{"updated":"2025-01-21T17:58:28.411135+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00077898","sets":["6164:6165:6462:6551"]},"path":["6551"],"owner":"10","recid":"77898","title":["IATエントリ格納場所の特定方法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2011-10-12"},"_buckets":{"deposit":"5c62bae8-34ea-4ac6-a8f2-8cd298d5ffa9"},"_deposit":{"id":"77898","pid":{"type":"depid","value":"77898","revision_id":0},"owners":[10],"status":"published","created_by":10},"item_title":"IATエントリ格納場所の特定方法","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"IATエントリ格納場所の特定方法"},{"subitem_title":"Specifying the Addresses of IAT Entries","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア検体（１）","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2011-10-12","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"NTT情報流通プラットフォーム研究所"},{"subitem_text_value":"NTT情報流通プラットフォーム研究所"},{"subitem_text_value":"NTT情報流通プラットフォーム研究所"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"NTT Information Sharing Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Information Sharing Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Information Sharing Platform Laboratories","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/77898/files/IPSJCSS2011003.pdf","label":"IPSJCSS2011003"},"date":[{"dateType":"Available","dateValue":"2012-10-12"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2011003.pdf","filesize":[{"value":"197.3 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"44"},{"tax":["include_tax"],"price":"30000","billingrole":"5"}],"accessrole":"open_date","version_id":"0a417025-73cf-491a-8eb6-c0264db4ae28","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2011 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"岩村, 誠"},{"creatorName":"川古谷, 裕平"},{"creatorName":"針生, 剛男"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Makoto, Iwamura","creatorNameLang":"en"},{"creatorName":"Yuhei, Kawakoya","creatorNameLang":"en"},{"creatorName":"Takeo, Hariu","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"本論文では，アンパッキング後のマルウェアにおけるインポート・アドレス・テーブル（IAT）のエントリ格納場所を特定する手法を提案する．従来の手法は，マルウェアの逆アセンブル結果からIATを利用する機械語命令を探し出すことでIAT格納場所を推定していた．しかしWindows用コンパイラは可変長の機械語命令とデータが混在するバイナリを出力する傾向にあるため，正確な逆アセンブル結果を得ることは難しい．こうした問題に対し提案手法は，マルウェア内の各アドレスがIATエントリ格納場所である確率を算出し，当該確率が十分に高いアドレスを探し出すことで，精度よくIATエントリの格納場所を特定することを可能にした．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"We propose a novel approach, which accurately specifies the addresses of Import Address Table (IAT) entries in unpacked malware. Existing approaches specify the IAT entry addresses by finding the machine code instructions that uses an IAT entry in the result of disassembly.  However, since a compiler for Windows tends to output a binary mixing variable length instructions and data, it is difficult to correctly disassemble unpacked malware. For solving the problem, our approach calculates the probabilities that each address in malware points to an IAT entry, and then finds highly probable IAT entry addresses.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"17","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2011 論文集"}],"bibliographicPageStart":"12","bibliographicIssueDates":{"bibliographicIssueDate":"2011-10-12","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"3","bibliographicVolumeNumber":"2011"}]},"relation_version_is_last":true,"weko_creator_id":"10"},"created":"2025-01-18T23:33:23.250151+00:00","id":77898,"links":{}}