Computer Security Symposium October ,a) API API API Alkanet IDA MWS API Proposal of static analysis assistance method utilizi
|
|
- うたろう こしの
- 5 years ago
- Views:
Transcription
1 Computer Security Symposium October ,a) API API API Alkanet IDA MWS API Proposal of static analysis assistance method utilizing the dynamic analysis log Shota Nakajima 1,a) Shuhei Aketa 1 Eiji Takimoto 1 Shoichi Saito 2 Koichi Mouri 1 Abstract: Malware analysis is important for anti-malware. General malware analysis is carried out in the order of dynamic analysis and static analysis. However, in the present circumstances, the results of dynamic analysis has not cooperate static analysis. We propose static analysis assistance method utilizing the dynamic analysis log. In the proposed method provide assistance information of static analysis. It includes the API call information and the code of the malware on the memory acquired by dynamic analysis. In this paper, we describe static analysis assistance method that cooperates the system call tracer Alkanet and disassembler IDA. Keywords: MWS malware dynamic analysis static analysis api trace 1. [1] [2] 3 [3] 1 Ritsumeikan University 2 Nagoya Institute of Technology a) snakajima@asl.cs.ritsumei.ac.jp API
2 [4] [5] API Alkanet [6] API IDA [7] API API Alkanet API API API 動的解析によるログの取得 動的解析 解析システム 動的解析ログ API 呼び出し情報 API 名 / 引数 返り値 / 呼び出し元 マルウェアに関するコード 動的解析ログの活用 1 静的解析の補助 静的解析 逆アセンブラ 静的解析範囲の絞り込み 実行時の API 呼び出し情報の参照 マルウェアに関するコード取得の自動化 API ( 1 ) ( 2 ) API ( 3 ) API API API API API
3 ユーザモード カーネルモード 動的解析部 Alkanet を用いた動的解析システムコールトレーススタックトレースマルウェアに関するコードの取得 マルウェア観測用 PC VM SystemCall Windows ロギング用 PC LogAnalyzer 解析 json 形式 静的解析部 Python スクリプトによる解析 API 呼び出し情報を動的解析ログから抽出 IDA プラグインを用いてマージ API 呼び出し情報を逆アセンブルコードと対応付け Python スクリプト API 情報抽出 ファイル API 情報コードダンプ IDAプラグインを用いてマージ No. Time Cid Name Type Ret SNo. Note StackTrace 1 Alkanet CPU PID TID sysenter sysexit (sysexit ) 保存 SystemCall Analyzer IEEE1394 ログログ Alkanet Logger IDA Disassembler BitVisor API 情報 IDAプラグイン API API API 2.1 (1)(2) API API CALL API API (3) Alkanet API python IDA Alkanet python Alkanet API API API IDA API 3.2 Alkanet Alkanet 3 3 Windows API WriteFile Alanet 1 Alkanet Alkanet [8] API API 1 SP StackBase StackLimit 2 API API API - Writable PTE( )
4 No.:3951 Time : Type:sysenter SNo.:112 (NtWriteFile) Cid :70c.2d8 Name:sample.exe Note: file_name: \Device\HarddiskVolume1\Documents and Settings\snakajima\Desktop\test.txt current_byteoffset:0 p_buffer:0x12fb48 length:0x4 byteoffset:0 buffer: raw: utf16:\u4141\u4141 StackTrace: SP: 12f5d0, StackBase: , StackLimit: [00] <- 7c94df6c (API: NtWriteFile+0xc, Writable: 0, Dirty: 0, VAD: {7c c9dc000, ImageMap: 1, File: "\WINDOWS\system32\ntdll.dll"}), SP: 12f5d0 [05] <- 7c (API: BaseProcessStart+0x23, Writable: 0, Dirty: 0, VAD: {7c c933000, ImageMap: 1, File: "\WINDOWS\system32\kernel32.dll"}), BP: 12ffc0 3 WriteFile Alanet x86 PTE 1 Dirty Writable PTE x86 PTE 6 VAD Windows VAD(Virtual Address Descriptor) [9] VAD VAD VAD VAD EPROCESS VAD VAD API Alkanet Alkanet NtWriteFile Dirty 1 Alkanet 3.3 python Alkanet API IDA Alknaet API API API API API MWS Datasets 2016 [10] BOS2014 Alkanet DLL c13.exe Alkanet starter.exe splash screen.dll starter.exe starter.exe splash screen.dll API Alkanet Alkanet API python Alkanet API Alkanet VAD
5 "580": {"proc_image_name": "c13.exe", "vad_end": "0x435000", "vad_start": "0x400000"}, (a) "812": { "proc_image_name": "starter.exe", "vad_file_info": [ (b) {"vad_filename": "\\ DOCUME 1\\ ADMINI 1\\ LOCALS 1\\ Temp\\ RarSFX0\\ starter.exe", "vad_file_end": "0x407000", "vad_file_start": "0x400000"}, {"vad_filename": "\\ DOCUME 1\\ ADMINI 1\\ LOCALS 1\\ Temp\\ RarSFX0\\ splash_screen.dll", "vad_file_end": "0x ", "vad_file_start": "0x "}], "dirty_memory": [ (c) {"dirty_memory_end": "0xa1b000", "dirty_memory_start": "0x9f0000"}, {"dirty_memory_end": "0x9f0000", "dirty_memory_start": "0x8f0000"}] 4 API 3 API API ( 1 ) ( 2 ) ( 3 ) VAD DLL WriteFile VAD Dirty (1) (3) Alkanet 4 (a) VAD VAD c13.exe (b) VAD VAD starter.exe starter.exe DLL (c) VAD Dirty 1 VAD stater.exe API (a) (c) API AP 5 (i) (a) (c) CALL API (ii) (ii) API (iii) sysenter sysexit API API API 3 (1) (2) API python Alkanet API IDA 6 API CALL API CALL API API
6 "0x4059b3": { (i) "CreateFileW+0x1b6": (ii) [ {"name": "NtCreateFile", "no": 3648, "type": "sysenter", (iii) "optional": { "file_name": "\\??\\C:\\c13.exe"}}, 5 API 6 API API Call MWS Datasets 2016 [10] BOS2014 BOS c13.exe API API API API c13.exe 7 8 API c13.exe 7 c13.exe 0x x ShellExecuteExW starter.exe ShellExecuteExW 0x40c673 c13.exe API API API API PE API API IDA API API API API API 6 API WriteFile WriteFile NtWriteFile splash screen.dll API API
