Title:
INFORMATION PROCESSING DEVICE, AND INFORMATION PROCESSING METHOD
Document Type and Number:
WIPO Patent Application WO/2014/185165
Kind Code:
A1
Abstract:
The present invention monitors the behavior of a malware (program), and generates, for each call to a library function by the program, identification information about the called library function, input data inputted to the library function, output data outputted from the library function, and a log indicated in correlation with a taint tag for uniquely specifying the output data. Then, by referring to the log and to a taint tag set in output data from an information processing device, the present invention traces the dependency relationship of data inputted and outputted between library functions and specifies a library function which generated the output data from the information processing device.
Inventors:
KAWAKOYA YUHEI (JP)
IWAMURA MAKOTO (JP)
HARIU TAKEO (JP)
IWAMURA MAKOTO (JP)
HARIU TAKEO (JP)
Application Number:
PCT/JP2014/058952
Publication Date:
November 20, 2014
Filing Date:
March 27, 2014
Export Citation:
Assignee:
NIPPON TELEGRAPH & TELEPHONE (JP)
International Classes:
G06F21/56
Domestic Patent References:
WO2010134325A1 | 2010-11-25 |
Foreign References:
US20110145918A1 | 2011-06-16 | |||
JP4755658B2 | 2011-08-24 |
Other References:
CLEMENS KOLBITSCH ET AL.: "Effective and Efficient Malware Detection at the End Host", 18TH USENIX SECURITY SYMPOSIUM, August 2009 (2009-08-01), XP055216530, Retrieved from the Internet [retrieved on 20140623]
See also references of EP 2988242A4
See also references of EP 2988242A4
Attorney, Agent or Firm:
SAKAI, Hiroaki et al. (JP)
Hiroaki Sakai (JP)
Hiroaki Sakai (JP)
Download PDF: