{"updated":"2025-01-23T03:11:39.078276+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00009838","sets":["581:599:603"]},"path":["603"],"owner":"1","recid":"9838","title":["自己ファイルREADの検出による未知ワームの検知方式"],"pubdate":{"attribute_name":"公開日","attribute_value":"2007-09-15"},"_buckets":{"deposit":"e3ce3fb8-af18-42dc-afc2-a40fe88ee462"},"_deposit":{"id":"9838","pid":{"type":"depid","value":"9838","revision_id":0},"owners":[1],"status":"published","created_by":1},"item_title":"自己ファイルREADの検出による未知ワームの検知方式","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"自己ファイルREADの検出による未知ワームの検知方式"},{"subitem_title":"An Unknown-worm Detection Based on Capturing Self-initiated READ Behavior","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"特集：情報システムを支えるコンピュータセキュリティ技術の再考","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2007-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"株式会社NTT データ技術開発本部"},{"subitem_text_value":"静岡大学大学院情報学研究科"},{"subitem_text_value":"静岡大学大学院情報学研究科"},{"subitem_text_value":"株式会社NTT データ技術開発本部"},{"subitem_text_value":"株式会社NTT データ技術開発本部"},{"subitem_text_value":"静岡大学創造科学技術大学院"},{"subitem_text_value":"静岡大学創造科学技術大学院"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"R&D Headquarters, NTT Data Corporation","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Informatics, Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Informatics, Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"R&D Headquarters, NTT Data Corporation","subitem_text_language":"en"},{"subitem_text_value":"R&D Headquarters, NTT Data Corporation","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Science and Technology, Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Science and Technology, Shizuoka University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/9838/files/IPSJ-JNL4809027.pdf"},"date":[{"dateType":"Available","dateValue":"2009-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL4809027.pdf","filesize":[{"value":"841.5 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"ee0bd5e0-8695-4979-a774-1d35c2639e7b","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2007 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"松本, 隆明"},{"creatorName":"鈴木, 功一"},{"creatorName":"高見, 知寛"},{"creatorName":"馬場, 達也"},{"creatorName":"前田, 秀介"},{"creatorName":"水野, 忠則"},{"creatorName":"西垣, 正勝"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takaaki, Matsumoto","creatorNameLang":"en"},{"creatorName":"Koichi, Suzuki","creatorNameLang":"en"},{"creatorName":"Tomohiro, Takami","creatorNameLang":"en"},{"creatorName":"Tatsuya, Baba","creatorNameLang":"en"},{"creatorName":"Shusuke, Maeda","creatorNameLang":"en"},{"creatorName":"Tadanori, Mizuno","creatorNameLang":"en"},{"creatorName":"Masakatsu, Nishigaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"ワームの感染は，ワーム自身を他のPC にネットワーク経由でコピーすることにほかならない．よってワームの感染行動は，OS のファイルシステム上では，自分自身のファイルをREAD（コピー）し，これを通信API にWRITE（ペースト）するという動作として現れる．本論文では，この「ワームの自己ファイルREAD」を検出することにより，ワームを検知する方式を提案する．原理的にはワームは必ず自己ファイルREAD を行うため，本方式によれば未知ワームや変異型ワームも検知可能であると考えられる．また本方式は，エンドユーザのPC における各プロセスのファイルアクセスを常時監視することにより実装可能であるため，ワームのリアルタイム検知も実現できる．本論文では本方式のコンセプトを示したうえで，ファイルアクセスを監視するモニタツールを用いて擬似的に本方式の未知ワーム検知能力を検証する．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Worm infection is just to copy the worm onto other PC by way of a network connection. Therefore, it is observed as the following behaviors; (1) COPY: read their own executable file, and (2) PASTE: write the file onto stream communication API. This paper proposes to use this type of worm’s “self-initiated READ behavior” for unknown-worm detection. It is expected that the worm detection based on capturing self-READ behavior could be applicable to a variety of worms including mutated-worm since this behavior is basically found in most of them. Moreover, this scheme could achieve real-time worm detection because the self-READ behavior can be captured just by watching the file accesses of every process. In this paper, the conceptual design of the proposed scheme is described and its feasibility is investigated by using a tool kit to capture the file access in the OS.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"3182","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"3174","bibliographicIssueDates":{"bibliographicIssueDate":"2007-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"48"}]},"relation_version_is_last":true,"item_2_alternative_title_2":{"attribute_name":"その他タイトル","attribute_value_mlt":[{"subitem_alternative_title":"侵入検出・検知"}]},"weko_creator_id":"1"},"created":"2025-01-18T22:44:56.832778+00:00","id":9838,"links":{}}