{"created":"2025-01-19T01:31:44.947523+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00231442","sets":["1164:5251:11193:11433"]},"path":["11433"],"owner":"44499","recid":"231442","title":["セキュリティ対策ソフトを回避させる機能を有するダウンローダ型マルウェア対策とその評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-12-04"},"_buckets":{"deposit":"5784bfd8-5f52-4074-9d54-8dbfbbc56435"},"_deposit":{"id":"231442","pid":{"type":"depid","value":"231442","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"セキュリティ対策ソフトを回避させる機能を有するダウンローダ型マルウェア対策とその評価","author_link":["624783","624785","624784","624782"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"セキュリティ対策ソフトを回避させる機能を有するダウンローダ型マルウェア対策とその評価"},{"subitem_title":"Countermeasures Against Trojan-Downloader with the Function to Evade Security Software and its Evaluation","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"CSEC(2)","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2023-12-04","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"名城大学理工学部情報工学科"},{"subitem_text_value":"名城大学大学院理工学研究科"},{"subitem_text_value":"名城大学情報工学部"},{"subitem_text_value":"名城大学情報工学部"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Department of Information Engineering, Faculty of Science and Technology, Meijo University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Science and Technology, Meijo University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Information Engineering, Meijo University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Information Engineering, Meijo University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/231442/files/IPSJ-EIP23102010.pdf","label":"IPSJ-EIP23102010.pdf"},"date":[{"dateType":"Available","dateValue":"2025-12-04"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-EIP23102010.pdf","filesize":[{"value":"2.8 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"26"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"60bbafd6-c08e-4cf2-a136-e7fe0db29c77","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"日比野, 芳輝"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"竹本, 修"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"野崎, 佑典"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"吉川, 雅弥"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11238429","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8647","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"クラッカーが攻撃手法を検討する際に考慮すべき事項の一つとして，セキュリティ対策ソフトの検知回避が挙げられる．代表的な検知回避手法の例として，ステガノグラフィを用いるものやセキュリティ機能のバイパスなどが挙げられるが，これらは実装に知識が必要であり，また実装の仕方や検知アルゴリズムの変更などにより検知対象となってしまう可能性があるため，実装が煩雑となる可能性がある．一方で，Windows Defender が有効な動作環境において，管理者権限を奪取してセキュリティ対策ソフトに除外設定を追加する機能を有するダウンローダ型マルウェアにより検知回避が可能である事を新たに発見し，それを防ぐ対策手法について検討した．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Considering how to evade security software is the top priority for crackers when they try to develop attack methods. Although most attack methods require a lot of dedicated knowledge for implementation to avoid the detection by security software, we found the vulnerability using Trojan-Downloader, which dose not need any special knowlege utilizing administrator privileges. This paper proposed the countermeasure against the vulnerability using Trojan-Downloader. Evaluation experiments in which Windows Defender is active, verified the proposed countermeasure.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"5","bibliographic_titles":[{"bibliographic_title":"研究報告電子化知的財産・社会基盤（EIP）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2023-12-04","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"10","bibliographicVolumeNumber":"2023-EIP-102"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"links":{},"id":231442,"updated":"2025-01-19T10:45:43.675702+00:00"}