| Project/Area Number |
17K00179
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Research Field |
Information security
|
|---|
| Research Institution | University of Tsukuba |
|---|
Principal Investigator |
|
|---|
| Project Period (FY) |
2017-04-01 – 2020-03-31
|
| Project Status |
Completed (Fiscal Year 2019)
|
| Budget Amount *help |
¥4,290,000 (Direct Cost: ¥3,300,000、Indirect Cost: ¥990,000)
Fiscal Year 2019: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000)
Fiscal Year 2018: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000)
Fiscal Year 2017: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000)
|
|---|
| Keywords | マルウェア / IoT / 耐解析処理 / 仮想化 / サンドボックス |
|---|
| Outline of Final Research Achievements |
We mainly studied the processing that malware performs to interfere with its own analysis in the IoT environment (anti-analysis processing). First, a static analysis of more than 200,000 malware samples revealed the trend of specific analysis evasion processes performed by the malware. Secondly, we analyzed the behavior of long sleep, which is one of the resistant analysis processes, and clarified the actual situation. Third, we construct a new anti-analysis process in which the malware uses multithreaded execution to detect sandboxes and virtual machines to show the degree of threat. Fourth, we show the multiple resistant analysis operations that can be performed on the Raspberry Pi and their degree of threat. Fifth, we developed a new dynamic analysis method for malware that raises exceptions.
|
| Academic Significance and Societal Importance of the Research Achievements |
学術的意義は,IoTデバイス上でマルウェアが実行できる,および,実際に実行する耐解析処理が明らかになることである.具体的にはIntel CPUおよびWindows OSが主な対象だった耐解析処理がIoTのハードウェアとソフトウェアからなる環境ではどう変化するかを,人々がより深く理解できるようになる.社会的意義は,マルウェアを効率的に解析,検知,防御するためのセキュリティシステムを企業や研究機関が今後開発する上で大きな助けとなる情報を与えられることである.例えば,耐解析処理の効果を無くすか減じるために,解析システムにどのような機構を組み込むことができるかの指針を与えることが可能になる.
|
