WEKO3
アイテム
Survey and Analysis on ATT&CK Mapping Function of Online Sandbox for Understanding and Efficient Using
https://ipsj.ixsq.nii.ac.jp/records/222828
https://ipsj.ixsq.nii.ac.jp/records/222828eb04eb38-a7d8-4106-a089-c7d15ec2c9f0
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6312004.pdf (2.6 MB)
|
Copyright (c) 2022 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2022-12-15 | |||||||||||
| タイトル | ||||||||||||
| タイトル | Survey and Analysis on ATT&CK Mapping Function of Online Sandbox for Understanding and Efficient Using | |||||||||||
| タイトル | ||||||||||||
| 言語 | en | |||||||||||
| タイトル | Survey and Analysis on ATT&CK Mapping Function of Online Sandbox for Understanding and Efficient Using | |||||||||||
| 言語 | ||||||||||||
| 言語 | eng | |||||||||||
| キーワード | ||||||||||||
| 主題Scheme | Other | |||||||||||
| 主題 | [特集:持続可能な社会のIT基盤に向けた情報セキュリティとトラスト] MITRE ATT&CK, malware, online sandbox | |||||||||||
| 資源タイプ | ||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||
| 資源タイプ | journal article | |||||||||||
| 著者所属 | ||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd./Graduate School of Natural Science and Technology, Okayama University | ||||||||||||
| 著者所属 | ||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd. | ||||||||||||
| 著者所属 | ||||||||||||
| Faculty of Natural Science and Technology, Okayama University | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd. / Graduate School of Natural Science and Technology, Okayama University | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd. | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Faculty of Natural Science and Technology, Okayama University | ||||||||||||
| 著者名 |
Shota, Fujii
× Shota, Fujii
× Rei, Yamagishi
× Toshihiro, Yamauchi
|
|||||||||||
| 著者名(英) |
Shota, Fujii
× Shota, Fujii
× Rei, Yamagishi
× Toshihiro, Yamauchi
|
|||||||||||
| 論文抄録 | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | Dynamic analysis that automatically analyzes malware has become the defacto standard for coping with the huge amount of current malware types. One analysis support is a function that maps the malware behavior to each element of the MITRE ATT&CK® Technique. This function has been adopted in many online sandboxes and contributes to the efficiency of analysis. On the other hand, this function depends on the implementation of the mapping rules, which may affect the analysis results. Therefore, we investigated the actual situation of online sandboxes that have a function for mapping to the attack technique. In this study, we analyzed a total of 26,078 malware analysis results from three online sandboxes, found that the characteristics for matching to each technique differed among the sandboxes, and clarified the ease of matching each technique. We also compared the mapping characteristics of techniques with those of static analysis-based techniques and manually written reports and showed that the mapping characteristics differed among the techniques. Furthermore, we derived best practices for utilization on the basis of each survey. We believe that these results will lead to a better understanding of online sandboxes and to more efficient malware analysis using online sandboxes. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI http://dx.doi.org/10.2197/ipsjjip.30.807 ------------------------------ |
|||||||||||
| 論文抄録(英) | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | Dynamic analysis that automatically analyzes malware has become the defacto standard for coping with the huge amount of current malware types. One analysis support is a function that maps the malware behavior to each element of the MITRE ATT&CK® Technique. This function has been adopted in many online sandboxes and contributes to the efficiency of analysis. On the other hand, this function depends on the implementation of the mapping rules, which may affect the analysis results. Therefore, we investigated the actual situation of online sandboxes that have a function for mapping to the attack technique. In this study, we analyzed a total of 26,078 malware analysis results from three online sandboxes, found that the characteristics for matching to each technique differed among the sandboxes, and clarified the ease of matching each technique. We also compared the mapping characteristics of techniques with those of static analysis-based techniques and manually written reports and showed that the mapping characteristics differed among the techniques. Furthermore, we derived best practices for utilization on the basis of each survey. We believe that these results will lead to a better understanding of online sandboxes and to more efficient malware analysis using online sandboxes. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI http://dx.doi.org/10.2197/ipsjjip.30.807 ------------------------------ |
|||||||||||
| 書誌レコードID | ||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||
| 収録物識別子 | AN00116647 | |||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 63, 号 12, 発行日 2022-12-15 |
|||||||||||
| ISSN | ||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||
| 公開者 | ||||||||||||
| 言語 | ja | |||||||||||
| 出版者 | 情報処理学会 | |||||||||||
