{"updated":"2025-01-19T18:15:49.389729+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00210123","sets":["1164:3925:10503:10504"]},"path":["10504"],"owner":"44499","recid":"210123","title":["クロック分解能を用いたRaspberry Pi仮想マシンの検出"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-03-08"},"_buckets":{"deposit":"84a51689-536f-4fb7-8a2c-d8b4f549b598"},"_deposit":{"id":"210123","pid":{"type":"depid","value":"210123","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"クロック分解能を用いたRaspberry Pi仮想マシンの検出","author_link":["531284","531283"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"クロック分解能を用いたRaspberry Pi仮想マシンの検出"},{"subitem_title":"Virtual Machine Detection for Raspberry Pi with Clock Resolution","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"IoTセキュリティ","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2021-03-08","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"筑波大学"},{"subitem_text_value":"筑波大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"University of Tsukuba","subitem_text_language":"en"},{"subitem_text_value":"University of Tsukuba","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/210123/files/IPSJ-CSEC21092026.pdf","label":"IPSJ-CSEC21092026.pdf"},"date":[{"dateType":"Available","dateValue":"2023-03-08"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC21092026.pdf","filesize":[{"value":"1.2 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"b4942ae6-7b24-4750-b78e-b7fd015f4e7c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"鈴木, 克弥"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"大山, 恵弘"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年の IoT デバイスの普及に伴って，IoT デバイスを攻撃対象とするマルウェアが増加している．マルウェアの挙動を解析することは非常に重要なトピックの 1 つであり，その中でもマルウェアの解析回避処理を解明することは大きな意味を持つ．IoT デバイスで採用されている Arm アーキテクチャは一般的なコンピュータで採用されている x86 アーキテクチャとは異なる特徴を持つ．また，OS も Windows ではなく Linux が採用されることが多い．しかし，解析回避処理を扱う既存研究の多くが x86 アーキテクチャや Windows を対象としている．したがって，Arm アーキテクチャや Linux を対象とするマルウェアの解析回避処理の研究が必要である．これまでに発見された解析回避処理の 1 つに仮想マシンの検出がある．本研究では，Arm アーキテクチャと Linux を採用している代表的な IoT デバイスとして Raspberry Pi を対象とし，実マシンと仮想マシンでクロックの分解能に差があることを利用し，仮想マシンを検出する手法を提案する．また，提案手法に基づいて仮想マシン検出プログラムを作成し，実験の結果，その有効性を確認した．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In recent years, IoT malware has been increasing along with the widespread use of IoT devices. Analyzing the behavior of malware is one of the most important topics. In particular, we focused on elucidating the analysis evasion process of malware. The Arm architecture used in IoT devices has different characteristics from the x86 architecture used in general computers. However, most of the existing researches dealing with analysis evasion process target the x86 architecture. Therefore, it is necessary to study the analysis evasion process for malware targeting the Arm architecture. The virtual machine detection is one of the analysis evasion processes discovered so far. In this paper, we propose a new method for detecting virtual machines. The method focuses on the difference in clock resolution between real and virtual machines, and targets the Raspberry Pi as a typical machine that uses the Arm architecture. We have implemented a virtual machine detection program based on the proposed method and confirmed its effectiveness through experimental results.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2021-03-08","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"26","bibliographicVolumeNumber":"2021-CSEC-92"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:11:23.389053+00:00","id":210123,"links":{}}