{"id":187263,"updated":"2025-01-20T02:19:47.069057+00:00","links":{},"created":"2025-01-19T00:53:56.916320+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00187263","sets":["6164:6165:6462:9463"]},"path":["9463"],"owner":"11","recid":"187263","title":["テイントフォレンジックスによるIAT再構築"],"pubdate":{"attribute_name":"公開日","attribute_value":"2017-10-16"},"_buckets":{"deposit":"4e8b79bf-8805-4d64-8168-764b40a2ca44"},"_deposit":{"id":"187263","pid":{"type":"depid","value":"187263","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"テイントフォレンジックスによるIAT再構築","author_link":["422995","422994","422993","422996","422992","422991"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"テイントフォレンジックスによるIAT再構築"},{"subitem_title":"Taint-Assisted Forensics for IAT Reconstruction","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"フォレンジックス,テイント解析,マルウェア,IAT再構築,API","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2017-10-16","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"NTTセキュアプラットフォーム研究所"},{"subitem_text_value":"NTTセキュアプラットフォーム研究所"},{"subitem_text_value":"NTTセキュアプラットフォーム研究所"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/187263/files/IPSJCSS2017088.pdf","label":"IPSJCSS2017088.pdf"},"date":[{"dateType":"Available","dateValue":"2017-10-16"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2017088.pdf","filesize":[{"value":"450.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2556342e-80c3-4d5f-a944-779890111cba","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2017 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"川古谷, 裕平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岩村, 誠"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"三好, 潤"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yuhei, Kawakoya","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Makoto, Iwamura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Jun, Miyoshi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN 1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェアの静的解析において,Windows APIはマルウェアの機能を効率的に読み取るための重要な情報源である.しかし,その有用性のため,マルウェア作者はマルウェアに難読化を施し,インポートしているAPIを隠蔽する傾向がある.本論文では,マルウェアが利用するAPI難読化手法とそれらを解析する既存手法を整理し,既存手法がAPIの配置場所を難読化する解析妨害に脆弱であることを示す.次に,この問題を解決するため,テイント解析により得た情報に基づき,メモリダンプ内のIATのAPIアドレス解決を行う提案する.本提案手法を用いることで,マルウェが配置場所難読化を施した場合でも,インポートしているAPIを正確に特定できることを実験にて示す.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2017論文集"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2017-10-16","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2017"}]},"relation_version_is_last":true,"weko_creator_id":"11"}}