{"id":194396,"updated":"2025-01-19T23:30:03.014820+00:00","links":{},"created":"2025-01-19T00:59:27.190349+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00194396","sets":["581:9633:9635"]},"path":["9635"],"owner":"44499","recid":"194396","title":["可用性を考慮したプロセスの複製によるライブフォレンジック手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-02-15"},"_buckets":{"deposit":"884a6549-0a9e-4991-a848-218357e618b6"},"_deposit":{"id":"194396","pid":{"type":"depid","value":"194396","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"可用性を考慮したプロセスの複製によるライブフォレンジック手法","author_link":["460020","460017","460021","460022","460019","460018"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"可用性を考慮したプロセスの複製によるライブフォレンジック手法"},{"subitem_title":"Live Forensic Method Using Process Duplication to Maintain High System Availability","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[一般論文（推薦論文, 特選論文）] ライブフォレンジック，インメモリマルウェア，高可用性システム","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2019-02-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"岡山大学大学院自然科学研究科"},{"subitem_text_value":"岡山大学大学院自然科学研究科"},{"subitem_text_value":"岡山大学大学院自然科学研究科"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Natural Science and Technology, Okayama University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Natural Science and Technology, Okayama University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Natural Science and Technology, Okayama University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/194396/files/IPSJ-JNL6002049.pdf","label":"IPSJ-JNL6002049.pdf"},"date":[{"dateType":"Available","dateValue":"2021-02-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6002049.pdf","filesize":[{"value":"657.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2dbeb0de-22e0-4111-9e9c-f168fbd7c718","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"山内, 利宏"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"時松, 勇介"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"谷口, 秀夫"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Toshihiro, Yamauchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yusuke, Tokimatsu","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hideo, Taniguchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"従来のハードディスクを調査対象とするデジタルフォレンジック手法は，ファイルシステムに痕跡を残さない攻撃に対処できない．また，ハードディスク上の証拠が改変されるのを防ぐためにシステムの電源断や処理の停止を必要とし，システムの可用性を低下させる．本論文では，可用性を考慮したプロセスの複製によるライブフォレンジック手法を提案する．提案手法は，プロセスを調査対象とし，対象プロセスの仮想記憶空間を複製して，低オーバヘッドでスナップショットを作成し，複製先のプロセスのメモリ上の証拠を収集する．このようにプロセスの複製処理において，プロセスのテキスト部などのメモリ間コピーを抑制することで，システムの可用性への影響を抑制しつつ，ファイルシステムに痕跡を残さない攻撃に対処できる．また，周期的に処理を実行するプロセスに提案手法を適用した場合の遅延時間を評価した結果，および提案手法の有効性について述べる．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Most conventional digital forensic methods are designed to target hard disk drives, making them ineffective at detecting in-memory malware. In addition, in order to prevent a target system from changing the evidence on hard disk drives, it is necessary to shut down the system or stop its processing, reducing system availability. In this paper, we propose a live forensic method using process duplication to maintain high system availability. The proposed method duplicates the virtual address space of a target process for investigation, and obtains the relevant evidence from the duplicate. By reducing the occurrence of memory copy in the duplication process, it is possible to detect in-memory malware while retaining system availability. We describe the effectiveness of the proposed method, and furthermore, evaluate and report on the delay time when this method is applied to a periodically executing process.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"705","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"696","bibliographicIssueDates":{"bibliographicIssueDate":"2019-02-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"60"}]},"relation_version_is_last":true,"weko_creator_id":"44499"}}