{"updated":"2025-01-21T09:24:29.405994+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00106633","sets":["6164:6165:6462:7729"]},"path":["7729"],"owner":"11","recid":"106633","title":["ブランチトレース機能を用いたシステムコール呼出し元アドレス取得手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2014-10-15"},"_buckets":{"deposit":"0b4df825-9a44-45a4-a33e-b419a30fcc58"},"_deposit":{"id":"106633","pid":{"type":"depid","value":"106633","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"ブランチトレース機能を用いたシステムコール呼出し元アドレス取得手法","author_link":["13177","13174","13170","13176","13175","13173","13171","13172"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ブランチトレース機能を用いたシステムコール呼出し元アドレス取得手法"},{"subitem_title":"Identifying of System Call Invoker by Branch Trace Facilities","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ブランチトレース，仮想計算機モニタ，MWS Datasets 2014，CCC DATAset，D3M","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2014-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"名古屋工業大学"},{"subitem_text_value":"立命館大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Nagoya Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/106633/files/IPSJCSS2014110.pdf"},"date":[{"dateType":"Available","dateValue":"2016-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2014110.pdf","filesize":[{"value":"427.4 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"8e69cc05-1f50-44c4-87fc-473eb2b822c8","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2014 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大月, 勇人"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"瀧本, 栄二"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"齋藤, 彰一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"毛利, 公一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yuto, Otsuki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Eiji, Takimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shoichi, Saito","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Koichi, Mouri","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"最近のマルウェアには，他のプロセスのメモリ上に潜んで動作するものや複数のモジュールで構成されるものが存在する．このようなマルウェアに対して，従来のプロセスやスレッドを単位として挙動を観測する手法では個々の動作の区別が困難である．この課題の解決のために，システムコールトレーサであるAlkanetは，システムコールフック時にスタックトレースを行い，呼出し元となったコードまで特定する．ただし，当該手法では，マルウェアにスタックを改竄された場合に呼出し元を正確に取得できない．そこで，本論文では，CPUに搭載されているブランチトレース機能を活用した正確な呼出し元の取得手法とその有効性について述べる．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Recent malware infects other processes. Another one consists of two or more modules and plugins. It is difficult to trace these malware because traditional methods focus on threads or processes. We are developing Alkanet, a system call tracer for malware analysis. To trace the malware, Alkanet identifies the system call invoker by stack trace. However, if malware has falsified its stack, Alkanet cannot identify it correctly. In this paper, we describe a method for identifying a system call invoker by branch trace facilities. We consider the effectiveness of branch trace facilities for malware analysis.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"850","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2014論文集"}],"bibliographicPageStart":"843","bibliographicIssueDates":{"bibliographicIssueDate":"2014-10-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2014"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-18T23:50:00.225145+00:00","id":106633,"links":{}}