Alkanet[1, 2] Alkanet CPU CPU 2 Alkanet Alkanet (VMM) VMM Alkanet Windows Alkanet 1 Alkanet VMM BitVisor[3] BitVisor OS ユーザモード カーネルモード マルウェア観測用 PC VM
|
|
|
- さや つねざき
- 7 years ago
- Views:
Transcription
1 Computer Security Symposium October {takimoto, Alkanet CPU Identifying of System Call Invoker by Branch Trace Facilities Yuto Otsuki Eiji Takimoto Shoichi Saito Koichi Mouri Ritsumeikan University Nojihigashi, Kusatsu, Shiga Japan {takimoto, Nagoya Institute of Technology Gokiso-cho, Showa-ku, Nagoya, Aichi, Japan Abstract Recent malware infects other processes. Another one consists of two or more modules and plugins. It is difficult to trace these malware because traditional methods focus on threads or processes. We are developing Alkanet, a system call tracer for malware analysis. To trace the malware, Alkanet identifies the system call invoker by stack trace. However, if malware has falsified its stack, Alkanet cannot identify it correctly. In this paper, we describe a method for identifying a system call invoker by branch trace facilities. We consider the effectiveness of branch trace facilities for malware analysis
2 Alkanet[1, 2] Alkanet CPU CPU 2 Alkanet Alkanet (VMM) VMM Alkanet Windows Alkanet 1 Alkanet VMM BitVisor[3] BitVisor OS ユーザモード カーネルモード マルウェア観測用 PC VM システムコール Windows システムコールアナライザログ Alkanet BitVisor IEEE1394 1: Alkanet ロギング用 PC ログ解析ツール ログ解析 挙動抽出 保存 ロガー VMM Intel CPU Intel VT (Intel Virtualization Technology) Windows OS 32bit Windows XP Service Pack 3 sysenter sysexit Alkanet PC IEEE 1394 [2] VAD (Virtual Address Descriptor) PTE (Page Table Entry) 3 BTS Intel CPU MSR (Model Specific Register)
3 LBR (Last Branch Record) BTS (Branch Trace Store) BTF (Single Step on Branches) 2 BTS BTS BTS 3 CPU IA32 DS AREA MSR BTS IA32 DEBUGCTL MSR TR bit ( 6bit) BTS bit ( 7bit) BTS OFF OS bit ( 9bit) BTS OFF USR bit ( 10bit) BTINT bit ( 8bit) BTINT bit 4 BTS VMM Alkanet BTS VM 4.1 VM OS VM MSR Alkanet VM MSR VM IA32 DEBUGCTL VMCS (Virtual-Machine Control Structures) IA32 DS AREA VMCS MSR IA32 DS AREA OS OS Windows Alkanet BTS Windows Windows Mm- PfnDatabase BTS OS BTS OFF OS bit 4.2 BTS Alkanet BTS Windows Windows PCR (Processor Control Region)
4 4.3 call BTS call call ret DLL [2] rundll32.exe DLL rundll32.exe BTS MWS Datasets 2014 [4] CCC DATAset 2013 DLL Conficker.dll 2 Stack- Trace 1 2 [] API [2] BTS From Valid From BTS Valid VALID INVALID BTINT UNVALIDATED 2 [11] [10] rundll32.exe Load- LibraryW Conficker.dll [05] [00] Conficker.dll Sleep API SleepEx API NtDelayExecution NtDelayExecution [05] [00] BTS (VALID) [11] [10] (UNVALIDATED) BTINT BTS 5.2 PDF call ROP (Return Oriented Programming)
