{"id":210071,"created":"2025-01-19T01:11:20.495676+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00210071","sets":["1164:2836:10501:10502"]},"path":["10502"],"owner":"44499","recid":"210071","title":["ユーザ操作特定のためのカーネル内でのプロセス挙動収集手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-03-08"},"_buckets":{"deposit":"b730867b-22d5-4e50-b5d1-9fe2e7a9e8a0"},"_deposit":{"id":"210071","pid":{"type":"depid","value":"210071","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"ユーザ操作特定のためのカーネル内でのプロセス挙動収集手法","author_link":["531061","531063","531064","531062","531066","531065"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ユーザ操作特定のためのカーネル内でのプロセス挙動収集手法"},{"subitem_title":"Method for collecting process behavior in the Kernel to identify User Operations","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"情報収集・分析","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2021-03-08","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学"},{"subitem_text_value":"日本電気株式会社"},{"subitem_text_value":"日本電気株式会社"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"NEC Corporation","subitem_text_language":"en"},{"subitem_text_value":"NEC Corporation","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/210071/files/IPSJ-DPS21186048.pdf","label":"IPSJ-DPS21186048.pdf"},"date":[{"dateType":"Available","dateValue":"2023-03-08"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-DPS21186048.pdf","filesize":[{"value":"1.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"34"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"afdb8ded-712d-4b5c-980f-2e237d3604a3","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"藤枝, 慶弘"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"羽角, 太地"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"島, 成佳"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"安田, 真悟"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"鄭, 俊俊"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"毛利, 公一"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN10116224","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8906","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"標的型攻撃で侵入してくる攻撃者の継続的な観測を行うための環境を構築するためには，侵入先の計算機がユーザによって普段から利用されていることを模擬する必要がある．このような観測環境を効率的に構築するために，実際のユーザによる操作列に関する情報を記録し，それを元に再現することを検討している．本論文では，ユーザのアプリケーション操作を再現するために必要な情報を取得することを目的として，具体的には Windows におけるカーネルモードでプロセス挙動を取得するソフトウェアを設計・実装・評価したので報告する．ユーザがローカルシステム上でログオンした際に生成されるセッション情報，資格情報，アプリケーションの実行やファイルの操作などのイベントなど，プロセスやスレッドの情報をカーネルモードで収集する．これにより，取得した情報から継続的なユーザの操作を特定できることを確認した．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In order to construct an environment for continuous observation of an attacker in a targeted attack, it is necessary to simulate the usual use of the target computer by users. In order to construct such an observation environment efficiently, we are considering recording information about the sequence of operations by actual users and reproducing them based on the recorded information. In this paper, we report on the design, implementation, and evaluation of a software program that obtains information necessary to reproduce the user's application operations, specifically, the process behavior in kernel mode in Windows. The software collects process and thread information in kernel mode, such as session information generated when a user logs on to the local system, token information, and events such as application execution and file operations. We have confirmed that we can identify continuous user operations from the acquired information.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告マルチメディア通信と分散処理（DPS）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2021-03-08","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"48","bibliographicVolumeNumber":"2021-DPS-186"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"updated":"2025-01-19T18:17:03.589495+00:00","links":{}}