WEKO3
アイテム
{"_buckets": {"deposit": "ed229df3-467d-4760-a98f-74ccb02ca9db"}, "_deposit": {"id": "46267", "owners": [], "pid": {"revision_id": 0, "type": "depid", "value": "46267"}, "status": "published"}, "_oai": {"id": "oai:tsukuba.repo.nii.ac.jp:00046267", "sets": ["6319", "6526"]}, "item_5_biblio_info_6": {"attribute_name": "書誌情報", "attribute_value_mlt": [{"bibliographicIssueDates": {"bibliographicIssueDate": "2017-02", "bibliographicIssueDateType": "Issued"}, "bibliographicIssueNumber": "1", "bibliographicPageEnd": "85", "bibliographicPageStart": "69", "bibliographicVolumeNumber": "14", "bibliographic_titles": [{"bibliographic_title": "Journal of Computer Virology and Hacking Techniques"}]}]}, "item_5_creator_3": {"attribute_name": "著者別名", "attribute_type": "creator", "attribute_value_mlt": [{"creatorNames": [{"creatorName": "大山, 恵弘"}], "nameIdentifiers": [{"nameIdentifier": "181031", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "10361536", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000010361536"}, {"nameIdentifier": "0000003868", "nameIdentifierScheme": "筑波大学研究者総覧", "nameIdentifierURI": "http://trios.tsukuba.ac.jp/researcher/0000003868"}]}]}, "item_5_description_4": {"attribute_name": "抄録", "attribute_value_mlt": [{"subitem_description": "Some malwares execute operations that determine whether they are running in an analysis environment created by monitoring software, such as debuggers, sandboxing systems, or virtual machine monitors, and if such an operation finds that the malware is running in an analysis environment, it terminates execution to prevent analysis. The existence of malwares that execute such operations (anti-analysis operations) is widely known. However, the knowledge acquired thus far, regarding what proportion of current malwares execute anti-analysis operations, what types of anti-analysis operations they execute, and how effectively such operations prevent analysis, is insufficient. In this study, we analyze FFRI Dataset, which is a dataset of dynamic malware analysis results, and clarify the trends in the anti-analysis operations executed by malware samples collected in 2016. Our findings revealed that, among 8243 malware samples, 856 (10.4%) samples executed at least one type of the 28 anti-analysis operations investigated in this study. We also found that, among the virtual machine monitors, VMware was the most commonly searched for by the malware samples.", "subitem_description_type": "Abstract"}]}, "item_5_publisher_27": {"attribute_name": "出版者", "attribute_value_mlt": [{"subitem_publisher": "Springer "}]}, "item_5_relation_11": {"attribute_name": "DOI", "attribute_value_mlt": [{"subitem_relation_type_id": {"subitem_relation_type_id_text": "10.1007/s11416-017-0290-x", "subitem_relation_type_select": "DOI"}}]}, "item_5_rights_12": {"attribute_name": "権利", "attribute_value_mlt": [{"subitem_rights": "This is a pre-print of an article published in Journal of Computer Virology and Hacking Techniques. The final authenticated version is available online at: https://doi.org/10.1007/s11416-017-0290-x"}]}, "item_5_select_15": {"attribute_name": "著者版フラグ", "attribute_value_mlt": [{"subitem_select_item": "author"}]}, "item_5_source_id_7": {"attribute_name": "ISSN", "attribute_value_mlt": [{"subitem_source_identifier": "2263-8733", "subitem_source_identifier_type": "ISSN"}]}, "item_creator": {"attribute_name": "著者", "attribute_type": "creator", "attribute_value_mlt": [{"creatorNames": [{"creatorName": "Oyama, Yoshihiro"}], "nameIdentifiers": [{"nameIdentifier": "188329", "nameIdentifierScheme": "WEKO"}]}]}, "item_files": {"attribute_name": "ファイル情報", "attribute_type": "file", "attribute_value_mlt": [{"accessrole": "open_date", "date": [{"dateType": "Available", "dateValue": "2019-02-01"}], "displaytype": "detail", "download_preview_message": "", "file_order": 