7 c13.exe[0x x435000] starter.exe(create) File(\DOCUME 1\ADMINI 1\LOCALS 1\Temp\RarSFX0\splash_screen.dll)[0x x ] File(\DOCUME 1\ADMINI 1\LOCALS 1\Temp\RarSFX0\starter.exe)[0x x407000] dirty_memory [0x8f0000-0x9f0000] dirty_memory [0x9f0000-0xa1b000] svchost.exe(create) dirty_memory [0x8d0000-0x8fb000] dirty_memory [0x xad000] Created process {"ShellExecuteExW+0x67": { "0x40c673": { "systemcall": [ {"status": 0, "proc name": "starter.exe", "name": "NtCreateProcessEx", "proc_pid": 812 "file name": "\\ Device\\ HarddiskVolume1\\ DOCUME 1\\ ADMINI 1\\ LOCALS 1\\ Temp\\ RarSFX0\\ starter.exe", 8 API API API API API DLL API LoadDll API dll GetProcAddress DLL API API API API API API 9 Call API IDA API API API API 5. funcap [11] IDA splode [12] funcap IDA Debugger IDA splode Intel PIN IDA Alkanet egg [13] egg 1 API API egg API
8 9 DLL API API Alkanet [14] API API 6. API API API API Windows10 Alkanet [15] [1] 2015 (online) dl/select.asp?type=1&cid=161 ( ) [2] BLUE TERMITE. APT (online) BlueTermite-PR pdf ( ) [3] (2016) [4] Andreas Moser, Christopher Kruegel, and Engin Kirda.: Limits of Static Analysis for Malware Detection, Computer Security Applications Conference, ACSAC Twenty- Third Annual, pp (2007) [5] Ilsun You, Kangbin Yim.: Malware Obfuscation Techniques: A Brief Survey, Broadband, Wireless Computing, Communication and Applications (BWCCA), 2010 International Conference, pp (2010) [6] : Vol. 55 No. 9 pp (2014) [7] Hex-Rays: IDA, ( ) [8] Alkanet 2013 Vol. 2013, No. 4, pp (2013) [9] B. Dolan-Gavitt: The VAD tree: A process-eye view of physical memory, Digital Investigation, Vol. 4, pp (2007) [10] MWS Datasets 2016 CSEC Vol.2016-CSEC-74, No.17, pp. 1-8, (2016) [11] ANDRZEJ DERESZOWSKI: funcap, GitHub, GitHub Inc., ( ) [12] ENDGAME: IDA-splode, GitHub, GitHub Inc., ( ) [13] Satoshi TANDA: egg - A Stealth fine grained code analyzer, Recon2011, (2011) [14] Vol. 29 No. 4 pp (2012) [15] Windows10 x Vol. 2015, No. 3, pp (2015)
Alkanet[1, 2] Alkanet CPU CPU 2 Alkanet Alkanet (VMM) VMM Alkanet Windows Alkanet 1 Alkanet VMM BitVisor[3] BitVisor OS ユーザモード カーネルモード マルウェア観測用 PC VM
Computer Security Symposium 2014 22-24 October 2014 525-8577 1-1-1 yotuki@asl.cs.ritsumei.ac.jp, {takimoto, mouri}@cs.ritsumei.ac.jp 466-8555 shoichi@nitech.ac.jp Alkanet CPU Identifying of System Call
More information1 BitVisor [3] Alkanet[1] Alkanet (DLL) DLL 2 Alkanet 3 4 5 6 7 2 Alkanet Alkanet VMM VMM Alkanet Windows [2] マルウェア 観 測 用 VM SystemCall Windows System
Computer Security Symposium 2013 21-23 October 2013 Alkanet 525-8577 1-1-1 yotuki@asl.cs.ritsumei.ac.jp, {takimoto, mouri}@cs.ritsumei.ac.jp 466-8555 shoichi@nitech.ac.jp BitVisor Alkanet API DLL A Method
More information今週の進捗
Virtualize APIC access による APIC フック手法 立命館大学富田崇詠, 明田修平, 瀧本栄二, 毛利公一 2016/11/30 1 はじめに (1/2) マルウェアの脅威が問題となっている 2015年に4 億 3000 万以上の検体が新たに発見されている マルウェア対策にはマルウェアが持つ機能 挙動の正確な解析が重要 マルウェア動的解析システム : Alkanet 仮想計算機モニタのBitVisorの拡張機能として動作
More information29 jjencode JavaScript
Kochi University of Technology Aca Title jjencode で難読化された JavaScript の検知 Author(s) 中村, 弘亮 Citation Date of 2018-03 issue URL http://hdl.handle.net/10173/1975 Rights Text version author Kochi, JAPAN http://kutarr.lib.kochi-tech.ac.jp/dspa
More information( 億 種 ) マルウェアが 急 速 に 増 加! 短 時 間 で 解 析 し, マルウェアの 意 図 や 概 略 を 把 握 したい マルウェアを 実 行 し, 挙 動 を 観 測 することで 解 析 する 動 的 解 析 が 有 効 しかし, マルウェアの 巧 妙 化 により, 観 測 自 体
大 月 勇 人, 瀧 本 栄 二, 毛 利 公 一 立 命 館 大 学 ( 億 種 ) マルウェアが 急 速 に 増 加! 短 時 間 で 解 析 し, マルウェアの 意 図 や 概 略 を 把 握 したい マルウェアを 実 行 し, 挙 動 を 観 測 することで 解 析 する 動 的 解 析 が 有 効 しかし, マルウェアの 巧 妙 化 により, 観 測 自 体 が 困 難 となっている アンチデバッグ:
More informationP2P P2P peer peer P2P peer P2P peer P2P i
26 P2P Proposed a system for the purpose of idle resource utilization of the computer using the P2P 1150373 2015 2 27 P2P P2P peer peer P2P peer P2P peer P2P i Abstract Proposed a system for the purpose
More information& Vol.5 No (Oct. 2015) TV 1,2,a) , Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Ro
TV 1,2,a) 1 2 2015 1 26, 2015 5 21 Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Rotation Using Mobile Device Hiroyuki Kawakita 1,2,a) Toshio Nakagawa 1 Makoto Sato
More informationIPSJ SIG Technical Report Vol.2012-CG-148 No /8/29 3DCG 1,a) On rigid body animation taking into account the 3D computer graphics came
3DCG 1,a) 2 2 2 2 3 On rigid body animation taking into account the 3D computer graphics camera viewpoint Abstract: In using computer graphics for making games or motion pictures, physics simulation is
More information1 Web [2] Web [3] [4] [5], [6] [7] [8] S.W. [9] 3. MeetingShelf Web MeetingShelf MeetingShelf (1) (2) (3) (4) (5) Web MeetingShelf
1,a) 2,b) 4,c) 3,d) 4,e) Web A Review Supporting System for Whiteboard Logging Movies Based on Notes Timeline Taniguchi Yoshihide 1,a) Horiguchi Satoshi 2,b) Inoue Akifumi 4,c) Igaki Hiroshi 3,d) Hoshi
More information.,,, [12].,, [13].,,.,, meal[10]., [11], SNS.,., [14].,,.,,.,,,.,,., Cami-log, , [15], A/D (Powerlab ; ), F- (F-150M, ), ( PC ).,, Chart5(ADIns
Cami-log: 1,a) 1,b) 1,c) 1,d),,,.,,.,,,.,, Cami-log,. Cami-log : Proposal of Application to Improve Daily Chewing Activities using Myoelectric Information Hiroki Kurosawa 1,a) Sho Mitarai 1,b) Nagisa Munekata