5 StackTrace:! SP: 7ed24, StackBase: 80000, StackLimit: 74000! [00] <- 7c94d1fc (API: NtDelayExecution+0xc, Writable: 0, Dirty: 0,! VAD: {7c c9dc000, ImageMap: 1, File: "\WINDOWS\system32\ntdll.dll"}),! From: 7c94d1fa, Valid: VALID, SP: 7ed24! [01] <- 7c8023f1 (API: SleepEx+0x51, Writable: 0, Dirty: 0,! From: 7c8023eb, Valid: VALID, SP: 7ed28! [02] <- 7c (API: Sleep+0xf, Writable: 0, Dirty: 0,! From: 7c802450, Valid: VALID, BP: 7ed7c! [03] < (API: -, Writable: 0, Dirty: 0,! VAD: { , ImageMap: 1, File: "\Conficker.dll"}),! From: , Valid: VALID, BP: 7ed8c! [04] < b (API: -, Writable: 0, Dirty: 0,! VAD: { , ImageMap: 1, File: "\Conficker.dll"}),! From: , Valid: VALID, BP: 7f184! [05] <- 7c94118a (API: LdrpCallInitRoutine+0x14, Writable: 0, Dirty: 0,! VAD: {7c c9dc000, ImageMap: 1, File: "\WINDOWS\system32\ntdll.dll"}),! From: 7c941187, Valid: VALID, BP: 7f1a4! < 省略 >! [10] <- 7c80aeec (API: LoadLibraryW+0x11, Writable: 0, Dirty: 0,! From: -, Valid: UNVALIDATED, BP: 7f888! [11] < (API: -, Writable: 0, Dirty: 0,! VAD: { b000, ImageMap: 1, File: "\WINDOWS\system32\rundll32.exe"}),! From: -, Valid: UNVALIDATED, BP: 7f89c! < 省略 >! 2: Conficker.dll call ret call ret BTS MWS Datasets 2014 [4] D3M 2013 PDF [2] PDF 3 3 (Writable: 1) (Dirty: 1) ([03]) Virtual- Protect API VirtualProtectEx API NtProtect- VirtualMemory ([02] [00]) NtProtectVirtualMemory [02] [00] Valid: VALID BTS [03] From 2f900a9 2f900c7 INVALID BTS 3 [03] 4 BTS (from) (to) 4 2f900a9 2f900ae call ( 1 ) 2f900c5 Virtual- Protect API 7c801ad9 jmp ( 2 )
6 Stacktrace:! SP: f601ff8, StackBase: , StackLimit: 11d000! [00] <- 7c94d6dc (API: NtProtectVirtualMemory+0xc, Writable: 0, Dirty: 0,! VAD: {7c c9dc000, ImageMap: 1, File: "\WINDOWS\system32\ntdll.dll"}),! From: 7c94d6da, Valid: VALID, SP: f601ff8! [01] <- 7c801a81 (API: VirtualProtectEx+0x20, Writable: 0, Dirty: 0,! From: 7c801a7f, Valid: VALID, SP: f601ffc! [02] <- 7c801aec (API: VirtualProtect+0x18, Writable: 0, Dirty: 0,! From: 7c801ae7, Valid: VALID, BP: f60201c! [03] <- 2f900c7 (API: -, Writable: 1, Dirty: 1,! VAD: {2f f91000, ImageMap: 0}),! From: 2f900a9, Valid: INVALID, BP: f602038! 3: PDF from= 2f900a9, to= 2f900ae call 2f900ae! from= 2f900c5, to=7c801ad9 jmp EBX! 4: 2 jmp API API jmp call 2f900c5 call ret 4 BTS 6 BTS Intel Core 2 Quad Q GHz 4GB PC PCMark05[5] System Test Suite PC Windows Native Alkanet (Normal) Alkanet (ST) BTS Alkanet (BTS) 3 Alkanet OS Windows Native Alkanet (Normal) Alkanet (ST) ( PCMarks) Native 100 Alkanet (Normal) 75 Alkanet (ST) 59 Alkanet (BTS) Web Page Rendering Internet Explorer Alkanet (BTS) HDD Native 10% BTS call ret
7 1 IA32 DS AREA PTE QEMU HDD Native 10% QEMU 7 kbouncer[6] API 1 LBR ROP BTS kbouncer Windows VMM VM BTS CXPInspector[7] VMM DLL CXPInspector LBR BTS BTS 5.2 call ret call call ret BTS API Windows DLL BTS 8.2 BTS 6 kbouncer[6] % LBR BTS LBR Haswell CPU EN CALLSTACK LBR BTS EN CALLSTACK LBR MSR
