| IEICE Technical Committee Submission System Conference Paper's Information |
Online Proceedings [Sign in] Tech. Rep. Archives |
| Go Top Page | Go Previous | [Japanese] / [English] |
| Paper Abstract and Keywords | ||
| Presentation | 2019-11-13 13:30 Recovery method of execution environment infected with ransomware by analyzing time series data of system calls Hirotaka Hiraki, Hideya Ochiai, Hiroshi Esaki (Tokyo Univ.)  ICSS2019-60 |
|
| Abstract | (in Japanese) | (See Japanese page) |
| (in English) | Today, keeping the computer environment safe is a very important issue. Among the malware, it is often difficult in practice to restore a file infected with ransomware that locks and encrypts the target file and requires a ransom instead of decrypting it. In addition, the spread of virtual currency has reduced the risk of attackers being supplemented, and malicious services that sell ransomware software are also available. Therefore, in this paper, we study a method for restoring files infected with ransomware. In the survey, we analyzed the system calls executed by ransomware and found that malicious behaviors tend to be executed periodically or continuously. Based on the investigation, we rewrite the Windows API processing executed by the ransomware to duplicate the file, and then aim to restore it by analyzing the time series data of system calls and identifying normal processing. Furthermore, malware functions have improved in recent years, and some have anti-debug functions that detect that they are subject to analysis, so analysis must be performed without being detected by ransomware. In this study, we propose a method using BitVisor, a hypervisor with low overhead. | |
| Keyword | (in Japanese) | (See Japanese page) |
| (in English) | Ransomware / BitVisor / Anti-Debug / System call / Malware / / / | |
| Reference Info. | IEICE Tech. Rep., vol. 119, no. 288, ICSS2019-60, pp. 1-5, Nov. 2019. | |
| Paper # | ICSS2019-60 | |
| Date of Issue | 2019-11-06 (ICSS) | |
| ISSN | Online edition: ISSN 2432-6380 | |
| Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) | |
| Download PDF | ICSS2019-60 |
|
| Conference Information | |
| Committee | ICSS |
| Conference Date | 2019-11-13 - 2019-11-13 |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | MRT Terrace(Miyazaki) |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Information Communication System Security, etc. |
| Paper Information | |
| Registration To | ICSS |
| Conference Code | 2019-11-ICSS |
| Language | Japanese |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Recovery method of execution environment infected with ransomware by analyzing time series data of system calls |
| Sub Title (in English) | |
| Keyword(1) | Ransomware |
| Keyword(2) | BitVisor |
| Keyword(3) | Anti-Debug |
| Keyword(4) | System call |
| Keyword(5) | Malware |
| Keyword(6) | |
| Keyword(7) | |
| Keyword(8) | |
| 1st Author's Name | Hirotaka Hiraki |
| 1st Author's Affiliation | The University of Tokyo (Tokyo Univ.) |
| 2nd Author's Name | Hideya Ochiai |
| 2nd Author's Affiliation | The University of Tokyo (Tokyo Univ.) |
| 3rd Author's Name | Hiroshi Esaki |
| 3rd Author's Affiliation | The University of Tokyo (Tokyo Univ.) |
| 4th Author's Name | |
| 4th Author's Affiliation | () |
| 5th Author's Name | |
| 5th Author's Affiliation | () |
| 6th Author's Name | |
| 6th Author's Affiliation | () |
| 7th Author's Name | |
| 7th Author's Affiliation | () |
| 8th Author's Name | |
| 8th Author's Affiliation | () |
| 9th Author's Name | |
| 9th Author's Affiliation | () |
| 10th Author's Name | |
| 10th Author's Affiliation | () |
| 11th Author's Name | |
| 11th Author's Affiliation | () |
| 12th Author's Name | |
| 12th Author's Affiliation | () |
| 13th Author's Name | |
| 13th Author's Affiliation | () |
| 14th Author's Name | |
| 14th Author's Affiliation | () |
| 15th Author's Name | |
| 15th Author's Affiliation | () |
| 16th Author's Name | |
| 16th Author's Affiliation | () |
| 17th Author's Name | |
| 17th Author's Affiliation | () |
| 18th Author's Name | |
| 18th Author's Affiliation | () |
| Speaker | Author-1 |
| Date Time | 2019-11-13 13:30:00 |
| Presentation Time | 25 minutes |
| Registration for | ICSS |
| Paper # | ICSS2019-60 |
| Volume (vol) | vol.119 |
| Number (no) | no.288 |
| Page | pp.1-5 |
| #Pages | 5 |
| Date of Issue | 2019-11-06 (ICSS) |
[Return to Top Page]