{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00077912","sets":["6164:6165:6462:6551"]},"path":["6551"],"owner":"10","recid":"77912","title":["マルウェア挙動解析のためのシステムコール実行結果取得法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2011-10-12"},"_buckets":{"deposit":"7792641c-9d59-4567-9d64-ae28a5b77447"},"_deposit":{"id":"77912","pid":{"type":"depid","value":"77912","revision_id":0},"owners":[10],"status":"published","created_by":10},"item_title":"マルウェア挙動解析のためのシステムコール実行結果取得法","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"マルウェア挙動解析のためのシステムコール実行結果取得法"},{"subitem_title":"A Method to Get Result of System Calls for Malware Analysis","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア検体（２）","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2011-10-12","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学大学院理工学研究科"},{"subitem_text_value":"立命館大学情報理工学部"},{"subitem_text_value":"立命館大学グローバルイノベーション研究機構"},{"subitem_text_value":"立命館大学情報理工学部"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Science and Engineering, Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"College of Information Science and Engineering, Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan Global Innovation Reserch Organization, Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"College of Information Science and Engineering, Ritsumeikan University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/77912/files/IPSJCSS2011017.pdf"},"date":[{"dateType":"Available","dateValue":"2012-10-12"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2011017.pdf","filesize":[{"value":"362.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"44"},{"tax":["include_tax"],"price":"30000","billingrole":"5"}],"accessrole":"open_date","version_id":"0fba7008-9856-4305-81bc-5245d1e7e4da","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2011 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大月, 勇人"},{"creatorName":"瀧本, 栄二"},{"creatorName":"樫山, 武浩"},{"creatorName":"毛利, 公一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yuto, Otsuki","creatorNameLang":"en"},{"creatorName":"Eiji, Takimoto","creatorNameLang":"en"},{"creatorName":"Takehiro, Kashiyama","creatorNameLang":"en"},{"creatorName":"Koichi, Mouri","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"次々に出現するマルウェアを短時間で解析するには動的解析が有効である．しかし，近年のマルウェアの多くは動的解析を防ぐ機能を持つ．そこで，OSよりも下位層で動作する仮想計算機モニタ BitVisor 内へ解析のための拡張機能 Alkanet を開発している．Alkanet は，ゲストOS上のプロセスやスレッドから発行されるシステムコールをフックし，システムコールの種類と引数に加え，その処理結果の取得を可能とする．これによって，マルウェアの挙動をより詳細に解析可能になった．また，取得したシステムコール履歴から，さらに具体的なマルウェアの挙動の抽出し，解析レポートの出力を試みた結果について報告する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Recent malwares are applied anti-debugging techniques not to be analyzed by dynamic analysis tools. We are developing \"Alkanet\" that is an extension for malware analysis in virtual machine monitor. Virtual machine monitor runs higher privilege level than malware. Therefore, malware's anti-debugging techniques are ineffective against Alkanet. Alkanet monitors behavior of malwares by a system call invoked by processes or threads on guest OS. The behavior of malwares is analyzed by getting result and arguments of the system calls. Furthermore, Alkanet extracts details of malware behavior from the system call log.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"100","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2011 論文集"}],"bibliographicPageStart":"95","bibliographicIssueDates":{"bibliographicIssueDate":"2011-10-12","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"3","bibliographicVolumeNumber":"2011"}]},"relation_version_is_last":true,"weko_creator_id":"10"},"id":77912,"updated":"2025-01-21T20:40:35.279459+00:00","links":{},"created":"2025-01-18T23:33:23.926655+00:00"}