More information大月勇人, 若林大晃, 瀧本栄二, 齋藤彰一, 毛利公一 立命館大学 名古屋工業大学
大月勇人, 若林大晃, 瀧本栄二, 齋藤彰一, 毛利公一 立命館大学 名古屋工業大学 1. 研究背景 2. Alkanet アプローチ Alkanet の構成 監視するシステムコール ログ解析 3. 解析検体内訳 4. サービスを起動する検体 5. まとめ 立命館大学 2 2012 年 10 月 30 日 ( 億種 ) マルウェアが急速に増加! 短時間で解析し, マルウェアの意図や概略を把握したい
More informationComputer Security Symposium October 2013 Android OS kub
Computer Security Symposium 2013 21-23 October 2013 Android OS 243-0292 1030 y.kita@ccy.kanagawa-it.ac.jp mirang@nw.kanagawa-it.ac.jp 889-2192 1-1 kubota@cs.miyazaki-u.ac.jp oka@cs.miyazaki-u.ac.jp Android
More information,,.,.,,.,.,.,.,,.,..,,,, i
22 A person recognition using color information 1110372 2011 2 13 ,,.,.,,.,.,.,.,,.,..,,,, i Abstract A person recognition using color information Tatsumo HOJI Recently, for the purpose of collection of
More information1 1 CodeDrummer CodeMusician CodeDrummer Fig. 1 Overview of proposal system c
CodeDrummer: 1 2 3 1 CodeDrummer: Sonification Methods of Function Calls in Program Execution Kazuya Sato, 1 Shigeyuki Hirai, 2 Kazutaka Maruyama 3 and Minoru Terada 1 We propose a program sonification
More informationWeb Web Web Web Web, i
22 Web Research of a Web search support system based on individual sensitivity 1135117 2011 2 14 Web Web Web Web Web, i Abstract Research of a Web search support system based on individual sensitivity
More informationDEIM Forum 2009 E
DEIM Forum 2009 E5-3 464-8601 1 606-8501 464 8601 1 E-mail: lifushi@arch.itc.nagoya-u.ac.jp, mayumi@mm.media.kyoto-u.ac.jp, {hirano,kajita,mase}@itc.nagoya-u.ac.jp Abstract Study on a Recipe Recommendation
More information1_26.dvi
C3PV 1,a) 2,b) 2,c) 3,d) 1,e) 2012 4 20, 2012 10 10 C3PV C3PV C3PV 1 Java C3PV 45 38 84% Programming Process Visualization for Supporting Students in Programming Exercise Hiroshi Igaki 1,a) Shun Saito
More informationpaper.dvi
28 Confined Decoding System for Medical Data Distributed by Secret Sharing Scheme and Its Security Evaluation 1195046 2017 3 6 DMAT i Abstract Confined Decoding System for Medical Data Distributed by Secret
More information17 Proposal of an Algorithm of Image Extraction and Research on Improvement of a Man-machine Interface of Food Intake Measuring System
1. (1) ( MMI ) 2. 3. MMI Personal Computer(PC) MMI PC 1 1 2 (%) (%) 100.0 95.2 100.0 80.1 2 % 31.3% 2 PC (3 ) (2) MMI 2 ( ),,,, 49,,p531-532,2005 ( ),,,,,2005,p66-p67,2005 17 Proposal of an Algorithm of
More informationWebRTC P2P Web Proxy P2P Web Proxy WebRTC WebRTC Web, HTTP, WebRTC, P2P i
26 WebRTC The data distribution system using browser cache sharing and WebRTC 1150361 2015/02/27 WebRTC P2P Web Proxy P2P Web Proxy WebRTC WebRTC Web, HTTP, WebRTC, P2P i Abstract The data distribution
More information論文9.indd
Recent topics in surround sound audio Masaki Sawaguchi Summary This paper will describe the recent trends in surround sound system based on the results of various investigations on this topic. According
More information4.1 % 7.5 %
2018 (412837) 4.1 % 7.5 % Abstract Recently, various methods for improving computial performance have been proposed. One of these various methods is Multi-core. Multi-core can execute processes in parallel
More information1 Fig. 1 Extraction of motion,.,,, 4,,, 3., 1, 2. 2.,. CHLAC,. 2.1,. (256 ).,., CHLAC. CHLAC, HLAC. 2.3 (HLAC ) r,.,. HLAC. N. 2 HLAC Fig. 2
CHLAC 1 2 3 3,. (CHLAC), 1).,.,, CHLAC,.,. Suspicious Behavior Detection based on CHLAC Method Hideaki Imanishi, 1 Toyohiro Hayashi, 2 Shuichi Enokida 3 and Toshiaki Ejima 3 We have proposed a method for
More information28 Horizontal angle correction using straight line detection in an equirectangular image
28 Horizontal angle correction using straight line detection in an equirectangular image 1170283 2017 3 1 2 i Abstract Horizontal angle correction using straight line detection in an equirectangular image
More information& Vol.2 No (Mar. 2012) 1,a) , Bluetooth A Health Management Service by Cell Phones and Its Us
1,a) 1 1 1 1 2 2 2011 8 10, 2011 12 2 1 Bluetooth 36 2 3 10 70 34 A Health Management Service by Cell Phones and Its Usability Evaluation Naofumi Yoshida 1,a) Daigo Matsubara 1 Naoki Ishibashi 1 Nobuo
More information[2] OCR [3], [4] [5] [6] [4], [7] [8], [9] 1 [10] Fig. 1 Current arrangement and size of ruby. 2 Fig. 2 Typography combined with printing
1,a) 1,b) 1,c) 2012 11 8 2012 12 18, 2013 1 27 WEB Ruby Removal Filters Using Genetic Programming for Early-modern Japanese Printed Books Taeka Awazu 1,a) Masami Takata 1,b) Kazuki Joe 1,c) Received: November
More information1 4 4 [3] SNS 5 SNS , ,000 [2] c 2013 Information Processing Society of Japan
SNS 1,a) 2 3 3 2012 3 30, 2012 10 10 SNS SNS Development of Firefighting Knowledge Succession Support SNS in Tokyo Fire Department Koutarou Ohno 1,a) Yuki Ogawa 2 Hirohiko Suwa 3 Toshizumi Ohta 3 Received:
More informationIPSJ SIG Technical Report Vol.2017-CLE-21 No /3/21 e 1,2 1,2 1 1,2 1 Sakai e e e Sakai e Current Status and Challenges on e-learning T
