{"updated":"2025-01-20T02:23:37.784265+00:00","links":{},"created":"2025-01-19T00:53:55.803573+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00187243","sets":["6164:6165:6462:9463"]},"path":["9463"],"owner":"11","recid":"187243","title":["デバイスドライバを用いたプロセス挙動保全ツールの提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2017-10-16"},"_buckets":{"deposit":"905c967b-033d-458e-a4ef-3cf5648125ae"},"_deposit":{"id":"187243","pid":{"type":"depid","value":"187243","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"デバイスドライバを用いたプロセス挙動保全ツールの提案","author_link":["422838","422835","422837","422848","422845","422839","422844","422834","422842","422847","422843","422833","422846","422840","422841","422836"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"デバイスドライバを用いたプロセス挙動保全ツールの提案"},{"subitem_title":"Preserving Tool for Process Behavior Using Kernel Mode Device Driver","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"MWS，マルウェア，動的解析，カーネルモード，デバイスドライバ","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2017-10-16","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"国立研究開発法人情報通信研究機構／株式会社ニッシン"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構／株式会社日立システムズ"},{"subitem_text_value":"国立研究開発法人情報通信研究機構／株式会社サイバーディフェンス研究所"},{"subitem_text_value":"国立研究開発法人情報通信研究機構／株式会社サイバーディフェンス研究所"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"National Institute of Information and Communications Technology / Nissin inc.","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology/Hitachi Systems, Ltd.","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology / Cyber Defense Institute, Inc.","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology / Cyber Defense Institute, Inc.","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/187243/files/IPSJCSS2017068.pdf","label":"IPSJCSS2017068.pdf"},"date":[{"dateType":"Available","dateValue":"2019-10-16"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2017068.pdf","filesize":[{"value":"453.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"b52e5778-cdc9-49f0-a33c-010ca726e498","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2017 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"竹久, 達也"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"牧田, 大佑"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"神宮, 真人"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"丑丸, 逸人"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"福森, 大喜"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"津田, 侑"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"遠峰, 隆史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"井上, 大介"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Tatsuya, Takehisah","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Makita","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masato, Jingu","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hayato, Ushimaru","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daiki, Fukumori","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yu, Tsuda","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takashi, Tomine","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Inoue","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェアの動的解析を行う際，マルウェアに含まれる解析環境検知技術が動的解析の妨げになることが問題となっている．そのため，これら解析の妨げになる検知技術を回避し動的解析可能にする提案も多い．ユーザーモードで動作するマルウェアは，ユーザーモードで動作する解析環境を検知しやすい．そのため，本稿ではWindowsのカーネルモードで動作するデバイスドライバだけでプロセス情報を収集し外部への送信を行うツールを提案する．また，提案するデバイスドライバにて収集したマルウェア挙動の一例を紹介する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Evasion techniques (e.g., analysis environment detection) implemented in malware are problematic for conducting the dynamic analysis. To overcome the evasion techniques, many proposals have been made for preventing the detection. Malware running in the user mode are able to detect analysis environments operating in the user mode easily. In this paper, we present a tool to collect process information by using a device driver operated in the kernel mode on Windows. We provide some experimental results of malware behavior obtained with the proposed tool.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2017論文集"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2017-10-16","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2017"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":187243}