| Presentation | 2017-07-14 File Access Analysis of Ransomware using Dynamic Binary Instrumentation Shun Yonamine, Yuki Kadobayashi, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Malware are one of the biggest threats on the Internet as they can illegally browse, manipulate or delete user's personal data. Ransomware is a very profitable type of attacks for cyber criminals where victims data are encrypted until they accept to pay a certain amount of money to 'release' their data. Analysis of some malware show that, by monitoring the process which handles data read of the files that are targeted for encryption, they can be reversed to extract informations such as encryption keys, the data located on the physical memory or the description of encryption algorithms. In this paper, we used QEMU to analyze the data flow in runtime encryption process from whole-system approaches. We tried to estimate the entry points of the encryption algorithms by tracking the instructions that handle tainted data read from arbitrary files. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | |
| Paper # | ISEC2017-19,SITE2017-11,ICSS2017-18,EMM2017-22 |
| Date of Issue | 2017-07-07 (ISEC, SITE, ICSS, EMM) |
| Conference Information | |
| Committee | SITE / EMM / ISEC / ICSS / IPSJ-CSEC / IPSJ-SPT |
|---|---|
| Conference Date | 2017/7/14(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | Hitoshi Okada(NII) / Keiichi Iwamura(TUC) / Kazuto Ogawa(NHK) / Yoshiaki Shiraishi(Kobe Univ.) |
| Vice Chair | Tetsuya Morizumi(Kanagawa Univ.) / Masaru Ogawa(Kobe Gakuin Univ.) / Hirohisa Hioki(Kyoto Univ.) / Minoru Kuribayashi(Okayama Univ.) / Atsushi Fujioka(Kanagawa Univ.) / Shiho Moriai(NICT) / Takeshi Ueda(Mitsubishi Electric) / Hiroki Takakura(NII) |
| Secretary | Tetsuya Morizumi(Gifu Shotoku Gakuen Univ.) / Masaru Ogawa(Tokyo Univ. of the Arts) / Hirohisa Hioki(Shizuoka Univ.) / Minoru Kuribayashi(Tokyo Metropolitan Univ.) / Atsushi Fujioka(Tohoku Univ.) / Shiho Moriai(Tokai Univ.) / Takeshi Ueda(Yokohama National Univ.) / Hiroki Takakura(NTT) |
| Assistant | Akiyoshi Kabeya(Chiba Univ.) / Hisanori Kato(KDDI) / Kan Hyonho(NIT, Tokyo) / Harumi Murata(Tyukyo Univ.) / Keita Emura(NICT) / Yuichi Komano(TOSHIBA) / Yuuji Suga(IIJ) / Takahiro Kasama(NICT) / Akira Yamada(KDDI labs.) |
| Paper Information | |
| Registration To | Technical Committee on Social Implications of Technology and Information Ethics / Technical Committee on Enriched MultiMedia / Technical Committee on Information Security / Technical Committee on Information and Communication System Security / Special Interest Group on Computer Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | File Access Analysis of Ransomware using Dynamic Binary Instrumentation |
| Sub Title (in English) | |
| Keyword(1) | |
| Keyword(2) | |
| Keyword(3) | |
| 1st Author's Name | Shun Yonamine |
| 1st Author's Affiliation | Nara Institute of Science and Technology(NAIST) |
| 2nd Author's Name | Yuki Kadobayashi |
| 2nd Author's Affiliation | Nara Institute of Science and Technology(NAIST) |
| Date | 2017-07-14 |
| Paper # | ISEC2017-19,SITE2017-11,ICSS2017-18,EMM2017-22 |
| Volume (vol) | vol.117 |
| Number (no) | ISEC-125,SITE-126,ICSS-127,EMM-128 |
| Page | pp.pp.87-92(ISEC), pp.87-92(SITE), pp.87-92(ICSS), pp.87-92(EMM), |
| #Pages | 6 |
| Date of Issue | 2017-07-07 (ISEC, SITE, ICSS, EMM) |