{"updated":"2025-01-21T12:33:26.922015+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00098294","sets":["6164:6165:6462:7437"]},"path":["7437"],"owner":"11","recid":"98294","title":["Alkanetにおけるシステムコールの呼出し元動的リンクライブラリの特定手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-10-14"},"_buckets":{"deposit":"c880b2ba-61e6-4217-8a48-e2027d748c21"},"_deposit":{"id":"98294","pid":{"type":"depid","value":"98294","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"Alkanetにおけるシステムコールの呼出し元動的リンクライブラリの特定手法","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Alkanetにおけるシステムコールの呼出し元動的リンクライブラリの特定手法"},{"subitem_title":"A Method for Identifying System Call Invoker in Dynamic Link Library","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"システムコールトレース，スタックトレース，動的解析，動的リンクライブラリ，Virual Address Descriptor","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2013-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"名古屋工業大学"},{"subitem_text_value":"立命館大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Nagoya Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/98294/files/IPSJCSS2013100.pdf"},"date":[{"dateType":"Available","dateValue":"2015-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2013100.pdf","filesize":[{"value":"296.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"671e4fe7-b5f5-4388-9b84-401aace74b75","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大月, 勇人"},{"creatorName":"瀧本, 栄二"},{"creatorName":"齋藤, 彰一"},{"creatorName":"毛利, 公一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yuto, Otsuki","creatorNameLang":"en"},{"creatorName":"Eiji, Takimoto","creatorNameLang":"en"},{"creatorName":"Shoichi, Saito","creatorNameLang":"en"},{"creatorName":"Koichi, Mouri","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，マルウェアの脅威が問題となっているが，その対策には，マルウェアの挙動を調査する必要がある．そこで，我々は，仮想計算機モニタ BitVisor をベースとし，システムコールトレースによってマルウェアを解析する Alkanet を開発している．本論文では，これまで提供してきたシステムコールトレースに加え，スタックトレースを行うことで，システムコール発行までに経由した API や呼出し元の動的リンクライブラリを特定する手法について述べる．本手法により，DLL として動作するマルウェアや動的に生成されたコードなどを，動的リンクライブラリやメモリ領域単位でその挙動を解析することが可能となる．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Recently, malware has become a major security threat to computers. Responding to threats from malware requires malware analysis and understanding malware behavior. We are developing Alkanet, a system call tracer for malware analysis that uses a virtual machine monitor based on BitVisor. In this paper, we describe a method for identifying system call invoker in dynamic link library by using stack tracing. The method make it possible to identify the system call invoker in dynamic link library or memory area. It is effective to analyze malware such as executable codes generated in runtime, or malicious libraries mapped in a legitimate application.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"760","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2013論文集"}],"bibliographicPageStart":"753","bibliographicIssueDates":{"bibliographicIssueDate":"2013-10-14","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"4","bibliographicVolumeNumber":"2013"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-18T23:44:34.598135+00:00","id":98294,"links":{}}