8 8.3 BTS BTS LBR BTS 9 BTS BTS call ret BTS LBR EN CALLSTACK [1] Otsuki, Y., Takimoto, E., Kashiyama, T., Saito, S., Cooper, E. and Mouri, K.: Tracing Malicious Injected Threads Using Alkanet Malware Analyzer, IAENG Transactions on Engineering Technologies, Lecture Notes in Electrical Engineering, Vol. 247, Springer Netherlands, pp (2014). [2] Alkanet 2013 Vol. 2013, No. 4, pp (2013). [3] Shinagawa, T., Eiraku, H., Tanimoto, K., Omote, K., Hasegawa, S., Horie, T., Hirano, M., Kourai, K., Oyama, Y., Kawai, E., Kono, K., Chiba, S., Shinjo, Y. and Kato, K.: Bit- Visor: a thin hypervisor for enforcing i/o device security, Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, ACM, pp (2009). [4] MWS Datasets 2014 CSEC Vol CSEC- 66, No. 19, pp. 1 7 (2014). [5] Futuremark Corporation: Futuremark - Legacy Benchmarks, com/benchmarks/legacy (2014, accessed ). [6] Pappas, V., Polychronakis, M. and Keromytis, A. D.: Transparent ROP Exploit Mitigation Using Indirect Branch Tracing, Proceedings of the 22nd USENIX Conference on Security, SEC 13, USENIX Association, pp (2013). [7] Willems, C., Hund, R. and Holz, T.: Hypervisor-based, hardware-assisted system monitoring, Virus Bulletin Conference (2013)
1 BitVisor [3] Alkanet[1] Alkanet (DLL) DLL 2 Alkanet 3 4 5 6 7 2 Alkanet Alkanet VMM VMM Alkanet Windows [2] マルウェア 観 測 用 VM SystemCall Windows System
Computer Security Symposium 2013 21-23 October 2013 Alkanet 525-8577 1-1-1 [email protected], {takimoto, mouri}@cs.ritsumei.ac.jp 466-8555 [email protected] BitVisor Alkanet API DLL A Method
Computer Security Symposium October ,a) API API API Alkanet IDA MWS API Proposal of static analysis assistance method utilizi
Computer Security Symposium 2016 11-13 October 2016 1,a) 1 1 2 1 API API API Alkanet IDA MWS API Proposal of static analysis assistance method utilizing the dynamic analysis log Shota Nakajima 1,a) Shuhei
今週の進捗
Virtualize APIC access による APIC フック手法 立命館大学富田崇詠, 明田修平, 瀧本栄二, 毛利公一 2016/11/30 1 はじめに (1/2) マルウェアの脅威が問題となっている 2015年に4 億 3000 万以上の検体が新たに発見されている マルウェア対策にはマルウェアが持つ機能 挙動の正確な解析が重要 マルウェア動的解析システム : Alkanet 仮想計算機モニタのBitVisorの拡張機能として動作
( 億 種 ) マルウェアが 急 速 に 増 加! 短 時 間 で 解 析 し, マルウェアの 意 図 や 概 略 を 把 握 したい マルウェアを 実 行 し, 挙 動 を 観 測 することで 解 析 する 動 的 解 析 が 有 効 しかし, マルウェアの 巧 妙 化 により, 観 測 自 体
大 月 勇 人, 瀧 本 栄 二, 毛 利 公 一 立 命 館 大 学 ( 億 種 ) マルウェアが 急 速 に 増 加! 短 時 間 で 解 析 し, マルウェアの 意 図 や 概 略 を 把 握 したい マルウェアを 実 行 し, 挙 動 を 観 測 することで 解 析 する 動 的 解 析 が 有 効 しかし, マルウェアの 巧 妙 化 により, 観 測 自 体 が 困 難 となっている アンチデバッグ:
29 jjencode JavaScript
Kochi University of Technology Aca Title jjencode で難読化された JavaScript の検知 Author(s) 中村, 弘亮 Citation Date of 2018-03 issue URL http://hdl.handle.net/10173/1975 Rights Text version author Kochi, JAPAN http://kutarr.lib.kochi-tech.ac.jp/dspa
Web Web Web Web Web, i
22 Web Research of a Web search support system based on individual sensitivity 1135117 2011 2 14 Web Web Web Web Web, i Abstract Research of a Web search support system based on individual sensitivity
258 5) GPS 1 GPS 6) GPS DP 7) 8) 10) GPS GPS 2 3 4 5 2. 2.1 3 1) GPS Global Positioning System
Vol. 52 No. 1 257 268 (Jan. 2011) 1 2, 1 1 measurement. In this paper, a dynamic road map making system is proposed. The proposition system uses probe-cars which has an in-vehicle camera and a GPS receiver.
