{"id":241217,"links":{},"created":"2025-01-19T01:45:51.831302+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00241217","sets":["1164:3925:11477:11807"]},"path":["11807"],"owner":"44499","recid":"241217","title":["APIを利用した暗号化型ランサムウェアの検知手法の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-11-26"},"_buckets":{"deposit":"8bd8068d-96d3-4ae5-9dc1-f51c5553d0f8"},"_deposit":{"id":"241217","pid":{"type":"depid","value":"241217","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"APIを利用した暗号化型ランサムウェアの検知手法の提案","author_link":["663710","663711","663709","663708"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"APIを利用した暗号化型ランサムウェアの検知手法の提案"},{"subitem_title":"Proposal for a Detection Method of Encryption-Based Ransomware Using APIs","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"サイバーセキュリティとブロックチェーン","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2024-11-26","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"千葉大学融合理工学府"},{"subitem_text_value":"千葉大学情報戦略機構"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Science and Engineering, Chiba University","subitem_text_language":"en"},{"subitem_text_value":"Digital Transformation Enhancement Council, Chiba University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/241217/files/IPSJ-CSEC24107029.pdf","label":"IPSJ-CSEC24107029.pdf"},"date":[{"dateType":"Available","dateValue":"2026-11-26"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC24107029.pdf","filesize":[{"value":"1.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"0ebdce9b-96c2-4e15-be3d-e2e2383bd4e6","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"山田, 至恩"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"今泉, 貴史"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shion, Yamada","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takashi, Imaizumi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"暗号化型ランサムウェアはデータを暗号化した上で，その被害を復旧するのに金銭を要求する．そして，ランサムウェアの中でも被害が多く，また被害からの復旧の難易度が高いとされている．ランサムウェアはシステムの API を呼び出す．本論文では，API コールを利用して暗号化型ランサムウェアの検知，および攻撃を未然に防ぐことを試みる．提案手法では，API 観測ルーチンを実装した DLL を Windows フックにより対象プロセスに強制的にロードするアプローチを用いる．本手法を用いることで，システムを止めることなく暗号化型ランサムウェアの検知を行うことができ，さらに検知段階でデータの暗号化が行われても元の状態に復旧することが可能になる．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Encryption-based ransomware encrypts data and demands payment to restore the compromised data. This type of ransomware is known for causing significant damage, with recovery often being challenging. Ransomware typically makes calls to system APis. This paper proposes a method to detect and prevent encryption-based ransomware attacks by monitoring these API calls. Our proposed approach involves implementing an API monitoring routine within a DLL, which is forcibly loaded into target processes using Windows hooks. This method enables the detection of ransomware without halting the system, and in the event that encryption occurs at the detection stage, it also allows restoration of the data to its original state.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2024-11-26","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"29","bibliographicVolumeNumber":"2024-CSEC-107"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"updated":"2025-01-19T07:42:20.318625+00:00"}