2022 Fiscal Year Final Research Report
Countermeasure Techniques for Exceptional Events in Malware Analysis
Project/Area Number |
20K11741
|
Research Category |
Grant-in-Aid for Scientific Research (C)
|
Allocation Type | Multi-year Fund |
Section | 一般 |
Review Section |
Basic Section 60050:Software-related
|
Research Institution | University of Tsukuba |
Principal Investigator |
|
Project Period (FY) |
2020-04-01 – 2023-03-31
|
Keywords | マルウェア |
Outline of Final Research Achievements |
In this research project, we developed elemental technologies to solve the problem that it is difficult to understand the operations and purpose of many malware programs by analysis. We have obtained useful results by clarifying and discussing issues related to the methods needed to apply software engineering techniques to malware analysis, as well as the methods that specifically improve the accuracy and efficiency of the analysis and the extent of the improvement. Specifically, we developed techniques for stable execution of malware that terminates execution with an exception before the actual attack activity, and techniques for analyzing corrupted malware that the analyst fails to analyze or execute, using only incomplete information. We also clarified the actual state of various operations by the latest malware such as analysis evasion.
|
Free Research Field |
ソフトウェア
|
Academic Significance and Societal Importance of the Research Achievements |
本研究成果の意義はソフトウェア工学の技術をマルウェア解析に適用する方法論を構築したことと,その有効性を検証したことである.ソフトウェア工学の技術のマルウェアへの適用は今まで途上段階にあった.本研究では,そのような技術をマルウェア解析でも有効に利用できることを示した.本研究で取り組んだ「問い」は,(1) ソフトウェア工学の技術をマルウェア解析に適用するにはどんな手法が必要か,(2) それらを適用したときの解析の精度と効率はどうなるか,であった.それらを明らかにする上で一定の成果を得た.本研究の学術的独自性と創造性は,マルウェアの挙動やファイルに関する例外的な事象や特徴を対象とする点にあった.
|