{"created":"2025-01-19T01:45:28.777273+00:00","updated":"2025-03-06T05:59:34.478406+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00240979","sets":["6164:6165:6462:11854"]},"path":["11854"],"owner":"11","recid":"240979","title":["文字コード付きAPIとプロセスの親子関係に着目したランサムウェアの分析と検知"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2024-10-15"},"_buckets":{"deposit":"1c2bde04-4373-43c0-9411-62731357ad39"},"_deposit":{"id":"240979","pid":{"type":"depid","value":"240979","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"文字コード付きAPIとプロセスの親子関係に着目したランサムウェアの分析と検知","author_link":["662575","662576","662577","662578","662579","662580","662581","662582"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"文字コード付きAPIとプロセスの親子関係に着目したランサムウェアの分析と検知","subitem_title_language":"ja"},{"subitem_title":"Ransomware Detection Using API with Character Code and Parent-Child Relationship","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ランサムウェア，検知，文字コード付きAPI，親プロセス，子プロセス","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2024-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"鳥取大学"},{"subitem_text_value":"鳥取大学／鳥取大学クロス情報科学研究センター"},{"subitem_text_value":"鳥取大学／鳥取大学クロス情報科学研究センター"},{"subitem_text_value":"鳥取大学／鳥取大学クロス情報科学研究センター"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Tottori University","subitem_text_language":"en"},{"subitem_text_value":"Tottori University / Cross-informatics Research Center, Tottori University","subitem_text_language":"en"},{"subitem_text_value":"Tottori University / Cross-informatics Research Center, Tottori University","subitem_text_language":"en"},{"subitem_text_value":"Tottori University / Cross-informatics Research Center, Tottori University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/240979/files/IPSJ-CSS2024233.pdf","label":"IPSJ-CSS2024233.pdf"},"date":[{"dateType":"Available","dateValue":"2026-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2024233.pdf","filesize":[{"value":"460.7 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"f6e32d75-c278-42c7-920e-7c4f0057215d","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"松田, 祥希"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高橋, 健一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"東野, 正幸"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"川村, 尚生"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Matsuda, Yoshiki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takahashi, Kenichi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Higashino, Masayuki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kawamura, Takao","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，ランサムウェアによるサイバー攻撃が増加傾向にある．このため，ランサムウェアの検知に向けた研究が多く行われている．しかし，これらの研究ではプロセスの親子関係にはあまり着目されていない．ランサムウェアには暗号処理の高速化やマルウェア解析を逃れるために子プロセスを利用するといった検体が存在している．また，Windows APIにはANSI版とUnicode版を対象としたAPIが存在している．そこで，ランサムウェアを対象にANSI版とUnicode版のレジストリ操作用のAPIに着目した分析を行う．分析により見つかった特徴を利用してランサムウェアの検知を行う．その結果，ANSI版とUnicode版のAPIやプロセスの親子関係情報がランサムウェア検知に利用できることを確認した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In recent years, the impact of ransomware attacks has been increasing.Therefore, a lot of researches on ransomware detection are conducted.Existing researches, however, do not focus on parent-child processes relationship.Ransomware often generates multiple child processes to hide malicious behaviors such as file encryption.Additionally, some windows APIs have ANSI and Unicode versions.In this paper, we focus on registry-related APIs with ANSI and Unicode version.As the result of the analysis, we found the characteristic of ransomware in API calls with ANSI and Unicode versions used in parent and child processes, which is difference from benign softwares.Thus, we try to detect ransomware by using their characteristics of parent and child processes, and API pairs of ANSI and Unicode versions.As the result, we confirmed their characteristics have been effective for ransomware detection.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1754","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2024論文集"}],"bibliographicPageStart":"1748","bibliographicIssueDates":{"bibliographicIssueDate":"2024-10-15","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":240979,"links":{}}