e 1,2 1,2 1 1,2 1 Sakai e e 2012 2012 e Sakai e Current Status and Challenges on e-learning Support Service for Institution-wide and Department-wide Program at Kyoto University Shoji Kajita 1,2 Tamaki
More informationIPSJ SIG Technical Report Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for
1 2 3 3 1 Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for Mobile Terminals Kaoru Wasai 1 Fumio Sugai 2 Yosihiro Kita 3 Mi RangPark 3 Naonobu
More information1 1 tf-idf tf-idf i
14 A Method of Article Retrieval Utilizing Characteristics in Newspaper Articles 1055104 2003 1 31 1 1 tf-idf tf-idf i Abstract A Method of Article Retrieval Utilizing Characteristics in Newspaper Articles
More informationAbstract This paper concerns with a method of dynamic image cognition. Our image cognition method has two distinguished features. One is that the imag
2004 RGB A STUDY OF RGB COLOR INFORMATION AND ITS APPLICATION 03R3237 Abstract This paper concerns with a method of dynamic image cognition. Our image cognition method has two distinguished features. One
More informationLAN LAN LAN LAN LAN LAN,, i
22 A secure wireless communication system using virtualization technologies 1115139 2011 3 4 LAN LAN LAN LAN LAN LAN,, i Abstract A secure wireless communication system using virtualization technologies
More information2) TA Hercules CAA 5 [6], [7] CAA BOSS [8] 2. C II C. ( 1 ) C. ( 2 ). ( 3 ) 100. ( 4 ) () HTML NFS Hercules ( )
1,a) 2 4 WC C WC C Grading Student programs for visualizing progress in classroom Naito Hiroshi 1,a) Saito Takashi 2 Abstract: To grade student programs in Computer-Aided Assessment system, we propose
More informationIT i
27 The automatic extract of know-how search tag using a thesaurus 1160374 2016 2 26 IT i Abstract The automatic extract of know-how search tag using a thesaurus In recent years, a number of organizational
More information2 22006 2 e-learning e e 2003 1 4 e e e-learning 2 Web e-leaning 2004 2005 2006 e 4 GP 4 e-learning e-learning e-learning e LMS LMS Internet Navigware
2 2 Journal of Multimedia Aided Education Research 2006, Vol. 2, No. 2, 19 e 1 1 2 2 1 1 GP e 2004 e-learning 2004 e-learning 2005 e-learning e-learning e-learning e-learning 2004 e-learning HuWeb 2005
More information21 e-learning Development of Real-time Learner Detection System for e-learning
21 e-learning Development of Real-time Learner Detection System for e-learning 1100349 2010 3 1 e-learning WBT (Web Based training) e-learning LMS (Learning Management System) LMS WBT e-learning e-learning
More informationWeb Web Web Web i
28 Research of password manager using pattern lock and user certificate 1170369 2017 2 28 Web Web Web Web i Abstract Research of password manager using pattern lock and user certificate Takuya Mimoto In
More information(a) 1 (b) 3. Gilbert Pernicka[2] Treibitz Schechner[3] Narasimhan [4] Kim [5] Nayar [6] [7][8][9] 2. X X X [10] [11] L L t L s L = L t + L s
1 1 1, Extraction of Transmitted Light using Parallel High-frequency Illumination Kenichiro Tanaka 1 Yasuhiro Mukaigawa 1 Yasushi Yagi 1 Abstract: We propose a new sharpening method of transmitted scene
More informationVol.53 No (Mar. 2012) 1, 1,a) 1, 2 1 1, , Musical Interaction System Based on Stage Metaphor Seiko Myojin 1, 1,a
1, 1,a) 1, 2 1 1, 3 2 1 2011 6 17, 2011 12 16 Musical Interaction System Based on Stage Metaphor Seiko Myojin 1, 1,a) Kazuki Kanamori 1, 2 Mie Nakatani 1 Hirokazu Kato 1, 3 Sanae H. Wake 2 Shogo Nishida
More informationIPSJ SIG Technical Report Vol.2012-HCI-149 No /7/20 1 1,2 1 (HMD: Head Mounted Display) HMD HMD,,,, An Information Presentation Method for Weara
1 1,2 1 (: Head Mounted Display),,,, An Information Presentation Method for Wearable Displays Considering Surrounding Conditions in Wearable Computing Environments Masayuki Nakao 1 Tsutomu Terada 1,2 Masahiko
More information7,, i
23 Research of the authentication method on the two dimensional code 1145111 2012 2 13 7,, i Abstract Research of the authentication method on the two dimensional code Karita Koichiro Recently, the two
More information2). 3) 4) 1.2 NICTNICT DCRA Dihedral Corner Reflector micro-arraysdcra DCRA DCRA DCRA 3D DCRA PC USB PC PC ON / OFF Velleman K8055 K8055 K8055
1 1 1 2 DCRA 1. 1.1 1) 1 Tactile Interface with Air Jets for Floating Images Aya Higuchi, 1 Nomin, 1 Sandor Markon 1 and Satoshi Maekawa 2 The new optical device DCRA can display floating images in free
More informationスライド 1
FFRI Dataset 2014 のご紹介 株式会社 FFRI http://www.ffri.jp Ver 2.00.01 1 Agenda FFRI Dataset 2014 概要 Cuckoo Sandbox 具体的なデータ項目 FFR yarai analyzer Professional 具体的なデータ項目 データの利用例 2 FFRI Dataset 2014 の概要 FFRIで収集したマルウェアの動的解析ログ
More information258 5) GPS 1 GPS 6) GPS DP 7) 8) 10) GPS GPS 2 3 4 5 2. 2.1 3 1) GPS Global Positioning System
Vol. 52 No. 1 257 268 (Jan. 2011) 1 2, 1 1 measurement. In this paper, a dynamic road map making system is proposed. The proposition system uses probe-cars which has an in-vehicle camera and a GPS receiver.
