{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00066465","sets":["581:582:5904"]},"path":["5904"],"owner":"11","recid":"66465","title":["マルウェアの耐解析機能を逆用した活動抑止手法の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2009-09-15"},"_buckets":{"deposit":"a1644d63-47c6-42ff-ad9a-441300e754af"},"_deposit":{"id":"66465","pid":{"type":"depid","value":"66465","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"マルウェアの耐解析機能を逆用した活動抑止手法の提案","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"マルウェアの耐解析機能を逆用した活動抑止手法の提案"},{"subitem_title":"Proposal of Malware Activity Control Method Turning Anti-analysis Function to Advantage","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"特集：社会を活性化するコンピュータセキュリティ技術","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2009-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"株式会社ラックサイバーリスク総合研究所"},{"subitem_text_value":"株式会社ラックサイバーリスク総合研究所"},{"subitem_text_value":"中央大学"},{"subitem_text_value":"中央大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Risk Research Institute of Cyber Space, Little eArth Corporation Co., Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Risk Research Institute of Cyber Space, Little eArth Corporation Co., Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Chuo University","subitem_text_language":"en"},{"subitem_text_value":"Chuo University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/66465/files/IPSJ-JNL5009016.pdf"},"date":[{"dateType":"Available","dateValue":"2011-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5009016.pdf","filesize":[{"value":"340.7 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"a09920fd-206f-49ee-91b1-d6f6a763e478","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2009 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"松木, 隆宏"},{"creatorName":"新井, 悠"},{"creatorName":"寺田, 真敏"},{"creatorName":"土居, 範久"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takahiro, Matsuki","creatorNameLang":"en"},{"creatorName":"Yuu, Arai","creatorNameLang":"en"},{"creatorName":"Masato, Terada","creatorNameLang":"en"},{"creatorName":"Norihisa, Doi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，ウイルス対策ソフトウェアによる検知やパターンファイルの作成に必要となる解析を妨害する機能を有したマルウェアが出現している．特に，ボットの場合にはC&C（コマンド&コントロール）サーバの情報や指令コマンド等の解析作業を妨害するため，解析作業の兆候を検知した場合に，自己の動作を意図的に停止するマルウェアの存在も報告されている．このような耐解析機能は，ウイルス対策ベンダやセキュリティ研究者らによるマルウェアの解析時間を増加させ，結果としてマルウェアによるユーザの被害の拡大につながってしまうことになる．本論文では，耐解析機能を備えたマルウェアによるユーザの被害を低減させることを目的とした新しい対策アプローチを提案する．提案方式は，マルウェアの耐解析機能が動作した際に自己の動作を停止する性質に着目し，これを逆用してマルウェアの動作を抑止する方式である．まず，提案方式の実現例として，耐解析機能の1つであるデバッガ検知機能を逆用し，マルウェアの活動を抑止する手法を示す．次に，デバッガ検知機能を逆用するプロトタイプシステムを実装し，ハニーポットで収集したマルウェア検体を用いた評価を通じて，提案方式の有効性を示す．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In recent years, the malware which hinder antivirus program and obstruct analysis emerge in the wild. Particularly, BOTs make it hard to gather C&C Server's information and analyze their traffic. It is reported that many of them have self-destruction feature against reverse engineering. To analyze these types of malware is cumbersome and time consuming so it makes announcement delay of antivirus vendor's advisories. In this paper, proposes a malware interruption system turning the characteristic to our advantage. First of all, a malware interruption method that beneficially utilizes one of the anti-analysis functions, debugger detection, as an actual example of the proposal. Then the system beneficially utilizing debugger detection is implemented to show efficiency of the proposed method through evaluations using samples collected with honeypot.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"2126","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"2118","bibliographicIssueDates":{"bibliographicIssueDate":"2009-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"50"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":66465,"updated":"2025-01-22T01:02:11.735538+00:00","links":{},"created":"2025-01-18T23:27:13.177736+00:00"}