| Presentation | 2021-01-21 Reproduction of Malware Behavior by Using Windows API Call Logs Naoya Matsuda, Youji Fukuta, Masanori Hirotomo, Yoshiaki Shiraishi, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | The authors have been developing a prototype tool to reproduce of malware behavior by using Windows API call logs so that we can verify how it interacts with other terminals and systems during an incident response. In this study, we examine the status of support for the major Win32 APIs and state restoration to revert the effects of various Win32 API calls after reproduction with the tool. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Incident response / Malicious software / Reproduction / Win32 API call logs |
| Paper # | ICM2020-47,LOIS2020-35 |
| Date of Issue | 2021-01-14 (ICM, LOIS) |
| Conference Information | |
| Committee | ICM / LOIS |
|---|---|
| Conference Date | 2021/1/21(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Practical Use of Lifelog, Office Information System, Business Management, etc. |
| Chair | Kazuhiko Kinoshita(Tokushima Univ.) / Toru Kobayashi(Nagasaki Univ.) |
| Vice Chair | Yoichi Sato(OSL) / Haruo Ooishi(NTT) / Hiroyuki Toda(NTT) |
| Secretary | Yoichi Sato(NTT) / Haruo Ooishi(Bosco) / Hiroyuki Toda(NTT) |
| Assistant | Tetsuya Uchiumi(Fujitsu Lab.) / Shigeru Fujimura(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication Management / Technical Committee on Life Intelligence and Office Information Systems |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Reproduction of Malware Behavior by Using Windows API Call Logs |
| Sub Title (in English) | Support for Major Win32 APIs and State Restoration After the Reproduction |
| Keyword(1) | Incident response |
| Keyword(2) | Malicious software |
| Keyword(3) | Reproduction |
| Keyword(4) | Win32 API call logs |
| 1st Author's Name | Naoya Matsuda |
| 1st Author's Affiliation | Kindai University(Kindai Univ.) |
| 2nd Author's Name | Youji Fukuta |
| 2nd Author's Affiliation | Kindai University(Kindai Univ.) |
| 3rd Author's Name | Masanori Hirotomo |
| 3rd Author's Affiliation | Saga University(Saga Univ.) |
| 4th Author's Name | Yoshiaki Shiraishi |
| 4th Author's Affiliation | Kobe University(Kobe Univ.) |
| Date | 2021-01-21 |
| Paper # | ICM2020-47,LOIS2020-35 |
| Volume (vol) | vol.120 |
| Number (no) | ICM-323,LOIS-324 |
| Page | pp.pp.75-80(ICM), pp.75-80(LOIS), |
| #Pages | 6 |
| Date of Issue | 2021-01-14 (ICM, LOIS) |