{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00098533","sets":["581:7397:7450"]},"path":["7450"],"owner":"11","recid":"98533","title":["悪性文書ファイルに埋め込まれたRATの検知手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2014-02-15"},"_buckets":{"deposit":"270922ce-fbc3-4207-8a91-dc291207137d"},"_deposit":{"id":"98533","pid":{"type":"depid","value":"98533","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"悪性文書ファイルに埋め込まれたRATの検知手法","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"悪性文書ファイルに埋め込まれたRATの検知手法"},{"subitem_title":"How to Detect an Embedded RAT in a Malicious Document File","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[一般論文(推薦論文)] 標的型攻撃，RAT，マルウェア，悪性文書ファイル，静的解析","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2014-02-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"情報セキュリティ大学院大学"},{"subitem_text_value":"内閣官房情報セキュリティセンター"},{"subitem_text_value":"情報セキュリティ大学院大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Institute of Information Security, IISEC","subitem_text_language":"en"},{"subitem_text_value":"National Information Security Center, NISC","subitem_text_language":"en"},{"subitem_text_value":"Institute of Information Security, IISEC","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/98533/files/IPSJ-JNL5502057.pdf"},"date":[{"dateType":"Available","dateValue":"2016-02-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5502057.pdf","filesize":[{"value":"523.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"1c0f727d-e40f-4133-ab74-c8e33d716561","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2014 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"三村, 守"},{"creatorName":"大坪, 雄平"},{"creatorName":"田中, 英彦"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Mamoru, Mimura","creatorNameLang":"en"},{"creatorName":"Yuhei, Otsubo","creatorNameLang":"en"},{"creatorName":"Hidehiko, Tanaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"今日，機密情報や個人情報の搾取を目的とする標的型攻撃は，多くの組織にとって脅威である．標的型攻撃の初期段階では，攻撃者はRAT（Remote Access TrojanまたはRemote Administration Tool）と呼ばれる実行ファイルをメールで送付し，コンピュータの遠隔操作を試みることが多い．近年ではRATが文書ファイルに埋め込まれることが多くなっており，検知はより困難となってきている．よって，標的型攻撃を防ぐためには，悪性文書ファイルに埋め込まれたRATを検知する必要がある．本論文では，RATがどのように悪性文書ファイルに埋め込まれているのかを調査し，その方式を体系化する．さらに，悪性文書ファイルへのRATの埋め込み方式を解読し，RATを検知する手法を提案するとともに，実験により提案手法の有効性を定量的に示す．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Today, targeted attacks that exploit confidential information or personal information are serious threats for many organizations. At an early phase of a targeted attack, most attackers send a executable file called RAT (Remote Access Trojan or Remote Administration Tool) by e-mails, and attempt to control the computer. Recently a document file in which embedded a RAT is increasing, and it is difficult to reveal it. Thus, to defeat targeted attacks, it is necessary to detect RATs in malicious document files. In this paper, we investigate how to embed a RAT in a malicious document file, and classify the methods. Moreover, we consider how to break the embedding methods and propose how to detect an embedded RAT in a malicious document file. The experimental results quantitatively show the validity and effectiveness of the methods.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1099","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1089","bibliographicIssueDates":{"bibliographicIssueDate":"2014-02-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"55"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":98533,"updated":"2025-01-21T12:25:50.724012+00:00","links":{},"created":"2025-01-18T23:44:45.736674+00:00"}