MAC root Linux 1 OS Linux 2.6 Linux Security Modules LSM [1] Security-Enhanced Linux SELinux [2] AppArmor[3] OS OS OS LSM LSM Performance Monitor LSMP
LSM OS 700-8530 3 1 1 [email protected] [email protected] 242-8502 1623 14 [email protected] OS Linux 2.6 Linux Security Modules LSM LSM Linux 4 OS OS LSM An Evaluation of Performance
GPGPU
GPGPU 2013 1008 2015 1 23 Abstract In recent years, with the advance of microscope technology, the alive cells have been able to observe. On the other hand, from the standpoint of image processing, the
2 [2] Flow Visualizer 1 DbD 2. DbD [4] Web (PV) Web Web Web 3 ( 1) ( 1 ) Web ( 2 ) Web Web ( 3 ) Web DbD DbD () DbD DbD DbD 2.1 DbD DbD URL URL Google
Drive-by Download 1,a) 1,b) Web Drive-by Download(DbD) DbD Web DbD HTTP DbD Web DbD, Drive-by Download The Network Visualization Tool for detecting the Drive-by Download attacks. Amako Katsuhiro 1,a) Takada
1 3DCG [2] 3DCG CG 3DCG [3] 3DCG 3 3 API 2 3DCG 3 (1) Saito [4] (a) 1920x1080 (b) 1280x720 (c) 640x360 (d) 320x G-Buffer Decaudin[5] G-Buffer D
3DCG 1) ( ) 2) 2) 1) 2) Real-Time Line Drawing Using Image Processing and Deforming Process Together in 3DCG Takeshi Okuya 1) Katsuaki Tanaka 2) Shigekazu Sakai 2) 1) Department of Intermedia Art and Science,
indd
Windows Vista 2 Service pack 1 SP1 Windows Vista Windows Xp Windows Vista Windows Vista CPU Windows OS Windows Xp Windows Vista Windows 7 15 20 Windows Vista Windows Vista Windows Xp Windows Vista Windows
VMware VirtualCenter: Virtual Infrastructure Management Software
VMware : CPU 1998 VMware : 50(R&D) : Workstation1999 GSX Server 2001 ESX Server 2001 : 900 100805%VMware 200 100 10,000 2 VMware Workstation 1999 Linux x86 3 VMware GSX Server Windows Linux x86 4 VMware
21 e-learning Development of Real-time Learner Detection System for e-learning
21 e-learning Development of Real-time Learner Detection System for e-learning 1100349 2010 3 1 e-learning WBT (Web Based training) e-learning LMS (Learning Management System) LMS WBT e-learning e-learning
ActionScript Flash Player 8 ActionScript3.0 ActionScript Flash Video ActionScript.swf swf FlashPlayer AVM(Actionscript Virtual Machine) Windows
ActionScript3.0 1 1 YouTube Flash ActionScript3.0 Face detection and hiding using ActionScript3.0 for streaming video on the Internet Ryouta Tanaka 1 and Masanao Koeda 1 Recently, video streaming and video
23 Fig. 2: hwmodulev2 3. Reconfigurable HPC 3.1 hw/sw hw/sw hw/sw FPGA PC FPGA PC FPGA HPC FPGA FPGA hw/sw hw/sw hw- Module FPGA hwmodule hw/sw FPGA h
23 FPGA CUDA Performance Comparison of FPGA Array with CUDA on Poisson Equation ([email protected]), ([email protected]), ([email protected]), ([email protected]),
