{"created":"2025-05-14T01:00:50.094900+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02002157","sets":["1164:4088:11911:1747183907775"]},"path":["1747183907775"],"owner":"80578","recid":"2002157","title":["パッカーの自動解凍に向けた軽量な細粒度フック手法の提案"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2025-05-22"},"_buckets":{"deposit":"1b0a0635-c8ce-49f0-9cbd-b2eddc5aa595"},"_deposit":{"id":"2002157","pid":{"type":"depid","value":"2002157","revision_id":0},"owners":[80578],"status":"published","created_by":80578},"item_title":"パッカーの自動解凍に向けた軽量な細粒度フック手法の提案","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"パッカーの自動解凍に向けた軽量な細粒度フック手法の提案","subitem_title_language":"ja"},{"subitem_title":"A Lightweight Instruction-Level Hooking Approach for Automatic Unpacking","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"CSEC","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2025-05-22","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"名古屋工業大学"},{"subitem_text_value":"名古屋工業大学"},{"subitem_text_value":"名古屋工業大学"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2002157/files/IPSJ-IOT25069009.pdf","label":"IPSJ-IOT25069009.pdf"},"date":[{"dateType":"Available","dateValue":"2027-05-22"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT25069009.pdf","filesize":[{"value":"266.7 KB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"22abc9df-53d7-4a91-9c38-985a6fef2369","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2025 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"山根,一真"}]},{"creatorNames":[{"creatorName":"掛井,将平"}]},{"creatorNames":[{"creatorName":"齋藤,彰一"}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kazuma Yamane","creatorNameLang":"en"}]},{"creatorNames":[{"creatorName":"Shohei Kakei","creatorNameLang":"en"}]},{"creatorNames":[{"creatorName":"Shoich Saito","creatorNameLang":"en"}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"プロセスの動作を把握する上で，動的解析における命令単位のフックによる情報収集は有効な手法の一つである．命令単位でのフックの実現のため，動的バイナリ計装ツールやIntel Processor Traceを利用した手法が提案されており，多くの場面で利用されている．一方で，Windowsマルウェアでの解析に際しては解析時間のほとんどをWindows API内部の処理に費やしてしまい，結果的にマルウェア独自のコードを十分に解析することができないという課題がある．そこで本研究では，登録した例外ハンドラの処理を除いてWindows API内の追跡をスキップすることで重要な箇所のみを解析する手法を提案する．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Instruction-level hooking in dynamic analysis is an effective technique for understanding the behavior of a process. Methods using dynamic binary instrumentation tools and Intel Processor Trace have been proposed and are widely adopted to achieve instruction-level hooking. However, in the context of Windows malware analysis, a significant portion of analysis time is often consumed by internal Windows API processing. As a result, it becomes difficult to analyze the malware's code thoroughly. To address this issue, this study proposes a method that selectively skips tracing within Windows API calls ― excluding the execution of registered exception handlers ― to focus analysis on the critical parts of the malware.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2025-05-22","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"2025-IOT-69"}]},"relation_version_is_last":true,"weko_creator_id":"80578"},"id":2002157,"updated":"2025-05-14T01:00:55.910125+00:00","links":{}}