More information28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment
28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment 1170288 2017 2 28 Docker,.,,.,,.,,.,. Docker.,..,., Web, Web.,.,.,, CPU,,. i ., OS..,, OS, VirtualBox,.,
More informationIPSJ SIG Technical Report Vol.2014-GN-90 No.16 Vol.2014-CDS-9 No.16 Vol.2014-DCC-6 No /1/24 1,a) 2,b) 2,c) 1,d) QUMARION QUMARION Kinect Kinect
1,a) 2,b) 2,c) 1,d) QUMARION QUMARION Kinect Kinect Using a Human-Shaped Input Device for Remote Pose Instruction Yuki Tayama 1,a) Yoshiaki Ando 2,b) Misaki Hagino 2,c) Ken-ichi Okada 1,d) Abstract: There
More informationIPSJ SIG Technical Report Vol.2011-EC-19 No /3/ ,.,., Peg-Scope Viewer,,.,,,,. Utilization of Watching Logs for Support of Multi-
1 3 5 4 1 2 1,.,., Peg-Scope Viewer,,.,,,,. Utilization of Watching Logs for Support of Multi-View Video Contents Kosuke Niwa, 1 Shogo Tokai, 3 Tetsuya Kawamoto, 5 Toshiaki Fujii, 4 Marutani Takafumi,
More informationIPSJ SIG Technical Report Pitman-Yor 1 1 Pitman-Yor n-gram A proposal of the melody generation method using hierarchical pitman-yor language model Aki
Pitman-Yor Pitman-Yor n-gram A proposal of the melody generation method using hierarchical pitman-yor language model Akira Shirai and Tadahiro Taniguchi Although a lot of melody generation method has been
More informationスライド 1
FFRI Dataset 2016 のご紹介 株式会社 FFRI http://www.ffri.jp Ver 2.00.01 1 Agenda FFRI Dataset 2016 概要 Cuckoo Sandbox 具体的なデータ項目 データの利用例 2 FFRI Dataset 2016 の概要 FFRIで収集したマルウェアの動的解析ログ 2016/1~2016/3に収集された検体 計 8,243
More informationDEIM Forum 2009 B4-6, Str
DEIM Forum 2009 B4-6, 305 8573 1 1 1 152 8550 2 12 1 E-mail: tttakuro@kde.cs.tsukuba.ac.jp, watanabe@de.cs.titech.ac.jp, kitagawa@cs.tsukuba.ac.jp StreamSpinner PC PC StreamSpinner Development of Data
More informationuntitled
Copyright 2008 IPAAll Rights Reserved 1 1. 2. 3. Copyright 2008 IPAAll Rights Reserved 2 IT IT IT Copyright 2008 IPAAll Rights Reserved http://www.jitec.jp/1_00topic/topic_20071225_shinseido.html 3 URL
More information2. CABAC CABAC CABAC 1 1 CABAC Figure 1 Overview of CABAC 2 DCT 2 0/ /1 CABAC [3] 3. 2 値化部 コンテキスト計算部 2 値算術符号化部 CABAC CABAC
H.264 CABAC 1 1 1 1 1 2, CABAC(Context-based Adaptive Binary Arithmetic Coding) H.264, CABAC, A Parallelization Technology of H.264 CABAC For Real Time Encoder of Moving Picture YUSUKE YATABE 1 HIRONORI
More informationIPSJ SIG Technical Report Vol.2009-DPS-141 No.20 Vol.2009-GN-73 No.20 Vol.2009-EIP-46 No /11/27 1. MIERUKEN 1 2 MIERUKEN MIERUKEN MIERUKEN: Spe
1. MIERUKEN 1 2 MIERUKEN MIERUKEN MIERUKEN: Speech Visualization System Based on Augmented Reality Yuichiro Nagano 1 and Takashi Yoshino 2 As the spread of the Augmented Reality(AR) technology and service,
More information(a) (b) 1 JavaScript Web Web Web CGI Web Web JavaScript Web mixi facebook SNS Web URL ID Web 1 JavaScript Web 1(a) 1(b) JavaScript & Web Web Web Webji
Webjig Web 1 1 1 1 Webjig / Web Web Web Web Web / Web Webjig Web DOM Web Webjig / Web Web Webjig: a visualization tool for analyzing user behaviors in dynamic web sites Mikio Kiura, 1 Masao Ohira, 1 Hidetake
More informationIPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra
1,a) 1 1 2 1 Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on traffic Abstract: The equipment with Wi-Fi communication function such as a smart phone which are send on a regular
More information大学等における社会人の受け入れ状況調査
1 1 2 3 4 - - - - - - 6 8 6 2001 30 7 6 3 30 8 6 1 4 3,6,9,12 4 1 1 E 1 3 13 15 4 3 1 ( ) 8. 6 14 8 6 2002 8 8 3 7 60 1 4 4 32 100 12
More information26 Development of Learning Support System for Fixation of Basketball Shoot Form
26 Development of Learning Support System for Fixation of Basketball Shoot Form 1175094 ,.,,.,,.,,.,,,.,,,,.,,,.,,,,, Kinect i Abstract Development of Learning Support System for Fixation of Basketball
More informationIT,, i
22 Retrieval support system using bookmarks that are shared in an organization 1110250 2011 3 17 IT,, i Abstract Retrieval support system using bookmarks that are shared in an organization Yoshihiko Komaki
More informationMicrosoft PowerPoint - 鵜飼裕司講演資料shirahama_egg.ppt [互換モード]
仮想環境に依存しない動的解析システム egg の設計と実装 http://www.fourteenforty.jp 株式会社フォティーンフォティ技術研究所 アジェンダ 背景と問題 egg とは デモ : 基本的な機能 実装 (Ring-0 における汚染追跡 ) デモ : 汚染追跡 egg の制約と今後 まとめ 2 背景 : 増え続ける新種のマルウェア 100 90 80 70 60 50 40 30