第6期末セミナー2006-1rev1.ppt
Intel VT vs AMD AMD-V ( CPU) 2 3 IA-32 Intel VT-x AMD Virtualization(AMD-V) IA-64 Intel VT-i UltraSPARC UltraSPARCArchitecture2005(UltraSPARC T1) POWER Logical Partitioning (LPAR) ARM TrustZone x86 4 Intel
大月勇人, 若林大晃, 瀧本栄二, 齋藤彰一, 毛利公一 立命館大学 名古屋工業大学
大月勇人, 若林大晃, 瀧本栄二, 齋藤彰一, 毛利公一 立命館大学 名古屋工業大学 1. 研究背景 2. Alkanet アプローチ Alkanet の構成 監視するシステムコール ログ解析 3. 解析検体内訳 4. サービスを起動する検体 5. まとめ 立命館大学 2 2012 年 10 月 30 日 ( 億種 ) マルウェアが急速に増加! 短時間で解析し, マルウェアの意図や概略を把握したい
fiš„v5.dvi
(2001) 49 2 293 303 VRML 1 2 3 2001 4 12 2001 10 16 Web Java VRML (Virtual Reality Modeling Language) VRML Web VRML VRML VRML VRML Web VRML VRML, 3D 1. WWW (World Wide Web) WWW Mittag (2000) Web CGI Java
2). 3) 4) 1.2 NICTNICT DCRA Dihedral Corner Reflector micro-arraysdcra DCRA DCRA DCRA 3D DCRA PC USB PC PC ON / OFF Velleman K8055 K8055 K8055
1 1 1 2 DCRA 1. 1.1 1) 1 Tactile Interface with Air Jets for Floating Images Aya Higuchi, 1 Nomin, 1 Sandor Markon 1 and Satoshi Maekawa 2 The new optical device DCRA can display floating images in free
28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment
28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment 1170288 2017 2 28 Docker,.,,.,,.,,.,. Docker.,..,., Web, Web.,.,.,, CPU,,. i ., OS..,, OS, VirtualBox,.,
IPSJ SIG Technical Report Vol.2009-DPS-141 No.20 Vol.2009-GN-73 No.20 Vol.2009-EIP-46 No /11/27 1. MIERUKEN 1 2 MIERUKEN MIERUKEN MIERUKEN: Spe
1. MIERUKEN 1 2 MIERUKEN MIERUKEN MIERUKEN: Speech Visualization System Based on Augmented Reality Yuichiro Nagano 1 and Takashi Yoshino 2 As the spread of the Augmented Reality(AR) technology and service,
& Vol.2 No (Mar. 2012) 1,a) , Bluetooth A Health Management Service by Cell Phones and Its Us
1,a) 1 1 1 1 2 2 2011 8 10, 2011 12 2 1 Bluetooth 36 2 3 10 70 34 A Health Management Service by Cell Phones and Its Usability Evaluation Naofumi Yoshida 1,a) Daigo Matsubara 1 Naoki Ishibashi 1 Nobuo
[2] 2. [3 5] 3D [6 8] Morishima [9] N n 24 24FPS k k = 1, 2,..., N i i = 1, 2,..., n Algorithm 1 N io user-specified number of inbetween omis
1,a) 2 2 2 1 2 3 24 Motion Frame Omission for Cartoon-like Effects Abstract: Limited animation is a hand-drawn animation style that holds each drawing for two or three successive frames to make up 24 frames
( ) [1] [4] ( ) 2. [5] [6] Piano Tutor[7] [1], [2], [8], [9] Radiobaton[10] Two Finger Piano[11] Coloring-in Piano[12] ism[13] MIDI MIDI 1 Fig. 1 Syst
情報処理学会インタラクション 2015 IPSJ Interaction 2015 15INT014 2015/3/7 1,a) 1,b) 1,c) Design and Implementation of a Piano Learning Support System Considering Motivation Fukuya Yuto 1,a) Takegawa Yoshinari 1,b) Yanagi
THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TECHNICAL REPORT OF IEICE.
THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TECHNICAL REPORT OF IEICE. E-mail: {ytamura,takai,tkato,tm}@vision.kuee.kyoto-u.ac.jp Abstract Current Wave Pattern Analysis for Anomaly
1 Web [2] Web [3] [4] [5], [6] [7] [8] S.W. [9] 3. MeetingShelf Web MeetingShelf MeetingShelf (1) (2) (3) (4) (5) Web MeetingShelf
1,a) 2,b) 4,c) 3,d) 4,e) Web A Review Supporting System for Whiteboard Logging Movies Based on Notes Timeline Taniguchi Yoshihide 1,a) Horiguchi Satoshi 2,b) Inoue Akifumi 4,c) Igaki Hiroshi 3,d) Hoshi
第62巻 第1号 平成24年4月/石こうを用いた木材ペレット
Bulletin of Japan Association for Fire Science and Engineering Vol. 62. No. 1 (2012) Development of Two-Dimensional Simple Simulation Model and Evaluation of Discharge Ability for Water Discharge of Firefighting
17 Proposal of an Algorithm of Image Extraction and Research on Improvement of a Man-machine Interface of Food Intake Measuring System
1. (1) ( MMI ) 2. 3. MMI Personal Computer(PC) MMI PC 1 1 2 (%) (%) 100.0 95.2 100.0 80.1 2 % 31.3% 2 PC (3 ) (2) MMI 2 ( ),,,, 49,,p531-532,2005 ( ),,,,,2005,p66-p67,2005 17 Proposal of an Algorithm of
2) TA Hercules CAA 5 [6], [7] CAA BOSS [8] 2. C II C. ( 1 ) C. ( 2 ). ( 3 ) 100. ( 4 ) () HTML NFS Hercules ( )
1,a) 2 4 WC C WC C Grading Student programs for visualizing progress in classroom Naito Hiroshi 1,a) Saito Takashi 2 Abstract: To grade student programs in Computer-Aided Assessment system, we propose
SmartLMSユーザーズガイド<講師編>
SmartLearning Management System SmartLMS (1) (2) (3) (4) (3) (5) Microsoft MS PowerPoint DirectX Windows Windows NT Windows Media Microsoft Corporation Intel Pentium Intel Corporation NEC 2003-2004 NEC
1 Fig. 1 Extraction of motion,.,,, 4,,, 3., 1, 2. 2.,. CHLAC,. 2.1,. (256 ).,., CHLAC. CHLAC, HLAC. 2.3 (HLAC ) r,.,. HLAC. N. 2 HLAC Fig. 2
CHLAC 1 2 3 3,. (CHLAC), 1).,.,, CHLAC,.,. Suspicious Behavior Detection based on CHLAC Method Hideaki Imanishi, 1 Toyohiro Hayashi, 2 Shuichi Enokida 3 and Toshiaki Ejima 3 We have proposed a method for
,,,,., C Java,,.,,.,., ,,.,, i
24 Development of the programming s learning tool for children be derived from maze 1130353 2013 3 1 ,,,,., C Java,,.,,.,., 1 6 1 2.,,.,, i Abstract Development of the programming s learning tool for children
IPSJ SIG Technical Report Vol.2011-IOT-12 No /3/ , 6 Construction and Operation of Large Scale Web Contents Distribution Platfo
1 1 2 3 4 5 1 1, 6 Construction and Operation of Large Scale Web Contents Distribution Platform using Cloud Computing 1. ( ) 1 IT Web Yoshihiro Okamoto, 1 Naomi Terada and Tomohisa Akafuji, 1, 2 Yuko Okamoto,
& Vol.5 No (Oct. 2015) TV 1,2,a) , Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Ro
TV 1,2,a) 1 2 2015 1 26, 2015 5 21 Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Rotation Using Mobile Device Hiroyuki Kawakita 1,2,a) Toshio Nakagawa 1 Makoto Sato
fiš„v8.dvi
(2001) 49 2 333 343 Java Jasp 1 2 3 4 2001 4 13 2001 9 17 Java Jasp (JAva based Statistical Processor) Jasp Jasp. Java. 1. Jasp CPU 1 106 8569 4 6 7; [email protected] 2 106 8569 4 6 7; [email protected]
,,.,,., II,,,.,,.,.,,,.,,,.,, II i
12 Load Dispersion Methods in Thin Client Systems 1010405 2001 2 5 ,,.,,., II,,,.,,.,.,,,.,,,.,, II i Abstract Load Dispersion Methods in Thin Client Systems Noritaka TAKEUCHI Server Based Computing by
