| Project/Area Number |
15500025
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Software
|
|---|
| Research Institution | Shibaura Institute of Technology |
|---|
Principal Investigator |
MATSUURA Saeko Shibaura Institute of Technology, Faculty of System Engieering, Department of Electronic & Information Systems, Assistant Professor, システム工学部, 助教授 (10348906)
|
|---|
| Project Period (FY) |
2003 – 2005
|
| Project Status |
Completed (Fiscal Year 2005)
|
| Budget Amount *help |
¥3,000,000 (Direct Cost: ¥3,000,000)
Fiscal Year 2005: ¥700,000 (Direct Cost: ¥700,000)
Fiscal Year 2004: ¥900,000 (Direct Cost: ¥900,000)
Fiscal Year 2003: ¥1,400,000 (Direct Cost: ¥1,400,000)
|
|---|
| Keywords | Detection of Computer Virus / Framework / Behavioral Pattern / Object Oriented Model / Aspect Oriented / Detection Model / Data Movement Tracking / APISPY / 振舞いパターン / コンピュータ・ウィルスの検出 / フローズン・スポット / ホット・スポット |
|---|
| Research Abstract |
We studied a framework of the program that detects malicious behavioral patterns from the program that performs some malicious behavior which was not intended by the user. This framework was built based on a method which judges whether a program was a computer virus including unknown viruses. Computer virus is a typical malicious behavioral program. Moreover, we developed a program that collects behavioral data of the target program. In 2003, the unknown virus detection program was redesigned the model from both viewpoints of object-oriented development and meta-modeling. First, the program structure was analyzed based on the graphical model of the specification of behavioral patterns and the detection program by UML which is a unified modeling language in object-oriented development. The detection program consists of the following three parts. (1)An abstract model of the program execution environment. (2)The definition of behavioral patterns of virus. (3)The definition of detection of
… More
virus using the patterns. The program (written in Standard ML) is defined based on the specification described by the first order predicate logic using Extended ML. The specification, the part (2) and the part (3) are frozen spot of the framework of behavioral pattern detection program. The part (2)is a hot spot of the framework that may be changed according to some behavioral patterns that we want to detect them. In 2004, we defined the specification of the program as some modules and examined the effectiveness of aspect oriented programming techniques to our framework. However, the big merit was not found compared with defining the program by only classes. In 2005, we studied and implemented a method of tracking data movement in order to detect computer virus entering via mail system. We conducted some experiments to detect the virus. Such malicious programs have some devices to make it difficult to analyze themselves. We also defined a way to make the device ineffective. We are planning to verify the validity of this framework. Less
|