More informationVol. 23 No. 4 Oct. 2006 37 2 Kitchen of the Future 1 Kitchen of the Future 1 1 Kitchen of the Future LCD [7], [8] (Kitchen of the Future ) WWW [7], [3
36 Kitchen of the Future: Kitchen of the Future Kitchen of the Future A kitchen is a place of food production, education, and communication. As it is more active place than other parts of a house, there
More information2 [2] Flow Visualizer 1 DbD 2. DbD [4] Web (PV) Web Web Web 3 ( 1) ( 1 ) Web ( 2 ) Web Web ( 3 ) Web DbD DbD () DbD DbD DbD 2.1 DbD DbD URL URL Google
Drive-by Download 1,a) 1,b) Web Drive-by Download(DbD) DbD Web DbD HTTP DbD Web DbD, Drive-by Download The Network Visualization Tool for detecting the Drive-by Download attacks. Amako Katsuhiro 1,a) Takada
More informationIPSJ SIG Technical Report * Wi-Fi Survey of the Internet connectivity using geolocation of smartphones Yoshiaki Kitaguchi * Kenichi Nagami and Yutaka
* Wi-Fi Survey of the Internet connectivity using geolocation of smartphones Yoshiaki Kitaguchi * Kenichi Nagami and Yutaka Kikuchi With the rapid growth in demand of smartphone use, the development of
More information28 SAS-X Proposal of Multi Device Authenticable Password Management System using SAS-X 1195074 2017 2 3 SAS-X Web ID/ ID/ Web SAS-2 SAS-X i Abstract Proposal of Multi Device Authenticable Password Management
More informationshio SA.ppt[読み取り専用]
2005 213 Rootkit 2 ...... GPG EFS Windows 3 Rootkit + ifconfig, ps, ls, login Tripwire lkm-rootkit NT Rootkit, AFX Rootkit OS 4 HD... NTFS ADS Alternate Data Stream... NTFS HD HD...
More informationVol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m
Vol.55 No.1 2 15 (Jan. 2014) 1,a) 2,3,b) 4,3,c) 3,d) 2013 3 18, 2013 10 9 saccess 1 1 saccess saccess Design and Implementation of an Online Tool for Database Education Hiroyuki Nagataki 1,a) Yoshiaki
More information( ) [1] [4] ( ) 2. [5] [6] Piano Tutor[7] [1], [2], [8], [9] Radiobaton[10] Two Finger Piano[11] Coloring-in Piano[12] ism[13] MIDI MIDI 1 Fig. 1 Syst
情報処理学会インタラクション 2015 IPSJ Interaction 2015 15INT014 2015/3/7 1,a) 1,b) 1,c) Design and Implementation of a Piano Learning Support System Considering Motivation Fukuya Yuto 1,a) Takegawa Yoshinari 1,b) Yanagi
More informationWindows7 OS Focus Follows Click, FFC FFC focus follows mouse, FFM Windows Macintosh FFC n n n n ms n n 4.2 2
1 1, 2 A Mouse Cursor Operation for Overlapped Windowing 1 Shota Yamanaka 1 and Homei Miyashita 1, 2 In this paper we propose an operation method for overlapped windowing; a method that the user slides
More informationMAC root Linux 1 OS Linux 2.6 Linux Security Modules LSM [1] Security-Enhanced Linux SELinux [2] AppArmor[3] OS OS OS LSM LSM Performance Monitor LSMP
LSM OS 700-8530 3 1 1 matsuda@swlab.it.okayama-u.ac.jp tabata@cs.okayama-u.ac.jp 242-8502 1623 14 munetoh@jp.ibm.com OS Linux 2.6 Linux Security Modules LSM LSM Linux 4 OS OS LSM An Evaluation of Performance
More informationActionScript Flash Player 8 ActionScript3.0 ActionScript Flash Video ActionScript.swf swf FlashPlayer AVM(Actionscript Virtual Machine) Windows
ActionScript3.0 1 1 YouTube Flash ActionScript3.0 Face detection and hiding using ActionScript3.0 for streaming video on the Internet Ryouta Tanaka 1 and Masanao Koeda 1 Recently, video streaming and video
More informationInput image Initialize variables Loop for period of oscillation Update height map Make shade image Change property of image Output image Change time L
1,a) 1,b) 1/f β Generation Method of Animation from Pictures with Natural Flicker Abstract: Some methods to create animation automatically from one picture have been proposed. There is a method that gives
More informationマルウェア対策のための研究用データセット ~ MWS Datasets 2013 ~.pptx
1 2 3 4 5 6 MWS Datasets 2013 MWS Datasets 2013 感染 PC 群 PRACTICE Dataset 2013 サーバ型ハニーポット CCC Dataset 2013 NICTER Darknet Dataset 2013 Darknet scan ボット ワーム クライアント型ハニーポット SandBox D3M 2013 FFRI Dataset 2013
More information1., 1 COOKPAD 2, Web.,,,,,,.,, [1]., 5.,, [2].,,.,.,, 5, [3].,,,.,, [4], 33,.,,.,,.. 2.,, 3.., 4., 5., ,. 1.,,., 2.,. 1,,
THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TECHNICAL REPORT OF IEICE.,, 464 8601 470 0393 101 464 8601 E-mail: matsunagah@murase.m.is.nagoya-u.ac.jp, {ide,murase,hirayama}@is.nagoya-u.ac.jp,
