{"updated":"2025-01-20T00:15:24.803317+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00192202","sets":["6164:6165:6462:9599"]},"path":["9599"],"owner":"44499","recid":"192202","title":["マルウェアによるRDTSC命令の利用方法についての分析"],"pubdate":{"attribute_name":"公開日","attribute_value":"2018-10-15"},"_buckets":{"deposit":"4799fba7-45a9-4457-91c4-f94085dcda6d"},"_deposit":{"id":"192202","pid":{"type":"depid","value":"192202","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"マルウェアによるRDTSC命令の利用方法についての分析","author_link":["447157","447156"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"マルウェアによるRDTSC命令の利用方法についての分析"},{"subitem_title":"Analysis on the Usage of the RDTSC Instruction by Malware","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア，RDTSC命令，解析回避，サンドボックス，仮想化","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2018-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"筑波大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"University of Tsukuba","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/192202/files/IPSJCSS2018107.pdf","label":"IPSJCSS2018107.pdf"},"date":[{"dateType":"Available","dateValue":"2020-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2018107.pdf","filesize":[{"value":"219.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"646a18e0-0daf-45d0-8827-19ae15737160","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2018 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大山, 恵弘"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yoshihiro, Oyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"多くのマルウェアが解析を回避するための処理を実行する．それらの中には，実行時間や実行 CPU サイクル数の計測によるサンドボックス検出があり，特に，RDTSC 命令を用いる手法が広く知られている．しかし，実際のマルウェアが RDTSC 命令をどう利用しているかの実態は十分に明らかにされてこなかった．本稿では，マルウェアによる RDTSC 命令の利用方法を分析した結果を示す．この分析では，マルウェアの命令列から RDTSC 命令の周辺のコード断片を抽出し，それらを特徴にしたがって分類した．その結果，マルウェアが RDTSC 命令により多様な処理の CPU サイクル数を計測していることや，処理に要する CPU サイクル数の計測以外の目的で RDTSC 命令を実行している可能性があることがわかった．","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"761","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2018論文集"}],"bibliographicPageStart":"754","bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2018"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T00:57:57.303473+00:00","id":192202,"links":{}}