{"updated":"2025-03-06T05:55:46.316089+00:00","links":{},"id":240896,"created":"2025-01-19T01:45:21.011876+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00240896","sets":["6164:6165:6462:11854"]},"path":["11854"],"owner":"11","recid":"240896","title":["ファイルの侵害をフックすることによるランサムウェアからのデータ保護システム"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2024-10-15"},"_buckets":{"deposit":"1d93c855-96c0-4689-a8bb-ef7dff45a0dd"},"_deposit":{"id":"240896","pid":{"type":"depid","value":"240896","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"ファイルの侵害をフックすることによるランサムウェアからのデータ保護システム","author_link":["662042","662043","662044","662045","662046","662047","662048","662049"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ファイルの侵害をフックすることによるランサムウェアからのデータ保護システム","subitem_title_language":"ja"},{"subitem_title":"Data Protection System from Ransomware by Hooking File Compromise Actions","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ランサムウェア，eBPF","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2024-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京大学"},{"subitem_text_value":"東京大学"},{"subitem_text_value":"東京大学"},{"subitem_text_value":"東京大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"The University of Tokyo","subitem_text_language":"en"},{"subitem_text_value":"The University of Tokyo","subitem_text_language":"en"},{"subitem_text_value":"The University of Tokyo","subitem_text_language":"en"},{"subitem_text_value":"The University of Tokyo","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/240896/files/IPSJ-CSS2024150.pdf","label":"IPSJ-CSS2024150.pdf"},"date":[{"dateType":"Available","dateValue":"2026-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2024150.pdf","filesize":[{"value":"681.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"e26ffb4e-14cb-4b12-b025-a0a5efa47112","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"手塚, 尚哉"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"宮本, 大輔"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"明石, 邦夫"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"落合, 秀也"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Naoya, Tezuka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Miyamoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kunio, Akashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hideya, Ochiai","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"本研究ではランサムウェア被害からファイルのデータを保護するための一般的なシステムを提案する．このシステムはランサムウェアよるファイルの暗号化や上書きなどの振る舞いを監視し，対象ファイルのコンテンツデータをランサムウェアから隔離された領域に退避させる．OpenSSL を利用して暗号化を行うランサムウェアを対象として実装した Proof of Concept (PoC) では，eBPF を用いて暗号化関数をフックし，関数に渡される平文データをキャプチャすることでデータを保護する．評価の結果，PoC 実装は 1MB 以下のファイルは完全に保護できるが，それより大きいファイルについてはデータの一部が欠落する問題が確認された．追加実験により ring bufffer のサイズより小さいファイルは保護できるという結果が得られ，ring buffer からのデータ読み出しとファイルへの書き込みがボトルネックである可能性が示された．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In this study, we propose a general system for protecting file data from ransomware attacks. This system monitors ransomware behaviors such as file encryption and overwriting, and moves the content data of targeted files to an isolated area, safeguarding it from the ransomware. In the Proof of Concept (PoC) implementation, targeting ransomware that uses OpenSSL for encryption, we use eBPF to hook the encryption functions and capture the plaintext data passed to these functions to protect the data. The evaluation results show that the PoC implementation can fully protect files smaller than 1MB, but for larger files, there is an issue where some data may be lost. Additional experiments revealed that files smaller than the ring buffer size can be protected, suggesting that reading data from the ring buffer and writing to a file may be bottlenecks.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1124","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2024論文集"}],"bibliographicPageStart":"1117","bibliographicIssueDates":{"bibliographicIssueDate":"2024-10-15","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"}}