More information第 55 回自動制御連合講演会 2012 年 11 月 17 日,18 日京都大学 1K403 ( ) Interpolation for the Gas Source Detection using the Parameter Estimation in a Sensor Network S. T
第 55 回自動制御連合講演会 212 年 11 月 日, 日京都大学 1K43 () Interpolation for the Gas Source Detection using the Parameter Estimation in a Sensor Network S. Tokumoto, T. Namerikawa (Keio Univ. ) Abstract The purpose of
More information12) NP 2 MCI MCI 1 START Simple Triage And Rapid Treatment 3) START MCI c 2010 Information Processing Society of Japan
1 1, 2 1, 2 1 A Proposal of Ambulance Scheduling System Based on Electronic Triage Tag Teruhiro Mizumoto, 1 Weihua Sun, 1, 2 Keiichi Yasumoto 1, 2 and Minoru Ito 1 For effective life-saving in MCI (Mass
More informationOS Windows Vista Windows XP PowerPoint2003 Word2003 (a Test No. OS 1 Windows Vista PPT2003 2 Windows Vista Word2003 3 Windows XP PPT2003 4 Windows XP
C ommunication In embedded softwares, designing a test process that considers how to perform tests in an efficient way, has been an important problem in a whole development process. By the software test,
More information大学における原価計算教育の現状と課題
1 1.1 1.2 1.3 2 2.1 2.2 3 3.1 3.2 3.3 2014a 50 ABC Activity Based Costing LCC Lifecycle Costing MFCA Material Flow Cost Accounting 2 2 2016 9 1 2 3 2014b 2005 2014b 2000 1 2 1962 5 1 3 2 3 4 5 50 2012
More informationuntitled
2007 55 2 235 254 c 2007 1 2 3 3 2007 6 12 2007 11 1 20 8 2 1. 2004 Sakata et al. 2004 1 610 0394 1 3 2 176 8525 2 42 1 3 525 8577 1 1 1 236 55 2 2007 2003 2004 Camurri et al. 1999 2002 2005 CG 1987 1
More information1 DHT Fig. 1 Example of DHT 2 Successor Fig. 2 Example of Successor 2.1 Distributed Hash Table key key value O(1) DHT DHT 1 DHT 1 ID key ID IP value D
P2P 1,a) 1 1 Peer-to-Peer P2P P2P P2P Chord P2P Chord Consideration for Efficient Construction of Distributed Hash Trees on P2P Systems Taihei Higuchi 1,a) Masakazu Soshi 1 Tomoyuki Asaeda 1 Abstract:
More information1 2 3 ( ) ( ) SNS SNS Facebook %[g]( %[ ]) [ ] IT LNS (Life Networking Service) LNS LNS LNS SNS SNS 3. LNS (Life Networking S
情報処理学会インタラクション 2012 IPSJ Interaction 2012 2012-Interacti 2012/3/15 Life Networking Service LNS LNS twitter LNS Life Log Sharing with Life Networking Service YUSUKE NAKANO HIROSHI KAWAKAMI HIROYUKI TARUMI
More informationVol. 44 No. SIG 12(TOD 19) Sep MF MF MF Content Protection Mechanism Based on Media Framework and an Implementation for Autonomous Information C
Vol. 44 No. SIG 12(TOD 19) Sep. 2003 MF MF MF Content Protection Mechanism Based on Media Framework and an Implementation for Autonomous Information Container Takehito Abe, Noburou Taniguchi, Kunihiro
More information3D UbiCode (Ubiquitous+Code) RFID ResBe (Remote entertainment space Behavior evaluation) 2 UbiCode Fig. 2 UbiCode 2. UbiCode 2. 1 UbiCode UbiCode 2. 2
THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS HCG HUMAN COMMUNICATION GROUP SYMPOSIUM. UbiCode 243 0292 1030 E-mail: {ubicode,koide}@shirai.la, {otsuka,shirai}@ic.kanagawa-it.ac.jp
More informationfiš„v5.dvi
(2001) 49 2 293 303 VRML 1 2 3 2001 4 12 2001 10 16 Web Java VRML (Virtual Reality Modeling Language) VRML Web VRML VRML VRML VRML Web VRML VRML, 3D 1. WWW (World Wide Web) WWW Mittag (2000) Web CGI Java
More information知能と情報, Vol.30, No.5, pp
1, Adobe Illustrator Photoshop [1] [2] [3] Initital Values Assignment of Parameters Using Onomatopoieas for Interactive Design Tool Tsuyoshi NAKAMURA, Yuki SAWAMURA, Masayoshi KANOH, and Koji YAMADA Graduate
More information1 2 4 5 9 10 12 3 6 11 13 14 0 8 7 15 Iteration 0 Iteration 1 1 Iteration 2 Iteration 3 N N N! N 1 MOPT(Merge Optimization) 3) MOPT 8192 2 16384 5 MOP
10000 SFMOPT / / MOPT(Merge OPTimization) MOPT FMOPT(Fast MOPT) FMOPT SFMOPT(Subgrouping FMOPT) SFMOPT 2 8192 31 The Proposal and Evaluation of SFMOPT, a Task Mapping Method for 10000 Tasks Haruka Asano
More information[2] 1. 2. 2 2. 1, [3] 2. 2 [4] 2. 3 BABOK BABOK(Business Analysis Body of Knowledge) BABOK IIBA(International Institute of Business Analysis) BABOK 7
32 (2015 ) [2] Projects of the short term increase at present. In order to let projects complete without rework and delays, it is important that request for proposals (RFP) are written by reflecting precisely
More information農研機構 食品総合研究所 研究報告 77号
Rep. Natl Food Res. InstNo 技 術 報 告 食 品 害 虫 サイトの 長 期 間 アクセス 解 析 --- A Long-Term Analysis of Access Trend to Food-Insect Site Yukio Magariyama, Kumiko Shichiri, Akihiro Miyanoshita, Taro Imamura, Satoshi