0, "filename": "JCVHT_14.pdf", "filesize": [{"value": "139.6 kB"}], "format": "application/pdf", "future_date_message": "", "is_thumbnail": false, "licensetype": "license_free", "mimetype": "application/pdf", "size": 139600.0, "url": {"label": "JCVHT_14", "url": "https://tsukuba.repo.nii.ac.jp/record/46267/files/JCVHT_14.pdf"}, "version_id": "a25947e3-1201-4b32-9a6b-14f168528520"}]}, "item_language": {"attribute_name": "言語", "attribute_value_mlt": [{"subitem_language": "eng"}]}, "item_resource_type": {"attribute_name": "資源タイプ", "attribute_value_mlt": [{"resourcetype": "journal article", "resourceuri": "http://purl.org/coar/resource_type/c_6501"}]}, "item_title": "Trends of anti-analysis operations of malwares observed in API call logs", "item_titles": {"attribute_name": "タイトル", "attribute_value_mlt": [{"subitem_title": "Trends of anti-analysis operations of malwares observed in API call logs"}]}, "item_type_id": "5", "owner": "1", "path": ["6319", "6526"], "permalink_uri": "http://hdl.handle.net/2241/00151543", "pubdate": {"attribute_name": "公開日", "attribute_value": "2018-05-01"}, "publish_date": "2018-05-01", "publish_status": "0", "recid": "46267", "relation": {}, "relation_version_is_last": true, "title": ["Trends of anti-analysis operations of malwares observed in API call logs"], "weko_shared_id": 5}
Trends of anti-analysis operations of malwares observed in API call logs
http://hdl.handle.net/2241/00151543
http://hdl.handle.net/2241/00151543e39945bd-0e5e-46be-a302-a121a4c5c2a7
名前 / ファイル | ライセンス | アクション |
---|---|---|
JCVHT_14 (139.6 kB)
|
|
Item type | Journal Article(1) | |||||
---|---|---|---|---|---|---|
公開日 | 2018-05-01 | |||||
タイトル | ||||||
タイトル | Trends of anti-analysis operations of malwares observed in API call logs | |||||
言語 | ||||||
言語 | eng | |||||
資源タイプ | ||||||
資源 | http://purl.org/coar/resource_type/c_6501 | |||||
タイプ | journal article | |||||
著者 |
Oyama, Yoshihiro
× Oyama, Yoshihiro |
|||||
著者別名 |
大山, 恵弘
× 大山, 恵弘 |
|||||
抄録 | ||||||
内容記述タイプ | Abstract | |||||
内容記述 | Some malwares execute operations that determine whether they are running in an analysis environment created by monitoring software, such as debuggers, sandboxing systems, or virtual machine monitors, and if such an operation finds that the malware is running in an analysis environment, it terminates execution to prevent analysis. The existence of malwares that execute such operations (anti-analysis operations) is widely known. However, the knowledge acquired thus far, regarding what proportion of current malwares execute anti-analysis operations, what types of anti-analysis operations they execute, and how effectively such operations prevent analysis, is insufficient. In this study, we analyze FFRI Dataset, which is a dataset of dynamic malware analysis results, and clarify the trends in the anti-analysis operations executed by malware samples collected in 2016. Our findings revealed that, among 8243 malware samples, 856 (10.4%) samples executed at least one type of the 28 anti-analysis operations investigated in this study. We also found that, among the virtual machine monitors, VMware was the most commonly searched for by the malware samples. | |||||
書誌情報 |
Journal of Computer Virology and Hacking Techniques 巻 14, 号 1, p. 69-85, 発行日 2017-02 |
|||||
ISSN | ||||||
収録物識別子タイプ | ISSN | |||||
収録物識別子 | 2263-8733 | |||||
DOI | ||||||
識別子タイプ | DOI | |||||
関連識別子 | 10.1007/s11416-017-0290-x | |||||
権利 | ||||||
権利情報 | This is a pre-print of an article published in Journal of Computer Virology and Hacking Techniques. The final authenticated version is available online at: https://doi.org/10.1007/s11416-017-0290-x | |||||
著者版フラグ | ||||||
値 | author | |||||
出版者 | ||||||
出版者 | Springer |