{"id":240972,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00240972","sets":["6164:6165:6462:11854"]},"path":["11854"],"owner":"11","recid":"240972","title":["マルウェア動的解析システムAlkanetによるWindowsサービスの追跡"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2024-10-15"},"_buckets":{"deposit":"97e1c845-0b11-4943-b539-1a69c1752386"},"_deposit":{"id":"240972","pid":{"type":"depid","value":"240972","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"マルウェア動的解析システムAlkanetによるWindowsサービスの追跡","author_link":["662523","662524","662525","662526","662527","662528","662529","662530","662531","662532"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"マルウェア動的解析システムAlkanetによるWindowsサービスの追跡","subitem_title_language":"ja"},{"subitem_title":"Tracing of Windows Services Using Malware Dynamic Analysis System Alkanet","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"Windows サービス，ALPC，システムコール，マルウェア","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2024-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学／国立研究開発法人情報通信研究機構"},{"subitem_text_value":"立命館大学／国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"立命館大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Ritsumeikan University / National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University / National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/240972/files/IPSJ-CSS2024226.pdf","label":"IPSJ-CSS2024226.pdf"},"date":[{"dateType":"Available","dateValue":"2026-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2024226.pdf","filesize":[{"value":"709.5 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"8a8a9d46-931e-4c69-b1c3-d82c6c7248b1","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"中山, 崇嗣"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"竹久, 達也"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"安部, 小百合"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"安田, 真悟"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"毛利, 公一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takatsugu, Nakayama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tatsuya, Takehisa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Sayuri, Anbe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shingo, Yasuda","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Koichi, Mouri","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェアの中には解析されることを避けるため単一のプロセスとして動作せず，Windowsに内蔵されたOSの機能により他のプロセスを利用することで解析を回避するものが存在する．そうしたOSの機能の一つにWindowsサービスがあり，Windowsによって提供される複数のサービスが，それぞれ単一のプロセスとして動作する．サービスへのリクエスト送信にはAdvanced Local Procedure Call (ALPC)が主に用いられる．ALPCの仕様は文書化されておらず，リクエスト内容や送信先の特定が難しいことから，マルウェアによるサービスの利用を動的解析により追跡することは難しい．本論文では，我々が開発してきたWindowsマルウェアの動的解析向けのシステムコールトレーサであるAlkanetからALPCを新たに観測し，マルウェアによるサービスの利用を追跡可能にした．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Some malware evades detection by avoiding execution as a single process and using operating system functions to spawn other processes. Windows services are one of these functions, with each service running as an independent process. Advanced Local Procedure Call (ALPC) is used to communicate with these services. However, identifying the content and destination of requests is difficult due to the lack of published documentation on the ALPC specifications. As a result, it is difficult to track the use of services by malware through dynamic analysis. This paper presents Alkanet, a system call tracer designed for dynamic analysis of Windows malware, which can trace malware's use of Windows services. ","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1704","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2024論文集"}],"bibliographicPageStart":"1697","bibliographicIssueDates":{"bibliographicIssueDate":"2024-10-15","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"},"updated":"2025-03-06T05:59:15.885412+00:00","created":"2025-01-19T01:45:28.112495+00:00","links":{}}