特-3.indd
Development of Automation Technology for Precision Finishing Works Employing a Robot Arm There is demand for the automation of finishing processes that require technical skills in the manufacturing of
Input image Initialize variables Loop for period of oscillation Update height map Make shade image Change property of image Output image Change time L
1,a) 1,b) 1/f β Generation Method of Animation from Pictures with Natural Flicker Abstract: Some methods to create animation automatically from one picture have been proposed. There is a method that gives
Firefox Firefox Mozilla addons.mozilla.org (AMO) AMO Firefox Mozilla AMO Firefox Firefox Mozilla Firefox Firefox Firefox 年間登録数
Computer Security Symposium 2014 22-24 October 2014 Firefox 182-8585 1-5-1 [email protected] {kazushi, oyama}@inf.uec.ac.jp Web Firefox Firefox Firefox Investigation on Attack and Stealth Methods
IPSJ SIG Technical Report Vol.2012-MUS-96 No /8/10 MIDI Modeling Performance Indeterminacies for Polyphonic Midi Score Following and
MIDI 1 2 3 2 1 Modeling Performance Indeterminacies for Polyphonic Midi Score Following and Its Application to Automatic Accompaniment Nakamura Eita 1 Yamamoto Ryuichi 2 Saito Yasuyuki 3 Sako Shinji 2
Fig. 3 Flow diagram of image processing. Black rectangle in the photo indicates the processing area (128 x 32 pixels).
Fig. 1 The scheme of glottal area as a function of time Fig. 3 Flow diagram of image processing. Black rectangle in the photo indicates the processing area (128 x 32 pixels). Fig, 4 Parametric representation
(a) 1 (b) 3. Gilbert Pernicka[2] Treibitz Schechner[3] Narasimhan [4] Kim [5] Nayar [6] [7][8][9] 2. X X X [10] [11] L L t L s L = L t + L s
1 1 1, Extraction of Transmitted Light using Parallel High-frequency Illumination Kenichiro Tanaka 1 Yasuhiro Mukaigawa 1 Yasushi Yagi 1 Abstract: We propose a new sharpening method of transmitted scene
394-04
Change and Development of Continuous Casting Technology Abstract It is about 60 years that history of continuous casting process in our country. From the start of commercial operation of the first continuous
6 2. AUTOSAR 2.1 AUTOSAR AUTOSAR ECU OSEK/VDX 3) OSEK/VDX OS AUTOSAR AUTOSAR ECU AUTOSAR 1 AUTOSAR BSW (Basic Software) (Runtime Environment) Applicat
AUTOSAR 1 1, 2 2 2 AUTOSAR AUTOSAR 3 2 2 41% 29% An Extension of AUTOSAR Communication Layers for Multicore Systems Toshiyuki Ichiba, 1 Hiroaki Takada, 1, 2 Shinya Honda 2 and Ryo Kurachi 2 AUTOSAR, a
IPSJ SIG Technical Report Vol.2012-CG-148 No /8/29 3DCG 1,a) On rigid body animation taking into account the 3D computer graphics came
3DCG 1,a) 2 2 2 2 3 On rigid body animation taking into account the 3D computer graphics camera viewpoint Abstract: In using computer graphics for making games or motion pictures, physics simulation is
LR DEVICE Version 1.1 706434 / 01 04 / 2017 1................................................ 3 1.1............................................... 3 2................................................ 3
NW-E062 / E063 / E062K/ E063K
/ FM / 112 NW-E062 / E063 / E062K/ E063K 59 70 1 USB USB / MD CD MD CD 111 x- x- 112 NW-E062 / E063 / E062K/ E063K / FM / 112 NW-E062 / E063 / E062K/ E063K / FM / 112 MD CD MD CD x- CD 29 31 47 52 111
