{"created":"2025-01-18T23:44:31.433683+00:00","updated":"2025-01-21T12:31:26.351996+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00098231","sets":["6164:6165:6462:7437"]},"path":["7437"],"owner":"11","recid":"98231","title":["RATサーバの動作を遠隔操作者と同じ操作画面で観測する方法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-10-14"},"_buckets":{"deposit":"e6b04c52-534b-46ad-9c85-5d1a9dea13d1"},"_deposit":{"id":"98231","pid":{"type":"depid","value":"98231","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"RATサーバの動作を遠隔操作者と同じ操作画面で観測する方法","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"RATサーバの動作を遠隔操作者と同じ操作画面で観測する方法"},{"subitem_title":"Observing RAT Server's Behavior Through Its Client GUI","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"標的型攻撃，RAT","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2013-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"横浜国立大学"},{"subitem_text_value":"横浜国立大学"},{"subitem_text_value":"横浜国立大学"},{"subitem_text_value":"横浜国立大学"},{"subitem_text_value":"横浜国立大学"},{"subitem_text_value":"横浜国立大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/98231/files/IPSJCSS2013037.pdf"},"date":[{"dateType":"Available","dateValue":"2015-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2013037.pdf","filesize":[{"value":"613.5 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"cbb5ca79-7fce-4cf2-ae23-22b58835a0cf","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"髙橋, 佑典"},{"creatorName":"小林, 大朗"},{"creatorName":"陳, 悦庭"},{"creatorName":"米持, 一樹"},{"creatorName":"吉岡, 克成"},{"creatorName":"松本, 勉"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yusuke, Takahashi","creatorNameLang":"en"},{"creatorName":"Masaaki, Kobayashi","creatorNameLang":"en"},{"creatorName":"Yuehting, Chen","creatorNameLang":"en"},{"creatorName":"Kazuki, Yonemochi","creatorNameLang":"en"},{"creatorName":"Katsunari, Yoshioka","creatorNameLang":"en"},{"creatorName":"Tsutomu, Matsumoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年問題となっている標的型攻撃等ではRAT(Remote Administration Tool)が利用されていることが多い．近年のRATクライアントはGUIが用意されており直感的な操作が可能となっている．本研究では，サンドボックス内で実行したRATサーバが攻撃者の遠隔操作により動作する様子を，攻撃者の視点で観測することを試みる．具体的には，解析対象検体と攻撃者との通信に必要な認証情報を抽出し，これを監視用RATクライアントに適用した上で，サンドボックス内で動作中のRATサーバから攻撃者への通信を監視用RATクライアントへ転送することで，遠隔操作の様子をGUIでリアルタイム観測する．","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"286","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2013論文集"}],"bibliographicPageStart":"279","bibliographicIssueDates":{"bibliographicIssueDate":"2013-10-14","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"4","bibliographicVolumeNumber":"2013"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":98231,"links":{}}