{"created":"2023-07-25T10:25:43.934547+00:00","id":4166,"links":{},"metadata":{"_buckets":{"deposit":"e7306c9f-eab3-4d63-9ca4-be9a592e2d3e"},"_deposit":{"created_by":4,"id":"4166","owners":[4],"pid":{"revision_id":0,"type":"depid","value":"4166"},"status":"published"},"_oai":{"id":"oai:naist.repo.nii.ac.jp:00004166","sets":["34:35"]},"author_link":["8566","8567","67","37"],"item_7_alternative_title_1":{"attribute_name":"その他のタイトル","attribute_value_mlt":[{"subitem_alternative_title":"Forensics Mechanism in Kernel Land to Preserve Evidence of Malware Intruding into In-vehicle LAN","subitem_alternative_title_language":"en"}]},"item_7_biblio_info_9":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicIssueDates":{"bibliographicIssueDate":"2019-03-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"3","bibliographicPageEnd":"802","bibliographicPageStart":"791","bibliographicVolumeNumber":"60","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌","bibliographic_titleLang":"ja"}]}]},"item_7_description_7":{"attribute_name":"抄録","attribute_value_mlt":[{"subitem_description":"インターネットとつながる自動車において，カーナビ等の車載インフォテインメントシステム（IVI）へのマルウェアの侵入等による車載LANへのサイバー攻撃が問題となっている．また，マルウェアのような不正なプログラムによる事故が発生した場合，ドライバの過失によるものなのか，マルウェアの車載LANへの侵入・攻撃によるものなのかを区別する仕組みはない．不具合や事故が起こった後のデジタル・フォレンジックのためには，その原因となった事象の証拠保全を行う機構が必要となる．先行研究として，車載LAN上のストレージデバイスを用いて車載LANデータを保全するフォレンジック機構が提案されているが，車載LANデータのみ保全するため，いつ感染したのか，どのようなマルウェアなのか等を調べることができない．さらに，マルウェアから証拠保全を妨害されないといった保証もない．本研究では，IVIへ侵入するマルウェアおよび車載LANデータの証拠保全を行うフォレンジック機構を提案する．マルウェアからの耐性を高める目的として，OSカーネル上にフォレンジック機構を組み込み，マルウェアの証拠データを保全する．フォレンジック機構の評価として，車載LANへ侵入するマルウェアとしてMiraiに車載LANへDoS攻撃を行う機能を追加したマルウェアを感染させる実験を行い，その際の証拠データを分析した．実験結果から，保全された証拠データからマルウェアの攻撃時の特徴的なシステムコールや車載LANの異常なメッセージの増加，感染時にTelnet通信が頻繁に行われるといった挙動が観測でき，フォレンジック機構の有効性を確認した．また，フォレンジック機構が，アンチデバッグ等の耐解析手法に対し高い耐性があることと，車載システムにおいて十分なパフォーマンスで動作可能であることを示す． Cyber-attacks, such as the intrusion of malware on in-vehicle infotainment systems (IVI), are becoming a problem. At present, there is no mechanism to distinguish between an accident caused by a driver's negligence or an accident caused by malware infiltration into an in-vehicle LAN. A mechanism to preserve the evidence data of the accident is needed for the digital forensics following the accident. A previous study has proposed a forensic mechanism for preserving in-vehicle LAN data using storage devices, however the study failed to find out when the system was infected and what kind of malware was used. In addition, there is no guarantee that the storage device will be kept from damage, or that evidence integrity will not be disturbed by malware. In this research, we propose a forensic mechanism on the kernel land that preserves the evidence of the malware invading the in-vehicle LAN. For the purpose of enhancing the resistance to malware, a forensic mechanism was incorporated on the OS kernel and the evidence data of the malware was reserved. As an evaluation of the forensic mechanism, we conducted experiments in which an IVI, incorporating the forensic mechanism, was infected with a malware called Mirai that adds a command to DoS-attack the in-vehicle LAN, and the behavior of the evidence data at that time was observed. From the results, it was found that observation of the characteristic system call at the time of the malware attack and the abnormal message of the in-vehicle LAN from the preserved evidence data is possible. It was also observed that Telnet communication was frequent at the time of infection, therefore, the effectiveness of the forensic mechanism was confirmed. We also showed that the forensic mechanism is highly resistant to debugging and that it can operate with sufficient performance in an in-vehicle system.","subitem_description_language":"ja","subitem_description_type":"Abstract"}]},"item_7_publisher_10":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_7_rights_11":{"attribute_name":"出版者URL","attribute_value_mlt":[{"subitem_rights":"http://id.nii.ac.jp/1001/00195308/ | http://id.nii.ac.jp/1001/00195308/"}]},"item_7_rights_18":{"attribute_name":"権利","attribute_value_mlt":[{"subitem_rights":"cInformation Processing Society of Japan","subitem_rights_language":"en"},{"subitem_rights":"ここに掲載した著作物の利用に関する注意 本著作物の著作権は情報処理学会に帰属します。