Zinstall WinWin 日本語ユーザーズガイド
Zinstall WinWin User Guide Thank you for purchasing Zinstall WinWin. If you have any questions, issues or problems, please contact us: Toll-free phone: (877) 444-1588 International callers: +1-877-444-1588
16_.....E...._.I.v2006
55 1 18 Bull. Nara Univ. Educ., Vol. 55, No.1 (Cult. & Soc.), 2006 165 2002 * 18 Collaboration Between a School Athletic Club and a Community Sports Club A Case Study of SOLESTRELLA NARA 2002 Rie TAKAMURA
2. CABAC CABAC CABAC 1 1 CABAC Figure 1 Overview of CABAC 2 DCT 2 0/ /1 CABAC [3] 3. 2 値化部 コンテキスト計算部 2 値算術符号化部 CABAC CABAC
H.264 CABAC 1 1 1 1 1 2, CABAC(Context-based Adaptive Binary Arithmetic Coding) H.264, CABAC, A Parallelization Technology of H.264 CABAC For Real Time Encoder of Moving Picture YUSUKE YATABE 1 HIRONORI
JOURNAL OF THE JAPANESE ASSOCIATION FOR PETROLEUM TECHNOLOGY VOL. 66, NO. 6 (Nov., 2001) (Received August 10, 2001; accepted November 9, 2001) Alterna
JOURNAL OF THE JAPANESE ASSOCIATION FOR PETROLEUM TECHNOLOGY VOL. 66, NO. 6 (Nov., 2001) (Received August 10, 2001; accepted November 9, 2001) Alternative approach using the Monte Carlo simulation to evaluate
IPSJ SIG Technical Report Vol.2016-CE-137 No /12/ e β /α α β β / α A judgment method of difficulty of task for a learner using simple
1 2 3 4 5 e β /α α β β / α A judgment method of difficulty of task for a learner using simple electroencephalograph Katsuyuki Umezawa 1 Takashi Ishida 2 Tomohiko Saito 3 Makoto Nakazawa 4 Shigeichi Hirasawa
IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra
1,a) 1 1 2 1 Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on traffic Abstract: The equipment with Wi-Fi communication function such as a smart phone which are send on a regular
ファイルベースのサンドボックスの回避
2 3 3 5 11 VMware 14 17 17 FireEye 18 1 FireEye? API iframe DLL VMware VMware VMX 2 1 C&C FireEye 2012 12 UpClicker 1 2 3 UpClicker C&C APT Advanced Persistent Threat RAT Poison Ivy 4 1 UpClicker 0Eh SetWinodwsHookExA
26 FPGA 11 05340 1 FPGA (Field Programmable Gate Array) ASIC (Application Specific Integrated Circuit) FPGA FPGA FPGA FPGA Linux FreeDOS skewed way L1
FPGA 272 11 05340 26 FPGA 11 05340 1 FPGA (Field Programmable Gate Array) ASIC (Application Specific Integrated Circuit) FPGA FPGA FPGA FPGA Linux FreeDOS skewed way L1 FPGA skewed L2 FPGA skewed Linux
bitvisor_summit.pptx
BitVisor 内蔵の lwip で Alkanet ログの送信を試みる 命館 学システムソフトウェア研究室 下雄也, 明 修平, 瀧本栄, 利公 1 はじめに (1/4) 近年, マルウェアが増加しており, マルウェアの脅威が問題となっている マルウェアの脅威に対抗するためには, 多数のマルウェアを迅速に解析する必要がある システムコールトレーサ Alkanet Windows 上で動作するマルウェアを対象とし,
82801pdf.pqxp
PC Contents Chapter 1 PC / Chapter 2/ 1 2 SMS WAN BITS Chapter 3 SMS 2003 SMS SMS SMS 2003 2 6 8 9 9 10 11 12 13 14 16 17 17 18 19 19 20 20 21 22 24 24 25 25 26 26 27 28 PC PC PC PC PC IT 1 1 PC PC PC
[2] OCR [3], [4] [5] [6] [4], [7] [8], [9] 1 [10] Fig. 1 Current arrangement and size of ruby. 2 Fig. 2 Typography combined with printing
1,a) 1,b) 1,c) 2012 11 8 2012 12 18, 2013 1 27 WEB Ruby Removal Filters Using Genetic Programming for Early-modern Japanese Printed Books Taeka Awazu 1,a) Masami Takata 1,b) Kazuki Joe 1,c) Received: November
