{"created":"2025-02-05T04:11:58.296386+00:00","id":2006006,"links":{},"metadata":{"_buckets":{"deposit":"ef6c62a8-dc44-458d-ad81-7b4bcd6b1365"},"_deposit":{"created_by":84,"id":"2006006","owner":"84","owners":[84],"pid":{"revision_id":0,"type":"depid","value":"2006006"},"status":"published"},"_oai":{"id":"oai:nara-wu.repo.nii.ac.jp:02006006","sets":["1738721672237:1738721764053:1738721830589"]},"author_link":[],"control_number":"2006006","item_10001_biblio_info_7":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicIssueDates":{"bibliographicIssueDate":"2022-10-17","bibliographicIssueDateType":"Issued"},"bibliographicPageEnd":"1162","bibliographicPageStart":"1156","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2022論文集","bibliographic_titleLang":"ja"}]}]},"item_10001_description_5":{"attribute_name":"抄録","attribute_value_mlt":[{"subitem_description":"マルウェア対策技術の進展にも関わらず，マルウェア感染事例は後を絶たない．このことから，従来のマルウェア感染の防止だけでなく，感染後の被害を防止するアプローチが必要であると考えられる．そこで，我々は，マルウェアが持つ耐解析機能を逆用し，マルウェアの動作を妨害することで被害を防ぐ手法を提案する．提案手法は耐解析機能のうちデバッガ検知を行うアンチデバッグを対象としており，マルウェアの可能性があるプロセスの生成を検知すると，独自の軽量デバッガを起動し当該プロセスにアタッチする．これにより，アンチデバッグ機能を持つマルウェアは軽量デバッガを検知し，解析妨害のためにその動作を停止し，結果として被害を防ぐことが可能となる．軽量デバッガを用いることで，既存研究が対応していないアンチデバッグ手法にも効果がある．本稿では，提案手法に基づく機構の設計と実装，および複数のアンチデバッグ手法に対する有効性とオーバヘッド評価について報告する．","subitem_description_language":"ja","subitem_description_type":"Abstract"}]},"item_10001_publisher_8":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_10001_rights_15":{"attribute_name":"権利","attribute_value_mlt":[{"subitem_rights":"(c) by the Information Processing Society of Japan","subitem_rights_language":"en"}]},"item_access_right":{"attribute_name":"アクセス権","attribute_value_mlt":[{"subitem_access_right":"metadata only access","subitem_access_right_uri":"http://purl.org/coar/access_right/c_14cb"}]},"item_creator":{"attribute_name":"著者","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takimoto Eiji","creatorNameLang":"en"},{"creatorName":"瀧本 栄二","creatorNameLang":"ja"},{"creatorName":"たきもと えいじ","creatorNameLang":"ja-Kana"}],"nameIdentifiers":[{"nameIdentifier":"1000090395054","nameIdentifierScheme":"KAKEN2","nameIdentifierURI":"https://nrid.nii.ac.jp/nrid/1000090395054"}]},{"creatorNames":[{"creatorName":"Shikura Daiki","creatorNameLang":"en"},{"creatorName":"志倉 大貴","creatorNameLang":"ja"},{"creatorName":"しくら だいき","creatorNameLang":"ja-Kana"}]},{"creatorNames":[{"creatorName":"Nishimura Toshikazu","creatorNameLang":"en"},{"creatorName":"西村 俊和","creatorNameLang":"ja"},{"creatorName":"にしむら としかず","creatorNameLang":"ja-Kana"}]}]},"item_files":{"attribute_name":"ファイル情報","attribute_type":"file","attribute_value_mlt":[{"accessrole":"open_access","date":[{"dateValue":"2025-02-05"}],"fileDate":[{"fileDateType":"Available","fileDateValue":"2025-02-05"}],"url":{"objectType":"fulltext","url":"http://id.nii.ac.jp/1001/00223105/"}}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"アンチデバッグ","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"セキュリティ","subitem_subject_language":"ja","subitem_subject_scheme":"Other"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourcetype":"journal article","resourceuri":"http://purl.org/coar/resource_type/c_6501"}]},"item_title":"軽量デバッガを用いたマルウェア動作妨害機構の実装と評価","item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"軽量デバッガを用いたマルウェア動作妨害機構の実装と評価","subitem_title_language":"ja"}]},"item_type_id":"10001","owner":"84","path":["1738721830589"],"publish_date":"2025-02-05","publish_status":"0","recid":"2006006","relation_version_is_last":true,"title":["軽量デバッガを用いたマルウェア動作妨害機構の実装と評価"],"weko_creator_id":"84","weko_shared_id":-1},"updated":"2025-02-13T05:48:06.700758+00:00"}