Research on Automation of Malware Response

2011 Fiscal Year Final Research Report

• Project/Area Number: 22700065
• Research Category: Grant-in-Aid for Young Scientists (B)
• Allocation Type: Single-year Grants
• Research Field: Computer system/Network
• Research Institution: Yokohama National University
• Principal Investigator: YOSHIOKA Katsunari 横浜国立大学, 環境情報研究院, 准教授 (60415841)
• Project Period (FY): 2010 – 2011
• Keywords: マルウェア対策技術

Research Abstract

In this study, we address automated derivation of malware response in three approaches : namely, network-based and host-based detection, remote testing, and removal. We have proposed new methods of network-based detection, host-based detection and remote testing. Also, we have obtained basis for automated generation of removal tool.

Research Products

• [Journal Article] 公開型マルウェア動的解析システムに対するデコイ挿入攻撃の脅威 (2011)
  • Author(s): 笠間貴弘, 織井達憲, 吉岡克成, 松本勉
  • Journal Title: Journal of Information Processing Volume: Vol.52, No.9 Pages: 2761-2774
• [Journal Article] Your Sandbox is Blinded : Impact of Decoy Injection to Public Malware Analysis Systems (2011)
  • Author(s): K. Yoshioka, Y. Hosobuchi, T. Orii, and T. Matsumoto
  • Journal Title: Journal of Information Processing Volume: Vol.52, No.3 Pages: 1144-1159
• [Journal Article] An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation (2011)
  • Author(s): H. C. Kim, T. Orii, K. Yoshioka, D. Inoue, J. Song, M. Eto, J. Shikata, T. Matsumoto, and K. Nakao
  • Journal Title: IEICE Trans Volume: Vol.E94D, No.9 Pages: 1778-1791
• [Journal Article] マルウェア感染ホスト検出のためのネットワークスキャン手法と検出用シグネチャの自動生成 (2010)
  • Author(s): 吉岡克成, 村上洸介, 松本勉
  • Journal Title: 情報処理学会論文誌 Volume: Vol.51, No.9 Pages: 1633-1644
• [Presentation] マルウェア解析の効率化を目指した自己書換え動作の可視化方法 (2011)
  • Author(s): 織井達憲,吉岡克成,四方順司,松本勉
  • Organizer: 電子情報通信学会暗号と情報セキュリティシンポジウム
  • Year and Date: 20110000
• [Presentation] リモートエクスプロイト攻撃を効率的に観測可能なマルウェア動的解析手法の提案 (2011)
  • Author(s): 村上洸介,藤井孝好,吉岡克成,松本勉
  • Organizer: 情報処理学会コンピュータセキュリティシンポジウム
  • Year and Date: 20110000
• [Presentation] 実行毎の挙動の差異に基づくマルウェア検知手法の提案 (2011)
  • Author(s): 笠間貴弘,吉岡克成,井上大介,松本勉
  • Organizer: 情報処理学会コンピュータセキュリティシンポジウム
  • Year and Date: 20110000
• [Presentation] Vulnerability in Public Malware Sandbox Analysis Systems (2010)
  • Author(s): K. Yoshioka, Y. Hosobuchi, T. Orii, and T. Matsumoto
  • Organizer: IEEE 10th Annual International Symposium on Applications and the Internet
  • Year and Date: 20100000
• [Presentation] Malware Sandbox Analysis with Automatic Collection of Server Responses using Dummy Client (2010)
  • Author(s): T. Kasama, K. Yoshioka, T. Matsumoto, M. Yamagata, M. Eto, D. Inoue, and K. Nakao
  • Organizer: Proc. 5th Joint Workshop Workshop on Information Security
  • Year and Date: 20100000
• [Presentation] エミュレーションに基づくシェルコード検知手法の改善 (2010)
  • Author(s): 藤井孝好,吉岡克成,四方順司,松本勉
  • Organizer: マルウェア対策研究人材育成ワークショップ2010(MWS2010)
  • Year and Date: 20100000
• [Presentation] CPUエミュレータとDynamic Binary Instrumentationの併用によるシェルコード動的分析手法の提案 (2010)
  • Author(s): 神保千晶,吉岡克成,四方順司,松本勉,衛藤将史,井上大介,中尾康二
  • Organizer: 電子情報通信学会技術報告ICSS2010
  • Year and Date: 20100000