More information1 Table 1: Identification by color of voxel Voxel Mode of expression Nothing Other 1 Orange 2 Blue 3 Yellow 4 SSL Humanoid SSL-Vision 3 3 [, 21] 8 325
社団法人人工知能学会 Japanese Society for Artificial Intelligence 人工知能学会研究会資料 JSAI Technical Report SIG-Challenge-B3 (5/5) RoboCup SSL Humanoid A Proposal and its Application of Color Voxel Server for RoboCup SSL
More informationA Study on Traffic Characteristics in Multi-hop Wireless Networks 2010 3 Yoichi Yamasaki ( ) 21 Local Area Network (LAN) LAN LAN LAN (AP, Access Point) LAN AP LAN AP AP AP (MWN, Multi-hop Wireless Network)
More informationDTN DTN DTN DTN i
28 DTN Proposal of the Aggregation Message Ferrying for Evacuee s Data Delivery in DTN Environment 1170302 2017 2 28 DTN DTN DTN DTN i Abstract Proposal of the Aggregation Message Ferrying for Evacuee
More informationProgress report
自動化されたマルウェア動的解析システム で収集した大量 API コールログの分析 MWS 2013 藤野朗稚, 森達哉 早稲田大学基幹理工学部情報理工学科 Akinori Fujino, Waseda Univ. 1 目次 研究背景 提案手法 結果 まとめ Akinori Fujino, Waseda Univ. 2 マルウェアは日々驚くべき速さで増加している. 一日当たり 20 万個の新しいマルウェアが発見されている
More information1 3DCG [2] 3DCG CG 3DCG [3] 3DCG 3 3 API 2 3DCG 3 (1) Saito [4] (a) 1920x1080 (b) 1280x720 (c) 640x360 (d) 320x G-Buffer Decaudin[5] G-Buffer D
3DCG 1) ( ) 2) 2) 1) 2) Real-Time Line Drawing Using Image Processing and Deforming Process Together in 3DCG Takeshi Okuya 1) Katsuaki Tanaka 2) Shigekazu Sakai 2) 1) Department of Intermedia Art and Science,
More informationDPA,, ShareLog 3) 4) 2.2 Strino Strino STRain-based user Interface with tacticle of elastic Natural ObjectsStrino 1 Strino ) PC Log-Log (2007 6)
1 2 1 3 Experimental Evaluation of Convenient Strain Measurement Using a Magnet for Digital Public Art Junghyun Kim, 1 Makoto Iida, 2 Takeshi Naemura 1 and Hiroyuki Ota 3 We present a basic technology
More informationP2P Web Proxy P2P Web Proxy P2P P2P Web Proxy P2P Web Proxy Web P2P WebProxy i
27 Verification of the usefulness of the data distribution method by browser cache sharing 1160285 2016 2 26 P2P Web Proxy P2P Web Proxy P2P P2P Web Proxy P2P Web Proxy Web P2P WebProxy i Abstract Verification
More informationISSN NII Technical Report Patent application and industry-university cooperation: Analysis of joint applications for patent in the Universit
ISSN 1346-5597 NII Technical Report Patent application and industry-university cooperation: Analysis of joint applications for patent in the University of Tokyo Morio SHIBAYAMA, Masaharu YANO, Kiminori
More informationIPSJ SIG Technical Report Vol.2011-MUS-91 No /7/ , 3 1 Design and Implementation on a System for Learning Songs by Presenting Musical St
1 2 1, 3 1 Design and Implementation on a System for Learning Songs by Presenting Musical Structures based on Phrase Similarity Yuma Ito, 1 Yoshinari Takegawa, 2 Tsutomu Terada 1, 3 and Masahiko Tsukamoto
More informationIPSJ SIG Technical Report Vol.2017-ARC-225 No.12 Vol.2017-SLDM-179 No.12 Vol.2017-EMB-44 No /3/9 1 1 RTOS DefensiveZone DefensiveZone MPU RTOS
1 1 RTOS DefensiveZone DefensiveZone MPU RTOS RTOS OS Lightweight partitioning architecture for automotive systems Suzuki Takehito 1 Honda Shinya 1 Abstract: Partitioning using protection RTOS has high
More information%,, % %......
Purchase Decision Process of Earthquake Insurance and Policy Sales Methodologies in Japan Hiroyuki NOZAKI * and Akiyoshi TAKAGI ** Abstract The purpose of this study is to investigate how fire insurance
More informationi
21 Fault-Toleranted Authentication Data Distribution Protocol for Autonomous Distributed Networks 1125153 2010 3 2 i Abstract Fault-Toleranted Authentication Data Distribution Protocol for Autonomous Distributed
More informationCore1 FabScalar VerilogHDL Cache Cache FabScalar 1 CoreConnect[2] Wishbone[3] AMBA[4] AMBA 1 AMBA ARM L2 AMBA2.0 AMBA2.0 FabScalar AHB APB AHB AMBA2.0
AMBA 1 1 1 1 FabScalar FabScalar AMBA AMBA FutureBus Improvement of AMBA Bus Frame-work for Heterogeneos Multi-processor Seto Yusuke 1 Takahiro Sasaki 1 Kazuhiko Ohno 1 Toshio Kondo 1 Abstract: The demand
More informationMicrosoft Word - deim2011_new-ichinose-20110325.doc
DEIM Forum 2011 B7-4 252-0882 5322 E-mail: {t08099ai, kurabaya, kiyoki}@sfc.keio.ac.jp A Music Search Database System with a Selector for Impressive-Sections of Continuous Data Aya ICHINOSE Shuichi KURABAYASHI
More information