{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00157672","sets":["1164:6389:8485:8486"]},"path":["8486"],"owner":"11","recid":"157672","title":["侵入防御のためのプロセス活動リンク付方式に向けた初期的検討"],"pubdate":{"attribute_name":"公開日","attribute_value":"2016-02-25"},"_buckets":{"deposit":"8e52178d-e216-4715-b721-2a36d71498f8"},"_deposit":{"id":"157672","pid":{"type":"depid","value":"157672","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"侵入防御のためのプロセス活動リンク付方式に向けた初期的検討","author_link":["298705","298703","298702","298704","298707","298706"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"侵入防御のためのプロセス活動リンク付方式に向けた初期的検討"},{"subitem_title":"Preliminary Studies of Linkage Analysis among Process Behavior for Intrusion Prevention","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"不正プログラム解析","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2016-02-25","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"情報セキュリティ大学院大学"},{"subitem_text_value":"情報セキュリティ大学院大学"},{"subitem_text_value":"情報セキュリティ大学院大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"INSTITUTE of INFORMATION SECURITY","subitem_text_language":"en"},{"subitem_text_value":"INSTITUTE of INFORMATION SECURITY","subitem_text_language":"en"},{"subitem_text_value":"INSTITUTE of INFORMATION SECURITY","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/157672/files/IPSJ-SPT16017015.pdf","label":"IPSJ-SPT16017015.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SPT16017015.pdf","filesize":[{"value":"1.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"09790b5c-36f4-4a56-b84f-8ecdbae4678c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2016 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"都丸, 裕大"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"橋本, 正樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"田中, 英彦"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yudai, Tomaru","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masaki, Hashimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hidehiko, Tanaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12628305","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8671","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，標的型攻撃などの対策として C&C サーバとの通信やマルウェアをブラックリストやシグネチャとして利用し，対策をしているものが多く存在している．また，検知できないマルウェアについては，その動作をつかむために，専門家のノウハウをもとにシステム内部の証跡からマルウェアであると判断してきた．そのため，マルウェアの発見には時間がかかり，機械的に判断することが困難である．そこで本研究では攻撃を機械的に識別するために，マルウェアの悪性活動の流れを見て不正であると判断する方式を提案する．具体的には， TOMOYO Linux を用いて，マルウェアを動的解析し，ファイルの実行，C&C サーバへの通信などのアクセス情報を収集し，マルウェアによる一連の活動について絶対パスでリンク付を行う．これにより，プロセス活動による侵入防御について，機械的に判定できる部分を広げ，より高度で知的な侵入防御システムを構築する基礎となることを期待する．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Recently, there are many malware measures such as targeted attacks, conmiunicate with C&C servers, and file, using as black lists or signatures. Malware carmot be detected, in order to grab malware behavior, has been determined that the expert is malware from such a variety of trails within the system on the basis of the know-how, such as their knowledge. Therefore, it takes time to discover the malware, it is difficult to mechanically determine now. So, in this study, to mechanically identify cyberattacks, we propose a scheme that is determined to be unauthorized access to see the flow of malignant activity by malware. Specifically, by using TOMOYO Linux, run the malwares that execution and creation files, they collect access information such as the communication to the C&C servers and analysis linkage with the absolute path among process behavior by malware. As a result, the intrusion prevention through the process behavior, to extend the portion can be determined mechanically. It is expected to become the basis for building a more advanced and intelligent intrusion prevention system.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告セキュリティ心理学とトラスト（SPT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2016-02-25","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"15","bibliographicVolumeNumber":"2016-SPT-17"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":157672,"updated":"2025-01-20T13:16:16.267676+00:00","links":{},"created":"2025-01-19T00:31:33.114323+00:00"}