Title:
ANALYSIS FUNCTION IMPARTING DEVICE, ANALYSIS FUNCTION IMPARTING METHOD, AND ANALYSIS FUNCTION IMPARTING PROGRAM
Document Type and Number:
WIPO Patent Application WO/2020/075335
Kind Code:
A1
Abstract:
Provided is an analysis function imparting device (10) comprising an execution trace acquisition unit (121) that executes a script engine while monitoring the same and acquires an execution trace containing an API trace and a branch trace, a hook point detection unit (122) that analyzes the execution trace and detects a hook point, which is a point to which a hook is provided and an analysis code is inserted, a tap point detection unit (123) that detects a tap point, which is a memory-monitoring point that outputs a log by the analysis code on the basis of the monitoring at the hook point, and an analysis function imparting unit (124) that imparts an analysis function by providing a hook to the script engine on the basis of the hook point and the tap point.
Inventors:
USUI TOSHINORI (JP)
OTSUKI YUTO (JP)
IWAMURA MAKOTO (JP)
KAWAKOYA YUHEI (JP)
MIYOSHI JUN (JP)
OTSUKI YUTO (JP)
IWAMURA MAKOTO (JP)
KAWAKOYA YUHEI (JP)
MIYOSHI JUN (JP)
Application Number:
PCT/JP2019/020095
Publication Date:
April 16, 2020
Filing Date:
May 21, 2019
Export Citation:
Assignee:
NIPPON TELEGRAPH & TELEPHONE (JP)
International Classes:
G06F21/56
Foreign References:
| US20150199516A1 | 2015-07-16 | |||
| JP2012164098A | 2012-08-30 |
Other References:
KON, KENGO ET AL.: "A malicious code extraction method for PDF files based on DBI", COMPUTER SECURITY SYMPOSIUM 2017, vol. 2017, no. 2, 16 October 2017 (2017-10-16), pages 933 - 940, XP055702880, ISSN: 1882-0840
BUYANNEMEFU, ODOFU : "Comparison method of execution traces using 3-gram of dynamic dependent graph", IPSJ SIG SOFTWARE ENGINEERING (SE), vol. 2015-SE-187, no. 4, 5 March 2015 (2015-03-05), pages 1 - 8, XP009526895
FUJIOKA, TAIKI : "Proposal of interactive function extraction method based on the properties of object-oriented program", IPSJ SIG SOFTWARE ENGINEERING (SE), vol. 2016-SE-194, no. 2, 10 November 2016 (2016-11-10), pages 1 - 8, XP009526894, ISSN: 2188-8825
R. SHIBATAH. HADAK. YOKOYAMA: "Proc. of Computer Security Symposium", 2016, IPSJ, article "Js-Walker: An Analysis Framework for Analysts of jamming JavaScript Code Using JavaScript API hooking", pages: 951 - 957
Y. OTSUKIE. TAKIMOTOS. SAITOK. MOURI: "A system call tracing method using virtual computer monitors for malware observation", TRANSACTIONS OF INFORMATION PROCESSING SOCIETY OF JAPAN, vol. 55, no. 9, 2014, pages 2034 - 2046
Y. KAWAKOYAM. IWAMURAE. SHIOJIT. HARIU: "International Workshop on Recent Advances in Intrusion Detection", 2012, SPRINGER, article "API Chaser: Anti-analysis Resistant Malware Analyzer", pages: 274 - 293
B. DOLAN-GAVITTT. LEEKM. ZHIVICHJ. GIFFINW. LEE: "Proceedings of the IEEE Symposium on Security and Privacy (SP) 2011", 2011, IEEE, article "Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection", pages: 297 - 312
B. DOLAN-GAVITTT. LEEKJ. HODOSHW. LEE: "Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security", 2013, ACM, article "Tappan Zee (North) Bridge: Mining Memory Accesses for Introspection", pages: 839 - 850
J. LEET. AVGERINOSD. BRUMLEY: "Network and Distributed System Security Symposium", 2011, INTERNET SOCIETY, article "TIE: Principled Reverse Engineering of Types in Binary Programs"
See also references of EP 3848833A4
BUYANNEMEFU, ODOFU : "Comparison method of execution traces using 3-gram of dynamic dependent graph", IPSJ SIG SOFTWARE ENGINEERING (SE), vol. 2015-SE-187, no. 4, 5 March 2015 (2015-03-05), pages 1 - 8, XP009526895
FUJIOKA, TAIKI : "Proposal of interactive function extraction method based on the properties of object-oriented program", IPSJ SIG SOFTWARE ENGINEERING (SE), vol. 2016-SE-194, no. 2, 10 November 2016 (2016-11-10), pages 1 - 8, XP009526894, ISSN: 2188-8825
R. SHIBATAH. HADAK. YOKOYAMA: "Proc. of Computer Security Symposium", 2016, IPSJ, article "Js-Walker: An Analysis Framework for Analysts of jamming JavaScript Code Using JavaScript API hooking", pages: 951 - 957
Y. OTSUKIE. TAKIMOTOS. SAITOK. MOURI: "A system call tracing method using virtual computer monitors for malware observation", TRANSACTIONS OF INFORMATION PROCESSING SOCIETY OF JAPAN, vol. 55, no. 9, 2014, pages 2034 - 2046
Y. KAWAKOYAM. IWAMURAE. SHIOJIT. HARIU: "International Workshop on Recent Advances in Intrusion Detection", 2012, SPRINGER, article "API Chaser: Anti-analysis Resistant Malware Analyzer", pages: 274 - 293
B. DOLAN-GAVITTT. LEEKM. ZHIVICHJ. GIFFINW. LEE: "Proceedings of the IEEE Symposium on Security and Privacy (SP) 2011", 2011, IEEE, article "Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection", pages: 297 - 312
B. DOLAN-GAVITTT. LEEKJ. HODOSHW. LEE: "Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security", 2013, ACM, article "Tappan Zee (North) Bridge: Mining Memory Accesses for Introspection", pages: 839 - 850
J. LEET. AVGERINOSD. BRUMLEY: "Network and Distributed System Security Symposium", 2011, INTERNET SOCIETY, article "TIE: Principled Reverse Engineering of Types in Binary Programs"
See also references of EP 3848833A4
Attorney, Agent or Firm:
SAKAI INTERNATIONAL PATENT OFFICE (JP)
Download PDF:
Previous Patent: ELECTRIC MOTOR
Next Patent: ROTATING ELECTRICAL MACHINE AND ROTATING ELECTRICAL MACHINE SET
Next Patent: ROTATING ELECTRICAL MACHINE AND ROTATING ELECTRICAL MACHINE SET