本著作物は著作権者である情報処理学会の許可のもとに掲載するものです。ご利用に当たっては「著作権法」ならびに「情報処理学会倫理綱領」に従うことをお願いいたします。  Notice for the use of this material The copyright of this material is retained by the Information Processing Society of Japan (IPSJ). This material is published on this web site with the agreement of the author (s) and the IPSJ. Please be complied with Copyright Law of Japan and the Code of Ethics of the IPSJ if any users wish to reproduce, make derivative work, distribute or make available to the public any part or whole thereof.  All Rights Reserved, Copyright (C) Information Processing Society of Japan.  Comments are welcome. Mail to address editj＠ipsj.or.jp, please.","subitem_rights_language":"ja"}]},"item_7_source_id_12":{"attribute_name":"EISSN/PISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_7_version_type_20":{"attribute_name":"著者版フラグ","attribute_value_mlt":[{"subitem_version_resource":"http://purl.org/coar/version/c_970fb48d4fbd8a85","subitem_version_type":"VoR"}]},"item_access_right":{"attribute_name":"アクセス権","attribute_value_mlt":[{"subitem_access_right":"open access","subitem_access_right_uri":"http://purl.org/coar/access_right/c_abf2"}]},"item_creator":{"attribute_name":"著者","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大平, 修慈","creatorNameLang":"ja"}],"nameIdentifiers":[{"nameIdentifier":"8566","nameIdentifierScheme":"WEKO"}]},{"creatorNames":[{"creatorName":"井上, 博之","creatorNameLang":"ja"}],"nameIdentifiers":[{"nameIdentifier":"8567","nameIdentifierScheme":"WEKO"}]},{"creatorNames":[{"creatorName":"新井, イスマイル","creatorNameLang":"ja"}],"nameIdentifiers":[{"nameIdentifier":"67","nameIdentifierScheme":"WEKO"},{"nameIdentifier":"60512572","nameIdentifierScheme":"e-Rad","nameIdentifierURI":"https://kaken.nii.ac.jp/ja/search/?qm=60512572"}]},{"creatorNames":[{"creatorName":"藤川, 和利","creatorNameLang":"ja"}],"nameIdentifiers":[{"nameIdentifier":"37","nameIdentifierScheme":"WEKO"},{"nameIdentifier":"30252729","nameIdentifierScheme":"e-Rad","nameIdentifierURI":"https://kaken.nii.ac.jp/ja/search/?qm=30252729"}]}]},"item_files":{"attribute_name":"ファイル情報","attribute_type":"file","attribute_value_mlt":[{"accessrole":"open_date","date":[{"dateType":"Available","dateValue":"2023-03-02"}],"displaytype":"detail","filename":"IPSJ-JNL6003009.pdf","filesize":[{"value":"1.7 MB"}],"format":"application/pdf","licensetype":"license_note","mimetype":"application/pdf","url":{"label":"fulltext","objectType":"fulltext","url":"https://naist.repo.nii.ac.jp/record/4166/files/IPSJ-JNL6003009.pdf"},"version_id":"1aa9cd13-aa67-442c-9f6a-a0bbf076dc5e"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"システムセキュリティ","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"コンピュータウィルス","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"フォレンジクス","subitem_subject_language":"ja","subitem_subject_scheme":"Other"},{"subitem_subject":"IVI","subitem_subject_language":"en","subitem_subject_scheme":"Other"},{"subitem_subject":"CAN","subitem_subject_language":"en","subitem_subject_scheme":"Other"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourcetype":"journal article","resourceuri":"http://purl.org/coar/resource_type/c_6501"}]},"item_title":"車載LANへ侵入するマルウェアの証拠保全を行うカーネル上のフォレンジック機構","item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"車載LANへ侵入するマルウェアの証拠保全を行うカーネル上のフォレンジック機構","subitem_title_language":"ja"},{"subitem_title":"シャサイ LAN ヘ シンニュウ スル マルウェア ノ ショウコ ホゼン ヲ オコナウ カーネル ジョウ ノ フォレンジック キコウ","subitem_title_language":"ja-Kana"}]},"item_type_id":"7","owner":"4","path":["35"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2019-03-22"},"publish_date":"2019-03-22","publish_status":"0","recid":"4166","relation_version_is_last":true,"title":["車載LANへ侵入するマルウェアの証拠保全を行うカーネル上のフォレンジック機構"],"weko_creator_id":"4","weko_shared_id":-1},"updated":"2023-11-29T08:29:42.079484+00:00"}