{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00192180","sets":["6164:6165:6462:9599"]},"path":["9599"],"owner":"44499","recid":"192180","title":["Linuxにおけるファイルレスマルウェア対策"],"pubdate":{"attribute_name":"公開日","attribute_value":"2018-10-15"},"_buckets":{"deposit":"2141f135-3529-40f3-bbef-c2ee7358f4de"},"_deposit":{"id":"192180","pid":{"type":"depid","value":"192180","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Linuxにおけるファイルレスマルウェア対策","author_link":["447024","447025","447022","447023"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Linuxにおけるファイルレスマルウェア対策"},{"subitem_title":"Mitigaton of Fileless-Malware in Linux","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ファイルレスマルウェア，Linux，システムコール","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2018-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京電機大学工学研究科情報通信工学専攻"},{"subitem_text_value":"東京電機大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/192180/files/IPSJCSS2018085.pdf","label":"IPSJCSS2018085.pdf"},"date":[{"dateType":"Available","dateValue":"2020-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2018085.pdf","filesize":[{"value":"280.6 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"20594e36-c6e8-48c6-b3d5-9ab07b6d9a1c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2018 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"田中, 紘世"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"齊藤, 泰一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kousei, Tanaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Taiichi, Saito","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"ファイルレスマルウェアでは，ダウンロードされたマルウェア本体 (ペイロード) はハードドライブ上に格納されることはない．ダウンロードされたペイロードは，OSの機能により直接メモリ上に展開され，実行された後，削除される．メモリ上から削除されること，ファイルとしての実体を持たないことが，ペイロードのフォレンジックを困難とする．ハードディスク上に存在するドロッパー・ローダーは，ペイロードをダウンロード・実行するのみであり，これを解析してもマルウェア全体としての動作を解析できない．我々は Linux において想定されるファイルレスマルウェアに使われる技術を分析し，その対策法について考察した．本項では Linux システムコール memfd_create を利用したファイルレスマルウェアへの対策手法を述べる．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In a fileless malware, a dropper downloads the main part of malware called payload from network and does not store it into the hard drive.It stores the payload directly into memory, activates and  deletes it.It is difficult to analyze the payload with existing digital forensics methodssince the payload is temporarily placed in the memory and finally deleted.In this paper, we investigate a new kind of fileless malware that uses memfd_create systemcall and consider mitigation for it.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"606","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2018論文集"}],"bibliographicPageStart":"601","bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2018"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":192180,"updated":"2025-01-20T00:16:10.008616+00:00","links":{},"created":"2025-01-19T00:57:56.085810+00:00"}