, Jieh-Sheng., Hsiang, J., Tsang, Po-Hao. “A generic virus detection agent on the internet,” System Sciences, Proceedings of the Thirtieth Hawaii International Conference, Vol.4, No.7-10, 1997, pp: 210 -219. 17. Luke, J., and Harris, C.J. “The application of CMAC based intelligent agents in the detection of previously unseen computer viruses”, Information Intelligence and Systems, Vol.31, 1999, pp:662 -666. 18. Murata, T. “Petri nets: Properties, analysis and application,” Proceedings of the IEEE, Vol. 77, No.4, 1989, pp: 541-580. 19. Neches, R., Fikes, R. E., Finin, T., Gruber, T. R., Senator, T. and Swartout, W. R. “Enabling technology for knowledge sharing,” AI Magazine, Vol.12, No.3, 1991, pp: 36-56. 20. OWL Web Ontology Language Overview. Available online at: http://www.w3.org/2001/sw/WebOnt/, 2005 21. Phillippo, S. J. “Practical virus detection and prevention,” Viruses and their Impact on Future Computing Systems, Vol.19, 1990, pp: 2/1-2/2. 22. Shih, D.H. “Detection of New Malicious Emails Based on Self-Organizing Maps And K-Medoids Clustering,” J. of Information Management, Vol. 11, No. 2, 2004, pp: 211-235. 23. Shih D. H., Chiang H. S. and Yen, D. C. “Classification Methods in the Detection of New Malicious Emails,” Information Sciences, Vol.172, No.1-2, 2005, pp: 241-261. 24. Staab, S., Schnurr, H.-P., Studer, R., and Sure, Y. “Knowledge processes and ontologies,” IEEE Intelligent Systems, Special Issue on Knowledge Management, 16(1), 2001. 25. Swarout, B., Ramesh, P. Knight, K. and Russ, T. “Toward distributed use of large-scale ontlolgy,” In A. Farquhar, M. Gruninger, A. Gomez-Perez, M. Uschool & ё !ڣၦଊᆔ౪Ᏹൣ! ಒΫѳ 28
ven der Vet P (Eds.) AAAI’97 Spring Symposium on Ontological Engineering, 1997, pp:138-148. 26. Symantec.com, Security Response. available at http://www.Symantec.com/region/tw/enterprise/article/virus_protect.html 27. Takeshi, Okanmoto and Yoshiteru, Ishida, “An Analysis of a Model of Computer Viruses Spreading via Electronic Mail”, Systems and computers in Japan, Vol. 33, No. 14, 2002, pp:81-90. 28. Trend micro, Virus Encyclopedia Search. available at http://www.trendmicro.com/vinfo/virusencyclo/default.asp 29. Uschold, M. and King, M. “Towards a methodology for building ontologies,” In: IJCAI95 Workshop on Basic Ontological issues in Knowledge Sharing, pp6.1-6.10, Montreal, Canada, 1995. 30. Zenkin Denis, “Fighting Against the Invisible Enemy Methods for detecting an unknown virus,” Computers & Security, Vol.20, No4, 2001, pp: 316-321.